No email verification if user created without an email
-
Hi,
Don't know if I'm doing something wrong or if there is a reason for this but I've come across a possible issue.
I have my tenant setup to verify email and verify email on change. If I create a user with no email through the API i.e.
POST api/user { "sendSetPasswordEmail": false, "user": { "password": "pass", "username": "uniqueName" } }Then update the users email email:
PATCH api/user/{id} { "user": { "email": "me@example.com" } }The response comes back showing the user as verified (and no email is received):
{ "user": { "active": true, ... "verified": true } }If I repeat the process but insert an email on the initial post then the subsequent PATCH triggers the email and sets
verifiedto false.This is a flow that we would find extremely useful in our sign-up process as we do not expect users to set-up their email before we create their identity in fusion.
Let me know if there is a workaround for this or whether I should raise a bug report.
Many thanks,
Eddie
-
I do have a workaround. If I update the user twice when there is no current email (first time with a random address and the second time with the intended address) then the user reaches the desired state and the verification email is sent.
-
You can also use
PUT /api/user/verify-email(docs) to send verification email. Anyway, looks like a candidate for a bug report. -
I agree with @mgetka , sure looks like a bug to me. Please file an issue at your convenience.
-
Thanks for reporting, we have recreated the issue. It will be tracked and solved under this issue. https://github.com/FusionAuth/fusionauth-issues/issues/749
