search

wso2 / product-is

Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
http://wso2.github.io/
Apache License 2.0
746 stars 724 forks source link

Resend Email functionality is not working in the self registration flow. #15701

Closed DimuthuKasunWP closed 1 year ago

DimuthuKasunWP commented 1 year ago

THe resend email feature is not working in the self-registration email verification for tenants.

Screenshot 2023-04-03 at 18 31 56

This issue is in the self-registration flow for tenants. For the super tenant, this is working as expected. Seems this issue is caused because we are invoking the super tenant's "/api/identity/user/v1.0/resend-code" API even for the users in the tenant. When we use the tenanted API(/t//api/identity/user/v1.0/resend-code) the resend email is working fine.

In the authenticationendpoint/basicauth.jsp file the tenant domain is retrieving from [1] and it is returning the correct tenant name if we have entered the tenant name appended username from the UI. The Resend email is received if we enter the username which contains the tenantDomain. Eg : testuser-22@tenant1.com

Other times it is not working. Eg : testuser-22

[1]https://github.com/wso2/carbon-identity-framework/blob/v5.18.187/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint.util/src/main/java/org/wso2/carbon/identity/application/authentication/endpoint/util/AuthenticationEndpointUtil.java#L115

Product : wso2is-5.11.0

mpmadhavig commented 1 year ago

How to reproduce

  1. Create a tenant
  2. Enable self regsitration in the created tenant.
  3. Create an OIDC application in the tenant and get the client id.
  4. Goto a login page (say myaccount) and follow the create an account flow.
  5. Do not click on the verification email URL.
  6. Paste the following auth call in the broswer and replace, and with your application values.

https://localhost:9443/authenticationendpoi/login.do?client_id=T4I8EWc52TNesNJ7eSpaY1CfMKIa&commonAuthCallerPath=%2Foauth2%2Fauthorize&forceAuth=false&passiveAuth=false&redirect_uri=https%3A%2F%2Flocalhost%3A3000&response_type=code&scope=openid+address+email+profile&tenantDomain=mad.com&sessionDataKey=0f1e578f-3d39-44d6-95da-c5239b02f2ac&relyingParty=T4I8EWc52TNesNJ7eSpaY1CfMKIa&type=oidc&sp=sample&isSaaSApp=false&authenticators=BasicAuthenticator%3ALOCAL

  1. Try adding the created (but not verified) user's credentials. Type the username without tenant domain. Click login.
  2. You will get the above mentioned page with a warning saying that user account hasn't been verified. Then click on the Resend email option.