What happened?
Description
We (admin) created a new CMS user account for our client. Username test@email.com and email test@email.com (we entered an email address as username). Then an email was being sent to the user to activate the account, which worked, and they had to create a password. After all was done, they ended up at the login screen, but logging in does not work (Invalid username/password).
We were 100% certain the password was correct, but it didn't work. So we reset the password to something simple, password successfully reset, but still, logging in didn't work: Invalid username or password. 400 error invalid credentials.
We then changed the username from 'test@email.com' to 'test', and then suddenly logging in with the username started working, while logging in with the email address still failed. At the profile of the user in the CP we then saw a message "Warning: New email addresses must be verified before taking effect."
What happened: that email address had placed a commerce order a couple of months ago, so there was already a user with that email address, but they never verified the email address, while we have Settings -> Users -> Verify email addresses set to true.
Steps to reproduce
- Place a Commerce order with test@email.com, but do not click the verify e-mail link from the email you receive
- Log-in to the CP with your admin account, and create a new user with username test@email.com, email same test@email.com, password 'testtest'
- Activate the account via the email it will receive
- Try to log in to the CP with user: test@email.com, password: testtest. It fails.
Expected behavior
Not sure how to fix it; either 1 of these 2?:
- Creating a user with email address should fail when there already is a user with the same email address? (Even though the account is Inactive?) OR:
- Clicking the new activate account link from the CP should also set the e-mail address to verified?
You will probably know better what the best solution is, without regression / conflicting issues.
Actual behavior
Trying to log in fails, possibly because it tries to login with the inactive user account, and the password won't match.
Craft CMS version
5.9.20
PHP version
8.5.3
Operating system and version
Alpine Linux
Database type and version
MariaDB 11.4.4
Image driver and version
No response
Installed plugins and versions
What happened?
Description
We (admin) created a new CMS user account for our client. Username test@email.com and email test@email.com (we entered an email address as username). Then an email was being sent to the user to activate the account, which worked, and they had to create a password. After all was done, they ended up at the login screen, but logging in does not work (Invalid username/password).
We were 100% certain the password was correct, but it didn't work. So we reset the password to something simple, password successfully reset, but still, logging in didn't work: Invalid username or password. 400 error invalid credentials.
We then changed the username from 'test@email.com' to 'test', and then suddenly logging in with the username started working, while logging in with the email address still failed. At the profile of the user in the CP we then saw a message "Warning: New email addresses must be verified before taking effect."
What happened: that email address had placed a commerce order a couple of months ago, so there was already a user with that email address, but they never verified the email address, while we have Settings -> Users -> Verify email addresses set to true.
Steps to reproduce
Expected behavior
Not sure how to fix it; either 1 of these 2?:
You will probably know better what the best solution is, without regression / conflicting issues.
Actual behavior
Trying to log in fails, possibly because it tries to login with the inactive user account, and the password won't match.
Craft CMS version
5.9.20
PHP version
8.5.3
Operating system and version
Alpine Linux
Database type and version
MariaDB 11.4.4
Image driver and version
No response
Installed plugins and versions