3.5.2: new user email verification error when clicking on verification link w/token

[cschweda]

Bug report

Describe the bug

New user signs up, receives email verification message, clicks on link, and Strapi returns error.

This is a new user, new email.

Steps to reproduce the behavior

• New user signs in
• Receives email verification with token.
• Clicks on email verification link and receives the following message:

{"statusCode":400,"error":"Bad Request","message":"token.invalid"}

Expected behavior

The verification link should reroute to a success page.

System

• Node.js version: v10.16.0
• NPM version: 6.9.0
• Strapi version: 3.5.2
• Database: SQLite
• Operating system: Ubuntu 18.04

Additional context

Not sure if this has anything to do with the error, but I noticed that (a) even though Strapi returns an error and doesn't reroute to success page -- the new user is, in fact, verified and (b) the 'block user' boolean switch in the user entry in the Strapi backend is blank -- neither true nor false. I'm wondering if this, somehow, is the cause of the error?

I'm using SQLite, and up until moving from 3.4.4 to 3.5.2 the other day -- the user verification process has always worked. Never returned an error for a new user verification with a valid token.

I reverted back to 3.4.4 -- same SQLite database -- and re-ran the verification process (making sure the user is new and the email is new) and the verification email link works fine. It reroutes to the front-end success page. User is verified in the backend, and the 'block user' switch is set to off (as it should be).

[derrickmehaffy]

This issue has been mentioned on Strapi Community Forum. There might be relevant details there:

https://forum.strapi.io/t/email-confirmation-invalid-token-in-production/10317/3

[cschweda]

The error mentioned in the forum is identical to mine.

I updated a few days ago to 3.6.7 -- but the error persists.

[derrickmehaffy]

The error mentioned in the forum is identical to mine.

I updated a few days ago to 3.6.7 -- but the error persists.

That response isn't actually me, it's a bot that automatically links forum threads to github issues 🙈

[cschweda]

Got it.

But the error is there.

It persists.

If you want a real-time example -- in a production environment -- please contact me.

I'll be happy to demo on our intranet.

[derrickmehaffy]

Got it.

But the error is there.

It persists.

If you want a real-time example -- in a production environment -- please contact me.

I'll be happy to demo on our intranet.

Strapi version: 3.5.2

Can you please try upgrading to the latest version v3.6.8

[cschweda]

Yep. Will do. I'll report back in 48-72 hours.

Thank you!!

Chris

[cschweda]

Yes!

It now works.

Register as a brand new user, wait for email confirmation, click on link in email confirmation --and I'm routed to the proper 'Success' page.

I updated 3.6.1 -> 3.6.8.

I checked the recent changelogs on the releases -- but didn't see anything directly related to this. Do you know what the issue was?

EDIT:

I did notice that the 'Blocked' switch on the user is blank -- neither false nor true.

Should this default to 'OFF' for a successfully registered user? (The 'CONFIRMED' switch is, however, set properly to 'ON')

[derrickmehaffy]

Yes!

It now works.

Register as a brand new user, wait for email confirmation, click on link in email confirmation --and I'm routed to the proper 'Success' page.

I updated 3.6.1 -> 3.6.8.

I checked the recent changelogs on the releases -- but didn't see anything directly related to this. Do you know what the issue was?

EDIT:

I did notice that the 'Blocked' switch on the user is blank -- neither false nor true.

Should this default to 'OFF' for a successfully registered user? (The 'CONFIRMED' switch is, however, set properly to 'ON')

Not sure on source but we had numerous issues that we couldn't validate the root cause of in v3.5.x Going to set this as closed since it's already considered "fixed"

The blocked boolean being null or false doesn't matter as they are treated the same.