PR #92 adds email to password reset links so mobile password managers can pair resets with the existing saved credential. The behavior looks correct, but the URL construction now lives in two separate sender paths in api/src/email_service.rs.
Requested follow-up:
- extract a small helper such as
build_reset_url(base_url, token, email) and use it from both the dev sender and the SendGrid sender
- add a focused unit test that asserts special characters in
email are encoded as expected (for example test+alias@example.com -> test%2Balias%40example.com)
- optionally encode
reset_token defensively as well so a future token-format change does not silently change the URL contract
Why this matters:
- the mobile side is now depending on the exact URL shape for password-manager update behavior
- a helper + one unit test would keep the backend/mobile contract from drifting silently
Relevant code:
This is non-blocking for PR #92 but worth cleaning up for contract stability.
PR #92 adds
emailto password reset links so mobile password managers can pair resets with the existing saved credential. The behavior looks correct, but the URL construction now lives in two separate sender paths inapi/src/email_service.rs.Requested follow-up:
build_reset_url(base_url, token, email)and use it from both the dev sender and the SendGrid senderemailare encoded as expected (for exampletest+alias@example.com->test%2Balias%40example.com)reset_tokendefensively as well so a future token-format change does not silently change the URL contractWhy this matters:
Relevant code:
api/src/email_service.rsThis is non-blocking for PR #92 but worth cleaning up for contract stability.