New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Form Field verification strategy still sends a link for verification #1734
Comments
From https://fusionauth.io/docs/v1/tech/core-concepts/tenants#email
However, one thing to note is that Form verification is only allowed for plans with a paid edition. You will receive a message in the UI, but it is also documented in the API docs: https://fusionauth.io/docs/v1/tech/apis/tenants
I am going to close this out because I think this is not a bug. If you try this with:
and it still fails to work, please re-open. |
@mooreds Well it does seem like a bug since I can enable this feature and it doesn't give me an error regarding my free plan or the gated unverified behavior being disabled. It just accepts the new settings but just doesn't work. Also this means that the Form Field verification strategy is also a paid feature, am I not right? Isn't it better to show a message for that as well? Because it's really confusing to have a free feature which can not be used until a specific paid feature is enabled! |
@mooreds Also I don't seem to have the ability to re-open my issue. Can you not close the issue before it's confirmed by the author or at least before some time has passed without a reply? Because now that you have closed it, no one would notice my later replies. |
Hiya @AliMirlou , sorry, I thought we had things set up so you could re-open. I just did so. That's good feedback to wait.
Yes, that is correct.
It does look like if you select 'Gated' there is an error message displayed unless you have a license. |
@mooreds Exactly. The "Unverified Behavior" shows a proper error but the "Verification Strategy" doesn't. Wouldn't it be better if it also showed an error instead of accepting the setting but ignoring it? |
@AliMirlou great point! I'll file a bug stating that we should have two new error messages:
Does that make sense to you? Once that issue is filed, would you be okay with me closing out this issue? |
@mooreds Yeah, that makes it clear. Also maybe update the documentation of "Verification Strategy" to make it clear that it's actually a paid feature? |
Not sure I understand the issue here, can you expand upon this? The error message looks correct to me. All of this looks to be working as designed. Regardless of the strategy you select, we have to send an email because that is how we perform email verification. Email templates are customizable by the user of FusionAuth. Why can't you use a verification strategy of field and a not gated config when not licensed? What happens if you configure it this way? |
@robotdan The "Form Field" verification strategy will be strangely ignored and the email will still be sent with a clickable link! |
"The process by which the user will verify their email address. Using the "Form Field" method works only when the Unverified behavior is Gated." |
If we send a link or a code is determined by the themed email template. I could make a short code clickable, or a long code clickable.
This makes sense - have we tested it to ensure this we are actually ignoring the strategy type based upon the gated config value? If so, then it sounds correct that we could change the validation behavior based upon the license type. |
@robotdan I sent a screenshot of the email template at the beginning of the issue and there, it's clear that if the variable which holds the short code is available, then it would be printed in the email instead if the clickable link. But the variable is always null. |
It looks like the issue -wether intentional or not, is that an assumption was made that form field was only usable when gating was enabled. While this is correct in some sense - it does not allow for someone to build their own form to collect the short code and complete verification. So it looks like the correct behavior will be to not assume - and if Form Field is configured, w/out gating - generate the short code (OTP) and assume that the integrator will build this form out of band and call the Verify Email or Verify Registration API directly. |
Handling via #2681. |
Form Field verification strategy still sends a link for verification
Hi,
I chose the Form Field verification strategy in tenant settings and also checked the email template to make sure it's correct but the email is still sent with a link, not a one-time code.
What could be the problem here?
I'm currently using FusionAuth 1.32.1, deployed by the helm chart. I have also checked the release notes of later versions but there were no mentions to this.
The text was updated successfully, but these errors were encountered: