fusionauth-site icon indicating copy to clipboard operation
fusionauth-site copied to clipboard
verified publisher icon FusionAuth

Sample email/theme templates missing `postMethod` variables

Open spwitt opened this issue 2 years ago • 1 comments

Email templates

The sample email templates provided in FusionAuth's Email Variables documentation do not contain the postMethod query string parameters.

These parameters are used in emailed links to prevent link checkers from consuming the one-time codes to complete actions like passwordless login and email verification.

The sample templates should be reviewed and the parameter added to prevent link checkers from causing issues with these user workflows.

The following email templates should set postMethod=true in the query string:

  • Email verification
  • Registration verification
  • Passwordless login

Theme templates

The Theme Template Variables doc should also include documentation of these parameters for the templates. Only the Email verification template includes documentation on the postMethod parameter, but it does not give information on how it is used.

The following theme templates should document the postMethod variable:

  • Email verification (expand on use)
  • Verify registration
  • OAuth passwordless

spwitt avatar Oct 12 '23 13:10 spwitt

I would also suggest having all of these templates be included from site/docs/src/email/ (or wherever includes move to from the migration) as files. That way they can easily be synced up in the future.

mooreds avatar Oct 12 '23 14:10 mooreds