Verify user email with password reset rule

Get Help
,
1

Hi,
I was considering using this rule to cut out a step in my user creation flow. It works as intended the first time user is created, but I think it can create problems with later email verification if the email associated with the user is changed.

  1. User is created, password is reset (so last_password_reset is set)

  2. Suppose the user updates his email after creation (email_verified = false, email is changed)

  3. Email verification ticket/email is sent

  4. User ignores the email from step 2 and logs in
    → Rule marks the email as verified (since last_password_reset is set and email_verified is false) but it it not

If I am correct, I am looking for a simple way to fix this or at least this case should be cited in the documentation.

3

Hi there @bragma, I apologize for the delay in response!

I’m not sure if you’re still battling this question or not but I wanted to let you know that after verifying with our support team a temporary workaround is if you run a comparison between the username and user email and if they no longer match then you can redirect a custom error page where you could force the user to update.

While this may be a temporary work around, I will reach out to the author to see if we can get this updated at the document level as well. Thanks!