UserServiceCEImpl excerpts
File: /C:/Users/moabd/OneDrive/Documents/New project/appsmith-src/app/server/appsmith-server/src/main/java/com/appsmith/server/services/ce/UserServiceCEImpl.java

113:    @Value("${APPSMITH_BASE_URL:}")
114:    private String appsmithBaseUrl;
122:     *   <li>If APPSMITH_BASE_URL is configured, validates that the provided URL matches it</li>
123:     *   <li>If APPSMITH_BASE_URL is not configured, uses the provided URL (backward compatibility)</li>
132:    protected Mono<String> resolveSecureBaseUrl(String providedBaseUrl) {
133:        // If APPSMITH_BASE_URL is not configured, use provided URL for backwards compatibility
134:        if (!StringUtils.hasText(appsmithBaseUrl)) {
135:            return Mono.just(providedBaseUrl);
136:        }
138:        // If APPSMITH_BASE_URL is configured, validate that Origin header matches it
139:        if (!appsmithBaseUrl.equals(providedBaseUrl)) {
140:            return Mono.error(new AppsmithException(
141:                    AppsmithError.GENERIC_BAD_REQUEST,
142:                    "Origin header does not match APPSMITH_BASE_URL configuration."));
145:        return Mono.just(appsmithBaseUrl);

223:        if (resetUserPasswordDTO.getBaseUrl() == null
224:                || resetUserPasswordDTO.getBaseUrl().isBlank()) {
225:            return Mono.error(new AppsmithException(AppsmithError.INVALID_PARAMETER, FieldName.ORIGIN));
229:        return resolveSecureBaseUrl(resetUserPasswordDTO.getBaseUrl()).flatMap(secureBaseUrl -> {
230:            // Use the resolved secure base URL instead of the client-provided one
231:            resetUserPasswordDTO.setBaseUrl(secureBaseUrl);
282:                    String resetUrl = String.format(
283:                            FORGOT_PASSWORD_CLIENT_URL_FORMAT,
284:                            resetUserPasswordDTO.getBaseUrl(),
285:                            EncryptionHelper.encrypt(urlParams));
289:                    return emailService.sendForgotPasswordEmail(email, resetUrl, resetUserPasswordDTO.getBaseUrl());

856:        if (resendEmailVerificationDTO.getBaseUrl() == null
857:                || resendEmailVerificationDTO.getBaseUrl().isBlank()) {
858:            return Mono.error(new AppsmithException(AppsmithError.INVALID_PARAMETER, FieldName.ORIGIN));
862:        return resolveSecureBaseUrl(resendEmailVerificationDTO.getBaseUrl()).flatMap(secureBaseUrl -> {
863:            // Use the resolved secure base URL instead of the client-provided one
864:            resendEmailVerificationDTO.setBaseUrl(secureBaseUrl);
891:                    return instanceVariablesHelper.isEmailVerificationEnabled().flatMap(emailVerificationEnabled -> {
893:                        if (!TRUE.equals(emailVerificationEnabled)) {
894:                            return Mono.error(new AppsmithException(AppsmithError.EMAIL_VERIFICATION_NOT_ENABLED));
927:                    String redirectUrlCopy = redirectUrl;
928:                    if (redirectUrlCopy == null) {
929:                        redirectUrlCopy = String.format("%s/applications", resendEmailVerificationDTO.getBaseUrl());
930:                    }
931:                    String verificationUrl = String.format(
932:                            EMAIL_VERIFICATION_CLIENT_URL_FORMAT,
933:                            resendEmailVerificationDTO.getBaseUrl(),
934:                            EncryptionHelper.encrypt(urlParams),
935:                            URLEncoder.encode(emailVerificationToken.getEmail(), StandardCharsets.UTF_8),
936:                            emailVerificationToken.getOrganizationId(),
937:                            redirectUrlCopy);
939:                    return emailService.sendEmailVerificationEmail(
940:                            user, verificationUrl, resendEmailVerificationDTO.getBaseUrl());
