When user is logged out, email ":email confirmed" always returns "no"

Need help Database
1

Hey everyone!

I am facing a problem with a “Reset password” flow. When a user wants to reset the password of their account, I want to check if their email has been verified or not. If it’s not verified, I will send a “magic link” to simulate a verify email flow where they can follow the link in their inbox and verify their email using the new manual email token/verify system

THE PROBLEM:

Before the user is logged in, I perform a “Do a search for Users” and check if the email that they provide in an input corresponds to a user. If it does, I want to check and see if the email is verified. The problem is that no matter if the email is verified or not the email’s confirmed always returns “no”. If manually login as the user, well, I can see if it returns “yes” … once I log out, it returns no again.

It seems to do with a “Privacy” issue but the problem is that by the nature that the person is trying to reset their password, they are not logged in!

Does anyone know a way of doing this?

IMPORTANT:

I absolutely do not want to create a new field in the user and manually manage “Is Verified” with a yes/ no. That is a band-aid solution to a much bigger problem.

Thanks!

2

You could do the “Do a search for Users” in a backend workflow which ignores privacy rules. Then return the yes/no by using the api connector to call your own endpoint.

1 Like
3

Tried it. Been waiting for a response from the server for 30 seconds… maybe I am doing something wrong

Screenshot from 2023-03-13 17-16-29
Screenshot from 2023-03-13 17-16-293840×2160 489 KB

4

Update:

Getting error 562 from the server even with privacy rules ignored. 562 corresponds to:

562

HTTP response: 562 Credential Error

Description: Unable to encrypt or decrypt NTLM credentials.

Possible solution: Check if the credentials are correct and if so, contact support.

User may encounter standard HTTP status responses when attempting to access or use an application. This table describes some of these responses.

5

Looks like they really don’t like bringing email confirmed to the client side… looks like I will have to send the reset link from the server :confused:

6

Have you tried to activate “This workflow can be run without authorization” for the api endpoint?

1 Like
7

Yes I have!