The act of resetting a password should automatically mark a user as "verified"

[burggraf]

Scenario: The user signs up and never receives a confirmation email. The user clicks on "forgot password" and gets a password reset link, click it, and changes their password. At this point they are still "unverified", though I would argue that ARE verified since they received an email at the given address and clicked on it to verify the address is valid.

This would be the solution to "I didn't get a verification email" -- answer: "just reset your password."

[ganigeorgiev]

It makes sense, I'll consider it for the next release.

[burggraf]

I figured I could hack it with:
onRecordAfterConfirmPasswordResetRequest
but that doesn't seem to be firing when I click to reset my password, or maybe I'm misunderstanding that hook?

[ganigeorgiev]

The onRecordAfterConfirmPasswordResetRequest will be fired after the user clicks on the email link and successfully resets their password.

To avoid resaving the record, you can use its before hook, something like:

onRecordBeforeConfirmPasswordResetRequest((e) => {
    if (e.record) {
        e.record.setVerified(true); // this will be saved only if the password reset is successful
    }
})

[burggraf]

I just never see that trigger firing for some reason.

[burggraf]

Never mind, my mistake. Environment isn't set up right.

[burggraf]

Yep, that works. Hooks rock.

[ganigeorgiev]

This is implemented in the develop branch and will be available with the next v0.21.0 release (there are no ETAs yet).