strapi
strapi copied to clipboard
strapi
Confirm user when resetting password
What does it do?
Fixes #14613.
Why is it needed?
To reset your password, you need access to the email you've used to register, so resetting your password should confirm your account because you are implicitly confirming the ownership of that email address.
How to test it?
Toggle email on and off and try resetting your password with an unconfirmed account. If email confirmation is on, the user is confirmed. If email confirmation is not on, the user's confirmation status is left untouched.
PS: The reset password endpoint is now returning information about the user after it is updated, so that the confirmation status shows the proper value.
Codecov Report
All modified and coverable lines are covered by tests :white_check_mark:
Comparison is base (
5b53a6f) 58.71% compared to head (8de528d) 58.71%. Report is 9121 commits behind head on main.
Additional details and impacted files
@@ Coverage Diff @@
## main #14615 +/- ##
=======================================
Coverage 58.71% 58.71%
=======================================
Files 1321 1321
Lines 31981 31981
Branches 5956 5956
=======================================
Hits 18777 18777
Misses 11344 11344
Partials 1860 1860
| Flag | Coverage Δ | |
|---|---|---|
| front | 62.40% <ø> (ø) |
|
| unit | 50.21% <ø> (ø) |
Flags with carried forward coverage won't be shown. Click here to find out more.
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
I think we should avoid mixing the workflows 🤔 We could verify the user is confirmed and if not fail maybe. wdyt ?
Just found this again. Considering the mid term goal to rework the plugin and the next major coming I'll close this :)