sending unlock account email if account is locked #261
-
|
is there a way to send an unlock account email if the account is locked? I tried this locked_out? do
send_unlock_account_email
endbut I get an email with an empty key (key?=id_) RodauthMailer.unlock_account(
self.class.configuration_name,
account_id,
unlock_account_key_value, # I tried to replace it with get_unlock_account_key and generate_unlock_account_key
) .deliver_laterthe unlock email doesn't work, and I get 403 Forbidden. I started a discussion in Rodauth and was asked to move it here as I am using Rodauth-rails. here is what I tried from there: # The email I get from this works
after_account_lockout { send_unlock_account_email }
# I get an email but the key is not valid as it doesn't unlock the account and I get a 403
locked_out? do
locked = super()
if locked
@unlock_account_key_value = get_unlock_account_key
send_unlock_account_email
end
locked
endthis is my RodauthMailer class RodauthMailer < ApplicationMailer
def unlock_account(name, account_id, key)
@email_link = email_link_key(name, :unlock_account, account_id, key)
@account = find_account(name, account_id)
mail to: @account.email, subject: rodauth(name).unlock_account_email_subject
end
private
def email_link_key(name, action, account_id, key)
instance = rodauth(name)
instance.instance_variable_set(:@account, { id: account_id })
instance.instance_variable_set(:"@#{action}_key_value", key)
instance.public_send(:"#{action}_email_link")
end
end |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 2 replies
-
|
Could you try to comment out the mailer integration in your Rodauth configuration, and see if you get the same error? I want to narrow down whether the issue is with the mailer or vanilla Rodauth. |
Beta Was this translation helpful? Give feedback.
-
|
when commenting out the mailer integration the generated key works fine so the issue is with the mailer. is there something I am doing wrong in my mailer? I want to note that everything else works account invite, reset password... I updated the mailer to this def email_link_key(name, action, account_id, key)
instance = rodauth(name)
instance.instance_variable_set(:@account, { id: account_id })
instance.instance_variable_set(:"@#{action}_key_value", key)
instance.public_send(:"#{action}_email_link").split("?key=").last
endas I am using a different URL in the frontend (the backend works as an API) |
Beta Was this translation helpful? Give feedback.
-
|
I wasn't able to reproduce. Here is a self-contained example that uses Rodauth directly, but imitates the mailer configuration. The output shows that the token in the email link generated by the email is identical to the one Rodauth generates naturally. Examplerequire "roda"
require "sequel"
require "mail"
require "capybara"
require "logger"
Mail.defaults { delivery_method :test }
DB = Sequel.sqlite
DB.create_table :accounts do
primary_key :id
String :status_id, null: false, default: 1
String :email, null: false
String :password_hash
end
DB.create_table :account_login_failures do
foreign_key :id, :accounts, primary_key: true
Integer :number, null: false, default: 1
end
DB.create_table :account_lockouts do
foreign_key :id, :accounts, primary_key: true
String :key, null: false
DateTime :deadline, null: false
DateTime :email_last_sent
end
class RodauthMailer
def self.unlock_account(account_id, key)
p email_link_key(:unlock_account, account_id, key)
end
private
def self.email_link_key(action, account_id, key, &block)
instance = RodauthApp.new({ "HTTP_HOST" => "example.com", "HTTPS" => "on" }).rodauth
instance.instance_variable_set(:@account, { id: account_id })
instance.instance_variable_set(:"@#{action}_key_value", key)
instance.public_send(:"#{action}_email_link")
end
end
class RodauthApp < Roda
plugin :render, layout: false
plugin :sessions, secret: "a" * 64
plugin :rodauth do
enable :create_account, :login, :lockout
account_password_hash_column :password_hash
set_deadline_values? true
create_account_autologin? false
max_invalid_logins 1
after_account_lockout { send_unlock_account_email }
create_unlock_account_email do
RodauthMailer.unlock_account(account_id, unlock_account_key_value)
super()
end
locked_out? do
locked = super()
if locked && !unlock_account_email_recently_sent?
@unlock_account_key_value = get_unlock_account_key
set_unlock_account_email_last_sent
send_unlock_account_email
end
locked
end
end
route do |r|
r.rodauth
r.root { "Home" }
end
end
DB.logger = Logger.new($stdout)
session = Capybara::Session.new(:rack_test, RodauthApp)
session.visit "/create-account"
session.fill_in "Login", with: "[email protected]"
session.fill_in "Confirm Login", with: "[email protected]"
session.fill_in "Password", with: "secret123"
session.fill_in "Confirm Password", with: "secret123"
session.click_on "Create Account"
session.visit "/login"
session.fill_in "Login", with: "[email protected]"
session.fill_in "Password", with: "invalid"
session.click_on "Login"
session.visit "/login"
session.fill_in "Login", with: "[email protected]"
session.fill_in "Password", with: "invalid"
session.click_on "Login"
pp Mail::TestMailer.deliveries.map { |email| email.body.to_s[URI.regexp] }
# unlock_link = Mail::TestMailer.deliveries.last.body.to_s[/\/unlock-account\S+/]
# session.visit unlock_link
# session.click_on "Unlock Account"Any chance you can reproduce it or see what the difference in tokens is? Are you sure you're getting set_error_reason do |reason|
json_response[:error_reason] = reason
endBTW, rodauth-rails should respect |
Beta Was this translation helpful? Give feedback.
-
|
I am not sure what I changed, but when I tried to debug it again it just worked, thank you so much for your time and patience. |
Beta Was this translation helpful? Give feedback.
I wasn't able to reproduce. Here is a self-contained example that uses Rodauth directly, but imitates the mailer configuration. The output shows that the token in the email link generated by the email is identical to the one Rodauth generates naturally.
Example