Login Email Address Appears in the Password Reset URL

This topic applies to

Applies to

SuiteCommerce Advanced | Elbrus


This patch adds a method named sendPasswordRetrievalEmail2(), included in Kilimanjaro and later implementations of SuiteCommerce Advanced. Located in the Commerce API, sendPasswordRetrievalEmail2() generates a password reset email message. For added security, the original login email address for the customer does not appear in the password reset URL generated by this method. Other ecommerce solutions commonly use this secure solution.

To implement this patch, you extend JavaScript functions in the Account and LoginRegister modules and override the login_register_reset_password.tpl template file. For an example of the changes needed for this patch, see EmailAddressPasswordResetURL.zip.

This method replaces the sendPasswordRetrievalEmail() method. However, the deprecated sendPasswordRetrievalEmail() method will continue to operate without change.


Before proceeding, familiarize yourself with Best Practices for Customizing SuiteCommerce Advanced. The following sections show how to Extend JavaScript to implement the patch.

Step 1: Create and Copy the Required Files

Create the custom directories used by the custom module that you create for the patch, extend the functions in the Account.Model.js and LoginRegister.ResetPassword.View.js JavaScript files, and override the login_register_reset_password.tpl template file.

This section shows how to create custom modules that use the JavaScript prototype object to extend the functions that require a code change for the patch.

  1. If you have not done so already, create a directory to store your custom modules, for example, create Modules/extensions.

  2. Open this directory and create the following subdirectories to maintain your customizations.

    Give this directory a name similar to the module being customized. For example, create the following directories:



  3. In the AccountExtension@X.X.X directory, create a SuiteScript subdirectory. In the SuiteScript subdirectory, create a JavaScript file.

    To follow best practices, name the JavaScript file Account.Model.Extension.js.

  4. Open this file and extend the forgotPassword method as shown in the following code snippet:

    define( 'Account.Model.Extension' , [ 'SC.Model' , 'Application' , 'Models.Init' , 'underscore' ] , function ( SCModel , Application , ModelsInit , _ ) { 'use strict'; _.extend(AccountModelExtension.prototype, { forgotPassword: function (email) { try { // this API method throws an exception if the email doesn't exist // 'The supplied email has not been registered as a customer at our Web store.' ModelsInit.session.sendPasswordRetrievalEmail2(email); } catch (e) { var error = Application.processError(e); // if the customer failed to log in previously // the password retrieval email is sent but an error is thrown if (error.errorCode !== 'ERR_WS_CUSTOMER_LOGIN') { throw e; } } return { success: true }; } }); });
  5. In the LoginRegisterExtension@X.X.X directory, create a JavaScript subdirectory. In the JavaScript subdirectory, create a JavaScript file named LoginRegister.ResetPassword.View.Extension.js.

  6. Open this file and extend the function name method as shown in the following code snippet:

    define('LoginRegister.ResetPassword.View.Extension' , [ 'SC.Configuration' , 'Account.ResetPassword.Model' , 'Backbone.FormView' , 'Backbone' , 'underscore' ] , function ( Configuration , AccountResetPasswordModel , BackboneFormView , Backbone , _ ) { 'use strict'; _.extend(LoginRegisterResetPasswordViewExtension.prototype, { initialize: function () { this.model = new AccountResetPasswordModel(); this.model.set('params', {'cb':_.parseUrlOptions(location.search).cb}); this.model.on('save', _.bind(this.showSuccess, this)); BackboneFormView.add(this); } }); });
  7. In the LoginRegisterExtension@X.X.X directory, create a Templates subdirectory. Copy the Modules/suitecommerce/LoginRegister@2.3.0/Templates/login_register_reset_password.tpl template file into the Templates directory.

  8. Open login_register_reset_password.tpl and make the following change.

    Replace this HTML:

    <p class="login-register-reset-password-description"> {{translate 'Enter a new password below for <b>$(0)</b>' email}} </p>

    With this HTML:

    <p class="login-register-reset-password-description"> {{translate 'Enter a new password below'}} </p>

Step 2. Prepare the Developer Tools for Your Overrides

  1. Create the ns.package.json file for the AccountExtension@X.X.X directory. Add the following code to ns.package.json in the Modules/extensions/Account@X.X.X directory:

    { "gulp": { "ssp-libraries": "SuiteScript/*.js" }, }
  2. Create the ns.package.json file for the LoginRegisterExtension@X.X.X directory. Add the following code to ns.package.json in the Modules/extensions/LoginRegister@X.X.X directory:

    { "gulp": { "javascript": "JavaScript/*.js" "templates": [ "JavaScript/*.js" ] }, "overrides": { "suitecommerce/LoginRegister@X.X.X/Templates/login_register_reset_password.tpl" : Templates/login_register_reset_password.tpl }
  3. In distro.json, add your custom modules to the modules object.

    This ensures that the Gulp tasks include your extension when you deploy.  In this example, the extension modules are added at the beginning of the list of modules. However, you can add the modules anywhere in the modules object. The order of precedence in this list does not matter.

    { "name": "SuiteCommerce Advanced Elbrus", "version": "2.0", "buildToolsVersion": "1.3.0", "folders": { "modules": "Modules", "suitecommerceModules": "Modules/suitecommerce", "extensionsModules": "Modules/extensions", "thirdPartyModules": "Modules/third_parties", "distribution": "LocalDistribution", "deploy": "DeployDistribution" }, "modules": { "extensions/AccountExtension": "X.X.X", "extensions/LoginRegisterExtension": "X.X.X", ...

Step 3. Test and Deploy Your Override

  1. Test your source code customizations on a local server (see SCA on a Local Server) or deploy them to your NetSuite account (see Deploy to NetSuite).

    Since this customization modifies a file that is stored as an SSP library, changes are not immediately visible in your local environment. You must first deploy your custom module directly to NetSuite. See Deploy to NetSuite for more information.

  2. Confirm your results.

Related Topics