From 184cbd6770fad3920dc206eb89b330281c19d76a Mon Sep 17 00:00:00 2001
From: Arun Kumar <147901612+Arunkoo@users.noreply.github.com>
Date: Mon, 8 Jun 2026 10:01:26 +0530
Subject: [PATCH] fix: guard missing password reset token and fix broken reset
 link URL (#2928)

---
 packages/lib/server-only/auth/send-forgot-password.ts | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/packages/lib/server-only/auth/send-forgot-password.ts b/packages/lib/server-only/auth/send-forgot-password.ts
index b97ef1b35..c29d92b54 100644
--- a/packages/lib/server-only/auth/send-forgot-password.ts
+++ b/packages/lib/server-only/auth/send-forgot-password.ts
@@ -32,9 +32,12 @@ export const sendForgotPassword = async ({ userId }: SendForgotPasswordOptions)
     throw new Error('User not found');
   }
 
-  const token = user.passwordResetTokens[0].token;
+  const token = user.passwordResetTokens[0]?.token;
+  if (!token) {
+    throw new Error('Password reset token not found for user');
+  }
   const assetBaseUrl = NEXT_PUBLIC_WEBAPP_URL() || 'http://localhost:3000';
-  const resetPasswordLink = `${NEXT_PUBLIC_WEBAPP_URL()}/reset-password/${token}`;
+  const resetPasswordLink = `${assetBaseUrl}/reset-password/${token}`;
 
   const template = createElement(ForgotPasswordTemplate, {
     assetBaseUrl,