From ed28e8fe551556c9210533ebc5564846fca4be22 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timoth=C3=A9e=20Jaussoin?=
 <timothee.jaussoin@belledonne-communications.com>
Date: Mon, 13 Oct 2025 14:31:48 +0200
Subject: [PATCH] Fix FLEXIAPI-401 Use a Space scoped reset password URL

---
 flexiapi/app/Account.php                             | 12 ++++++++++++
 .../resources/views/mails/reset_password.blade.php   |  2 +-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/flexiapi/app/Account.php b/flexiapi/app/Account.php
index bdc637f..e193c2b 100644
--- a/flexiapi/app/Account.php
+++ b/flexiapi/app/Account.php
@@ -276,6 +276,18 @@ class Account extends Authenticatable
         return $this->hasMany(AuthToken::class);
     }
 
+    /**
+     * Reset password
+     */
+
+    public function getCurrentResetPasswordUrlAttribute(): string
+    {
+        return replaceHost(
+            route('account.reset_password_email.change', $this->currentResetPasswordEmailToken->token),
+            $this->space->host
+        );
+    }
+
     public function currentResetPasswordEmailToken()
     {
         return $this->hasOne(ResetPasswordEmailToken::class)->where('used', false)->latestOfMany();
diff --git a/flexiapi/resources/views/mails/reset_password.blade.php b/flexiapi/resources/views/mails/reset_password.blade.php
index b9bc4f4..2087cb9 100644
--- a/flexiapi/resources/views/mails/reset_password.blade.php
+++ b/flexiapi/resources/views/mails/reset_password.blade.php
@@ -9,7 +9,7 @@
 
 {{ __('Click the button below to choose a new password:') }}
 
-[{{ __('Reset my password') }}]({{ route('account.reset_password_email.change', $account->currentResetPasswordEmailToken->token) }})
+[{{ __('Reset my password') }}]({{ $account->currentResetPasswordUrl }})
 
 {{ __('This link will expire in :hour hours.', ['hour' => config('app.reset_password_email_token_expiration_minutes')/60 ]) }}