Verify user email with password reset rule

I was considering using this rule to cut out a step in my user creation flow. It works as intended the first time user is created, but I think it can create problems with later email verification if the email associated with the user is changed.

  1. User is created, password is reset (so last_password_reset is set)

  2. Suppose the user updates his email after creation (email_verified = false, email is changed)

  3. Email verification ticket/email is sent

  4. User ignores the email from step 2 and logs in
    → Rule marks the email as verified (since last_password_reset is set and email_verified is false) but it it not

If I am correct, I am looking for a simple way to fix this or at least this case should be cited in the documentation.

1 Like

Hi there @bragma, I apologize for the delay in response!

I’m not sure if you’re still battling this question or not but I wanted to let you know that after verifying with our support team a temporary workaround is if you run a comparison between the username and user email and if they no longer match then you can redirect a custom error page where you could force the user to update.

While this may be a temporary work around, I will reach out to the author to see if we can get this updated at the document level as well. Thanks!

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.