Login Email Address Appears in the Password Reset URL
This patch adds a method named sendPasswordRetrievalEmail2()
, included in Kilimanjaro and later implementations of SuiteCommerce Advanced. Located in the Commerce API, sendPasswordRetrievalEmail2()
generates a password reset email message. For added security, the original login email address for the customer does not appear in the password reset URL generated by this method. Other ecommerce solutions commonly use this secure solution.
To implement this patch, you extend JavaScript functions in the Account
and LoginRegister
modules and override the login_register_reset_password.tpl
template file. For an example of the changes needed for this patch, see EmailAddressPasswordResetURL.zip.
This method replaces the sendPasswordRetrievalEmail()
method. However, the deprecated sendPasswordRetrievalEmail()
method will continue to operate without change.
Before proceeding, familiarize yourself with Best Practices for Customizing SCA. The following sections show how to Extend JavaScript to implement the patch.
To implement this patch, follow each step to extend the functions in the Account.Model.js
and LoginRegister.ResetPassword.View.js
files, and override the login_register_reset_password.tpl
template file.
Step 1: Create and Copy the Required Files
-
To extend the functions that require a code change for this patch, create a directory to store your custom modules, for example, create
Modules/extensions
. -
Open this directory and create the following subdirectories to maintain your customizations.
Give this directory a name similar to the module being customized. For example, create the following directories:
Modules/extensions/AccountExtension@1.0.0
Modules/extensions/LoginRegisterExtension@1.0.0
-
In the
AccountExtension@X.X.X
directory, create aSuiteScript
subdirectory. In theSuiteScript
subdirectory, create a JavaScript file.To follow best practices, name the JavaScript file
Account.Model.Extension.js
. -
Open this file and extend the
forgotPassword
method as shown in the following code snippet:define( 'Account.Model.Extension' , [ 'SC.Model' , 'Application' , 'Models.Init' , 'underscore' ] , function ( SCModel , Application , ModelsInit , _ ) { 'use strict'; _.extend(AccountModelExtension.prototype, { forgotPassword: function (email) { try { // this API method throws an exception if the email doesn't exist // 'The supplied email has not been registered as a customer at our Web store.' ModelsInit.session.sendPasswordRetrievalEmail2(email); } catch (e) { var error = Application.processError(e); // if the customer failed to log in previously // the password retrieval email is sent but an error is thrown if (error.errorCode !== 'ERR_WS_CUSTOMER_LOGIN') { throw e; } } return { success: true }; } }); });
-
In the
LoginRegisterExtension@X.X.X
directory, create aJavaScript
subdirectory. In theJavaScript
subdirectory, create a JavaScript file namedLoginRegister.ResetPassword.View.Extension.js
. -
Open this file and extend the
function name
method as shown in the following code snippet:define('LoginRegister.ResetPassword.View.Extension' , [ 'SC.Configuration' , 'Account.ResetPassword.Model' , 'Backbone.FormView' , 'Backbone' , 'underscore' ] , function ( Configuration , AccountResetPasswordModel , BackboneFormView , Backbone , _ ) { 'use strict'; _.extend(LoginRegisterResetPasswordViewExtension.prototype, { initialize: function () { this.model = new AccountResetPasswordModel(); this.model.set('params', {'cb':_.parseUrlOptions(location.search).cb}); this.model.on('save', _.bind(this.showSuccess, this)); BackboneFormView.add(this); } }); });
-
In the
LoginRegisterExtension@X.X.X
directory, create aTemplates
subdirectory. Copy theModules/suitecommerce/LoginRegister@2.3.0/Templates/login_register_reset_password.tpl
template file into theTemplates
directory. -
Open
login_register_reset_password.tpl
and make the following change.Replace this HTML:
<p class="login-register-reset-password-description"> {{translate 'Enter a new password below for <b>$(0)</b>' email}} </p>
With this HTML:
<p class="login-register-reset-password-description"> {{translate 'Enter a new password below'}} </p>
Step 2. Prepare the Developer Tools for Your Overrides
-
Create the
ns.package.json
file for theAccountExtension@X.X.X
directory. Add the following code tons.package.json
in theModules/extensions/Account@X.X.X
directory:{ "gulp": { "ssp-libraries": "SuiteScript/*.js" }, }
-
Create the
ns.package.json
file for theLoginRegisterExtension@X.X.X
directory. Add the following code tons.package.json
in theModules/extensions/LoginRegister@X.X.X
directory:{ "gulp": { "javascript": "JavaScript/*.js" "templates": [ "JavaScript/*.js" ] }, "overrides": { "suitecommerce/LoginRegister@X.X.X/Templates/login_register_reset_password.tpl" : Templates/login_register_reset_password.tpl }
-
In
distro.json
, add your custom modules to themodules
object.This ensures that the Gulp tasks include your extension when you deploy. In this example, the extension
modules
are added at the beginning of the list of modules. However, you can add the modules anywhere in themodules
object. The order of precedence in this list does not matter.{ "name": "SuiteCommerce Advanced Elbrus", "version": "2.0", "buildToolsVersion": "1.3.0", "folders": { "modules": "Modules", "suitecommerceModules": "Modules/suitecommerce", "extensionsModules": "Modules/extensions", "thirdPartyModules": "Modules/third_parties", "distribution": "LocalDistribution", "deploy": "DeployDistribution" }, "modules": { "extensions/AccountExtension": "X.X.X", "extensions/LoginRegisterExtension": "X.X.X", ...
Step 3. Test and Deploy Your Override
-
Test your source code customizations on a local server (see Test SCA Customizations on a Local Server) or deploy them to your NetSuite account (see Deploy SCA Customizations to NetSuite).
Since this customization modifies a file that is stored as an SSP library, changes are not immediately visible in your local environment. You must first deploy your custom module directly to NetSuite. See Deploy SCA Customizations to NetSuite for more information.
-
Confirm your results.