Missing encodeURIComponent in resetPassword 302 link #6277
Description
Issue Description
If I try to reset password on a user with email : "[email protected]", the redirect 302 link location is not encoded. Then in Express when I try to retrieve parameter from URL in success page I have "console.log(query.username) "email [email protected]."
Steps to reproduce
Create new User with following email [email protected]
Call http://localhost:1337/api/requestPasswordReset with json body {
{
"email" : "[email protected]"
}
Click on the reset link in email
Fill the form
Expected Results
After the new password filled, I should be redirected to
http://localhost:1337/password/updated?username=email%[email protected]
Actual Outcome
I am redirect to
http://localhost:1337/password/[email protected]
Environment Setup
-
Server
- parse-server version (Be specific! Don't say 'latest'.) : 3.9.0
- Operating System: MacOs 10.14.6
- Hardware: MacBook Pro
- Localhost or remote server? (AWS, Heroku, Azure, Digital Ocean, etc): Localhost
-
Database
- MongoDB version: 3.6
- Storage engine: WiredTiger
- Hardware: MacBrook Pro
- Localhost or remote server? (AWS, mLab, ObjectRocket, Digital Ocean, etc): localhost