Email Change and Password Update Issue

General HivePress
1

Issue Summary:

When a user attempts to change their email address and password simultaneously through the profile settings, the new email address requires verification. However, if the user fails to verify the new email, they are unable to log in using either the new or old email address. The old email and the new password combination partially work but prompt a message requiring email activation.

Steps to Reproduce:

  1. Register a new user with the email abc@test.com and verify the email.
  2. Log in to the portal with the verified email (abc@test.com).
  3. Navigate to Profile -> Settings.
  4. Change the email address to 123@test.com.
  5. Enter the current password to authorize the email change.
  6. During this process, also change the password to a new one.
  7. Save the changes.
  8. Observe the notification stating that the details have been saved and a confirmation email has been sent to 123@test.com.
  9. Do not verify the new email address.
  10. Attempt to log in using the new email (123@test.com) and the new password.
  11. If the new email fails, try logging in with the old email (abc@test.com) and the new password.

Actual Result:

  • When updating the message says that the details are saved or updated. It does not give a message that the user must activate his new email id.
  • So the next time when the user is back, he unable to log in with the new email (123@test.com). The system reports that the user does not exist when trying to use “Forgot Password.”
  • Logging in with the old email (abc@test.com) and the new password results in a message stating, “Please check your email to activate your account.”
  • The user is effectively locked out of their account if the new email is not verified.

Expected Result:

  • The user should be able to log in with the old email (abc@test.com) and the new password until the new email (123@test.com) is verified.
  • Alternatively, the system should allow the user to log in with the new email (123@test.com) and the new password even if the new email is not yet verified, with limited access (e.g., prompting to verify the email).
  • The “Forgot Password” function should recognize both the old and new email addresses during this transition period.

Additional Notes:

  • This issue could result in a user being permanently locked out of their account if they fail to verify the new email and are unaware of how to revert the change.
  • Consider implementing a fallback mechanism that allows users to revert to the old email or access their account with the old email during the verification process.
4

Hi,

Thanks for reporting this, the bug is confirmed and we’ll fix it as soon as possible.

5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.