Closed natalian98 closed 2 weeks ago
natalian98
commented
3 weeks ago There is a case that @edlerd is looking at: If you are logged in and have a kratos session, you should be able to change your password without the need of going through recovery, but rn going directly to localhost:4455/ui/reset_password redirects to http://localhost:4455/ui/ which doesn't exist.
edlerd
commented
3 weeks ago There is a case that @edlerd is looking at: If you are logged in and have a kratos session, you should be able to change your password without the need of going through recovery, but rn going directly to localhost:4455/ui/reset_password redirects to http://localhost:4455/ui/ which doesn't exist.
This has been handled.
edlerd
commented
3 weeks ago In case no text or an invalid email is entered, the POST api/kratos/self-service/recovery responds with the text content 400 Bad Request. As this is displayed to the user, it would be nice to have a better error message in this case.
shipperizer
commented
2 weeks ago couple of small commit message nudges:
wip commit needs to become a feat or fix shipperizer
commented
2 weeks ago @natalian98 do a rebase and then it's mergeable
Testing
Go to localhost:4455/ui/reset_email:
The link to reset password is also added to the login screen:
Enter a valid email. I use
test@example.combecause that's the only imported identity in kratos. Get the recovery code from mailslurper at localhost:4436.Once a valid code is submitted, a kratos session is created. The recovery flow redirects to password change screen and starts a settings flow:
If you have an application that is a client of hydra, you will be automatically logged into it if opened in the same browser session as the completed recovery flow. If you start a new browser session you can verify that the credential was updated.