Skip to content

[Password Reset Email Template Ignores {{domainUrl}} Variable in CloudStack 4.22] #12050

New issue
New issue
Open
#12078
Open
[Password Reset Email Template Ignores {{domainUrl}} Variable in CloudStack 4.22]#12050
#12078
Assignees
sureshanaparti
Labels
type:bug
Milestone
4.22.1
@nimbustech-lab

Description

@nimbustech-lab
nimbustech-lab
opened on Nov 12, 2025

problem

When configuring password reset email templates in CloudStack 4.22, the variable {{domainUrl}} or {{{domainUrl}}} is ignored during email generation.
The reset link in the email only contains a relative path (e.g., /client/#/user/resetPassword?...) instead of a complete URL (https://cloudstack.example.com/client/#/user/resetPassword?...).

This causes broken links when users click “Reset Password” from the email, as the base domain is missing.

versions

General Information:

  • CloudStack version: 4.22.0 (upgraded from 4.21.0)
  • Operating System: Ubuntu Server 24.04 LTS
  • Java version: OpenJDK 17.0.16

Deployment Setup:

  • Number of Management Server(s): 2 (1 Active + 1 Stopped)
  • CloudStack DB Server(s): 2 MySQL DB (1 Primary + 1 Replica)
  • Hypervisor: VMware ESXi (version 7.0 Update 3)
  • vCenter Version: vSphere Client version 7.0.3.00000
  • ESXi Hosts: 2
  • SMTP Server: Microsoft Office 365 (smtp.office365.com, port 587)

The steps to reproduce the bug

  1. Find the global configuration called "User password reset mail domain url" and put in the relevant domain name.
  2. Find another global configuration called "User password reset mail template" and you can choose to either edit or use the default email template to test SMTP.
  3. Once configured both, you need to wait for 30 seconds then try to request a password reset on the landing / login page.
  4. Once the email comes in, it will show the message you've written with the broken password reset link. It will not have the {{{domainUrl}}} called into the email / message template. Only resetLink, token will be called succesfully into the email / message.
    ...

What to do about it?

The variable {{{domainUrl}}} defined in Global Settings → user.password.reset.mail.domain.url should be properly parsed and included in the email body when rendering the reset link.

Currently, the email template engine ignores the {{{domainUrl}}} placeholder entirely, resulting in an incomplete reset link that starts only from client/#/user/resetPassword?....

To fix this:

  1. Ensure that the domainUrl variable is fetched and passed correctly to the email rendering context (e.g., in UserPasswordResetManagerImpl.java).
  2. Verify that both domainUrl and resetLink variables are available to the Mustache template at render time.
  3. Consider adding a validation check to confirm that domainUrl is not null or empty before sending the email.
  4. (Optional) Update the documentation to clarify how user.password.reset.mail.domain.url interacts with the reset link template variables.

This would ensure the password reset email renders correctly as:
https://cloudstack.example.com/client/#/user/resetPassword?username=user&token=xxxx

Metadata

Metadata

Assignees

Labels

type:bug

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions