feat: Send reset password recordId as query parameter

This is a revert of a previous change
but is now possible due to the use of JSON bodies.
This does mean JavaScript is required in the HTML page,
but that will be required for future changes anyway.

src/identity/interaction/email-password/handler/ForgotPasswordHandler.ts

@@ -68,7 +68,8 @@ export class ForgotPasswordHandler extends InteractionHandler {
    */
   private async sendResetMail(recordId: string, email: string): Promise<void> {
     this.logger.info(`Sending password reset to ${email}`);
-    const resetLink = joinUrl(this.baseUrl, this.idpPath, `resetpassword/${recordId}`);
+    // `joinUrl` strips trailing slash when query parameter gets added
+    const resetLink = `${joinUrl(this.baseUrl, this.idpPath, 'resetpassword/')}?rid=${recordId}`;
     const renderedEmail = await this.templateEngine.render({ resetLink });
     await this.emailSender.handleSafe({
       recipient: email,

src/identity/interaction/email-password/handler/ResetPasswordHandler.ts

@@ -21,10 +21,8 @@ export class ResetPasswordHandler extends InteractionHandler {
   }
 
   public async handle({ operation }: InteractionHandlerInput): Promise<InteractionResponseResult> {
-    // Extract record ID from request URL
-    const recordId = /\/([^/]+)$/u.exec(operation.target.path)?.[1];
     // Validate input data
-    const { password, confirmPassword } = await readJsonStream(operation.body.data);
+    const { password, confirmPassword, recordId } = await readJsonStream(operation.body.data);
     assert(
       typeof recordId === 'string' && recordId.length > 0,
       'Invalid request. Open the link from your email again',