Before the update to Drupal 10, we were using the simple_html_mail module, and had to switch to the symfony_mailer module since the former is no longer maintained.
The customers reported that they couldn't use the "Password forgotten" feature anymore, as the link they recieved is not valid:
This is the text as seen in the email:
<a href="http://10.0.0.107:10501/user/reset/6139/1707234465/8Q2sf1WdhTOJs-0elC5f…;
this is the html behind this:
<a href="<a href="http://10.0.0.107:10501/user/reset/6139/1707234465/8Q2sf1WdhTOJs-0elC5fHgbcWgRcemLOiiz56KZ8_EM">http://10.0.0.107:10501/user/reset/6139/1707234465/8Q2sf1WdhTOJs-0elC5fHgbcWgRcemLOiiz56KZ8_EM</a><br/><br/&gt">http://10.0.0.107:10501/user/reset/6139/1707234465/8Q2sf1WdhTOJs-0elC5f…</a>;
The expected behaviour should be this:
The text as seen in the email:
http://10.0.0.107:10501/user/reset/6156/1707298374/VhTohKaT_6qmfpltMkU6…
this is the html behind this:
<a href="http://10.0.0.107:10501/user/reset/6156/1707298374/VhTohKaT_6qmfpltMkU6AJkkLEiFa6qI28WUgkDSABo">http://10.0.0.107:10501/user/reset/6156/1707298374/VhTohKaT_6qmfpltMkU6…</a>
I found a fix for this behaviour at line 785 of user.module file:
BEFORE
$message['subject'] .= PlainTextOutput::renderFromHtml($token_service->replace($mail_config->get($key . '.subject'), $variables, $token_options));
$message['body'][] = $token_service->replace($mail_config->get($key . '.body'), $variables, $token_options);
AFTER
$message['subject'] .= PlainTextOutput::renderFromHtml($token_service->replace($mail_config->get($key . '.subject'), $variables, $token_options));
$message['body'][] = PlainTextOutput::renderFromHtml($token_service->replace($mail_config->get($key . '.body'), $variables, $token_options));
And so I created a patch that applies this change and linked it to this issue.