Changing webhook_url affects password reset url

hsimm · February 26, 2025, 1:03pm

Hi, I’m trying to achieve the following webhook setup:

https://app.mydomain.com/randomstring/webhook
https://app.mydomain.com/randomstring/webhook-test

In my config:
WEBHOOK_URL=https://${SUBDOMAIN}.${DOMAIN_NAME}/randomstring/

I have a workflow listening to the webhook, and it is working when data is received.

However, I realized that the password reset url now includes the randomstring in the url
https://app.mydomain.com/**randomstring**/change-password?token=randomtokenstring&mfaEnabled=true

It seems like WEBHOOK_URL affects the entire password reset url.
When I login, I’m able to access it through https://app.mydomain.com

How do I go about fixing this so that the password reset url is
https://app.mydomain.com/change-password?token=randomtokenstring&mfaEnabled=true
while keeping prefix randomstring for webhooks

https://app.mydomain.com/randomstring/webhook
https://app.mydomain.com/randomstring/webhook-test

Information on your n8n setup

n8n version: 1.80.3
Database (default: SQLite):
n8n EXECUTIONS_PROCESS setting (default: own, main):
Running n8n via (Docker, npm, n8n cloud, desktop app): docker
Operating system:

Ventsislav_Minev · February 26, 2025, 2:05pm

Hi!
As far as i know this parameter should only be affecting webhook urls.
It sounds like your password reset endpoint is an n8n webhook itself or the application that generates the URL is configured to use the n8n WEBHOOK_URL parameter.

Do you know how exactly your reset passwords URLs are generated/configured? Maybe reviewing that setup would help.

Cheers!

o_O-Jonas · March 31, 2025, 9:00pm

I had the same issue and tracked it down to this:

	generatePasswordResetUrl(user: User) {
		const instanceBaseUrl = this.urlService.getInstanceBaseUrl();
		const url = new URL(`${instanceBaseUrl}/change-password`);

		url.searchParams.append('token', this.generatePasswordResetToken(user));
		url.searchParams.append('mfaEnabled', user.mfaEnabled.toString());

		return url.toString();
	}
...
	/** Return the n8n instance base URL without trailing slash */
	getInstanceBaseUrl(): string {
		const n8nBaseUrl = this.trimQuotes(config.getEnv('editorBaseUrl')) || this.getWebhookBaseUrl();

		return n8nBaseUrl.endsWith('/') ? n8nBaseUrl.slice(0, n8nBaseUrl.length - 1) : n8nBaseUrl;
	}

The solution is to set the environment variable N8N_EDITOR_BASE_URL to the URL where your frontend is reachable (e.g. copy from browser):

    main:
      extraEnvVars:
        N8N_EDITOR_BASE_URL: "https://n8n.yourdomain.tld"

Then the password reset links generated from the user-triggered password reset workflow will work.

system · June 29, 2025, 9:01pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.