fusionauth-issues icon indicating copy to clipboard operation
fusionauth-issues copied to clipboard

Published 20 hours ago verified publisher icon FusionAuth

Allow Forgot Password API usage when email template disabled

Open epbensimpson opened this issue 2 years ago • 2 comments

Allow Forgot Password API usage when email template disabled

Description

It's not intuitive that the /api/user/forgot-password is completely disabled (i.e. always returns 403) when there is no email template configured for Forgot password. If I set sendForgotPasswordEmail to false, I shouldn't need to have an email template configured.

Is this a question about how to use FusionAuth? Please consider posting on the FusionAuth forum instead.

Community guidelines

All issues filed in this repository must abide by the FusionAuth community guidelines.

epbensimpson avatar May 27 '22 00:05 epbensimpson

Thanks @epbensimpson for the request.

To clarify your request, you asking for a behavior change such that:

When you call the Forgot Password API /api/user/forgot-password with sendForgotPasswordEmail: false(which means you do not want FusionAuth to send an email) - an email template is not required to be configured.

Today: Regardless of the value of sendForgotPasswordEmail on the API, if tenant.emailConfiguration.forgotPasswordEmailTemplateId is not configured, 403 is returned.

Ideal: Unless sendForgotPasswordEmail is set to true, or calling w/out an API key which forces sendForgotPasswordEmail to be equal to true, the tenant.emailConfiguration.forgotPasswordEmailTemplateId is optional, and should not cause 403 to be returned.

Tagging as bug and enhancement - unclear if this status code is the intended behavior even when sendForgotPasswordEmail is set to false, or if this is just an oversight. If an oversight, this is a bug.

robotdan avatar May 27 '22 03:05 robotdan

Thanks Dan, it did feel like this was intentional based on the "feature disabled" option instead of plain "no template" in the template config, hence filing it as a feature request rather than a bug :)

epbensimpson avatar May 29 '22 22:05 epbensimpson

Internal

  • https://github.com/FusionAuth/fusionauth-app/pull/160

spwitt avatar Dec 08 '22 16:12 spwitt

Hey, I'm facing this problem, when can I expect this problem to be solved? Thanks!

angelotessaro avatar Dec 15 '22 00:12 angelotessaro

Hi @angelotessaro ,

It looks like this is marked 'done' and is slated for the 1.43.0 release. We don't have a firm date for that release, but the current version is 1.42, so that will be the next release.

You can look at the 1..43 milestone to see what other issues are slated for that release; that should give you some idea when it will be released (as they all progress towards 'Done'). It looks like 1.43.0 has a lot of issues included.

Here's our general roadmap guidance: https://fusionauth.io/docs/v1/tech/core-concepts/roadmap

Hope that helps!

mooreds avatar Dec 15 '22 03:12 mooreds

Internal

  • https://github.com/FusionAuth/fusionauth-app/pull/160
  • https://github.com/FusionAuth/fusionauth-site/pull/1773

robotdan avatar Jan 30 '23 16:01 robotdan

Doc task completed. Closing issue.

spwitt avatar Feb 17 '23 18:02 spwitt