Fix url in password reset email

client/src/main/java/org/apache/cloudstack/ServerDaemon.java

@@ -76,9 +76,7 @@ public class ServerDaemon implements Daemon {
     private static final String SESSION_TIMEOUT = "session.timeout";
     private static final String HTTP_ENABLE = "http.enable";
     private static final String HTTP_PORT = "http.port";
-    private static final String HTTPS_ENABLE = "https.enable";
     private static final String HTTPS_PORT = "https.port";
-    private static final String KEYSTORE_FILE = "https.keystore";
     private static final String KEYSTORE_PASSWORD = "https.keystore.password";
     private static final String WEBAPP_DIR = "webapp.dir";
     private static final String ACCESS_LOG = "access.log";
@@ -142,9 +140,9 @@ public void init(final DaemonContext context) {
             setContextPath(properties.getProperty(CONTEXT_PATH, "/client"));
             setHttpEnable(Boolean.valueOf(properties.getProperty(HTTP_ENABLE, "true")));
             setHttpPort(Integer.valueOf(properties.getProperty(HTTP_PORT, "8080")));
-            setHttpsEnable(Boolean.valueOf(properties.getProperty(HTTPS_ENABLE, "false")));
+            setHttpsEnable(Boolean.valueOf(properties.getProperty(ServerProperties.HTTPS_ENABLE, "false")));
             setHttpsPort(Integer.valueOf(properties.getProperty(HTTPS_PORT, "8443")));
-            setKeystoreFile(properties.getProperty(KEYSTORE_FILE));
+            setKeystoreFile(properties.getProperty(ServerProperties.KEYSTORE_FILE));
             setKeystorePassword(properties.getProperty(KEYSTORE_PASSWORD));
             setWebAppLocation(properties.getProperty(WEBAPP_DIR));
             setAccessLogFile(properties.getProperty(ACCESS_LOG, "access.log"));

server/src/main/java/org/apache/cloudstack/user/UserPasswordResetManager.java

@@ -78,7 +78,9 @@ public interface UserPasswordResetManager {
 
     ConfigKey<String> UserPasswordResetDomainURL = new ConfigKey<>(ConfigKey.CATEGORY_ADVANCED,
             String.class, "user.password.reset.mail.domain.url", null,
-            "Domain URL for reset password links sent to the user via email", true,
+            "Domain URL (along with http:// or https:// as applicable) for reset password links sent to the user via email. " +
+                    "If this is not set, CloudStack would determine the domain url based on the first management server from 'host' setting " +
+                    "and http scheme based on the https.enabled flag from server.properties file in the management server.", true,
             ConfigKey.Scope.Global);
 
     void setResetTokenAndSend(UserAccount userAccount);

server/src/main/java/org/apache/cloudstack/user/UserPasswordResetManagerImpl.java

@@ -23,6 +23,7 @@
 import com.cloud.user.dao.UserDao;
 import com.cloud.utils.StringUtils;
 import com.cloud.utils.component.ManagerBase;
+import com.cloud.utils.server.ServerProperties;
 import com.github.mustachejava.DefaultMustacheFactory;
 import com.github.mustachejava.Mustache;
 import com.github.mustachejava.MustacheFactory;
@@ -48,6 +49,7 @@
 import java.util.Set;
 import java.util.UUID;
 
+import static org.apache.cloudstack.config.ApiServiceConfiguration.ManagementServerAddresses;
 import static org.apache.cloudstack.resourcedetail.UserDetailVO.PasswordResetToken;
 import static org.apache.cloudstack.resourcedetail.UserDetailVO.PasswordResetTokenExpiryDate;
 
@@ -68,7 +70,7 @@ public class UserPasswordResetManagerImpl extends ManagerBase implements UserPas
             new ConfigKey<>(ConfigKey.CATEGORY_ADVANCED, String.class,
             "user.password.reset.mail.template", "Hello {{username}}!\n" +
             "You have requested to reset your password. Please click the following link to reset your password:\n" +
-            "{{{domainUrl}}}{{{resetLink}}}\n" +
+            "{{{resetLink}}}\n" +
             "If you did not request a password reset, please ignore this email.\n" +
             "\n" +
             "Regards,\n" +
@@ -179,10 +181,21 @@ public void setResetTokenAndSend(UserAccount userAccount) {
         final String email = userAccount.getEmail();
         final String username = userAccount.getUsername();
         final String subject = "Password Reset Request";
-        final String domainUrl = UserPasswordResetDomainURL.value();
+        String domainUrl = UserPasswordResetDomainURL.value();
+        if (StringUtils.isBlank(domainUrl)) {
+            domainUrl = ManagementServerAddresses.value().split(",")[0];
+        }
+        domainUrl = domainUrl.replaceAll("/+$", "");
 
-        String resetLink = String.format("/client/#/user/resetPassword?username=%s&token=%s",
-                username, resetToken);
+        if (!domainUrl.startsWith("http://") && !domainUrl.startsWith("https://")) {
+            if (ServerProperties.isHttpsEnabled()) {
+                domainUrl = "https://" + domainUrl;
+            } else {
+                domainUrl = "http://" + domainUrl;
+            }
+        }
+        String resetLink = String.format("%s/client/#/user/resetPassword?username=%s&token=%s",
+                domainUrl, username, resetToken);
         String content = getMessageBody(userAccount, resetToken, resetLink);
 
         SMTPMailProperties mailProperties = new SMTPMailProperties();

utils/src/main/java/com/cloud/utils/server/ServerProperties.java

@@ -16,21 +16,28 @@
 // under the License.
 package com.cloud.utils.server;
 
+import com.cloud.utils.PropertiesUtil;
 import com.cloud.utils.crypt.EncryptionSecretKeyChecker;
+import com.cloud.utils.StringUtils;
 import org.apache.commons.io.IOUtils;
 import org.apache.logging.log4j.Logger;
 import org.apache.logging.log4j.LogManager;
 
+import java.io.File;
+import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.util.Properties;
 
 public class ServerProperties {
     protected Logger logger = LogManager.getLogger(getClass());
 
+    public static final String HTTPS_ENABLE = "https.enable";
+    public static final String KEYSTORE_FILE = "https.keystore";
+    public static final String PASSWORD_ENCRYPTION_TYPE = "password.encryption.type";
+
     private static Properties properties = new Properties();
     private static boolean loaded = false;
-    public static final String passwordEncryptionType = "password.encryption.type";
 
     public synchronized static Properties getServerProperties(InputStream inputStream) {
         if (!loaded) {
@@ -39,7 +46,7 @@ public synchronized static Properties getServerProperties(InputStream inputStrea
                 serverProps.load(inputStream);
 
                 EncryptionSecretKeyChecker checker = new EncryptionSecretKeyChecker();
-                checker.check(serverProps, passwordEncryptionType);
+                checker.check(serverProps, PASSWORD_ENCRYPTION_TYPE);
 
                 if (EncryptionSecretKeyChecker.useEncryption()) {
                     EncryptionSecretKeyChecker.decryptAnyProperties(serverProps);
@@ -56,4 +63,25 @@ public synchronized static Properties getServerProperties(InputStream inputStrea
 
         return properties;
     }
+
+    public static boolean isHttpsEnabled() {
+        final File confFile = PropertiesUtil.findConfigFile("server.properties");
+        if (confFile == null) {
+            return false;
+        }
+
+        try {
+            InputStream is = new FileInputStream(confFile);
+            final Properties properties = ServerProperties.getServerProperties(is);
+            if (properties == null) {
+                return false;
+            }
+
+            boolean httpsEnable = Boolean.parseBoolean(properties.getProperty(HTTPS_ENABLE, "false"));
+            String keystoreFile = properties.getProperty(KEYSTORE_FILE);
+            return httpsEnable && StringUtils.isNotEmpty(keystoreFile) && new File(keystoreFile).exists();
+        } catch (final IOException e) {
+            return false;
+        }
+    }
 }