Error: SuperTokens core threw an error for a PUT request to path: '/recipe/user' with status code: 500 and message: Internal Error

[sayhicoelho]

I can't change the user's password using the ThirdPartyEmailPassword recipe.

I'm trying to run this piece of code taken from the docs:

The response is:

Frontend code:

Backend code:

Docs:
https://supertokens.com/docs/thirdpartyemailpassword/common-customizations/change-password#step-2-validate-and-update-the-users-password

[rishabhpoddar]

Hi.

• What are the error logs on the core when you call this API?
• Did you manually delete entries in the emailpassword_users or the all_auth_users table?

[sayhicoelho]

@rishabhpoddar Hi. The only logs I have are the ones I uploaded in the issue. I don't know how to get logs you're requesting. Also, I haven't manually deleted any entries in the database.

[rishabhpoddar]

You can get the logs by seeing the docker logs output of the core process. If you are not using docker for the core, then you can find it in the logs folder in the installation directory.

Finally, if you are using our managed service, then you can join our discord and message me (my handle is rp) your email and i can have a look.

[rishabhpoddar]

We have identified the issue - we will release a new version of the core shortly.

[rishabhpoddar]

This has been fixed in core version >= 4.4.2

If you are using docker, then the docker tag is 4.4, be sure to delete the older docker image and pull it again.

[sayhicoelho]

@rishabhpoddar I'm using the managed service. How can I use the updated version of supertokens-core? I tried to run the password change but got the same error.

[rishabhpoddar]

Should be working fine now @sayhicoelho - please try again.

[sayhicoelho]

Thanks @rishabhpoddar ! It worked, but the response is empty.

The else if (response.data.status === "OK") is never reached.

Also, the password strength validation is not working. I can easily change my password to something like secret.

[rishabhpoddar]

So the frontend should call your backend API to change the password. The backend API would then call the core. Therefore, the frontend should check for the response based on what your backend API sends. Based on the screenshot above, you do res.end() on the backend after succesful change in password, you do not send a JSON response - therefore the frontend won't get it.

About the password strength, that's a check that's done on the backend sdk level in the APIs that we expose via the middleware. So since you are making your own API here, you need to check the password strength yourself before calling the updateEmailOrPassword function