Password recovery email has userstore domain prepended to the user #22343

tharakawijekoon · 2025-01-21T19:09:23Z

Description

After the fix done for #18637, the userstore domain gets prepended to the user when the password recovery is triggered with the realm property.

Steps to Reproduce

Take an IS-5.11.0.309 server(this the update level before the fix recover-password API not working correctly when the multi attribute login feature is enabled. #18637)
Setup a tenant - tenant1.com, register a secondary userstore - SECONDARY, and add the user testuser1 to the SECONDARY userstore.
Enable notification-based password for the tenant1.com[1].
Trigger the password recovery for the user using the curl:

curl -kv --location 'https://localhost:9443/t/tenant1.com/api/identity/recovery/v0.9/recover-password' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic YWRtaW5AdGVuYW50MS5jb206YWRtaW4=' \
--data '{
    "user": {
        "username": "testuser1",
        "realm": "SECONDARY",
        "tenant-domain": "tenant1.com"
    },
    "properties": []
}'

Notice that the email sent to the user does not have the SECONDARY domain prepended to them.
Update the server to 310 to get the fix for the issue recover-password API not working correctly when the multi attribute login feature is enabled. #18637
Test the same curl again.
The mail sent to the user would contain SECONDARY/testuser1

Expected behavior:
Even when the request has the realm defined, the email sent to the user should not have the domain prepended.

The previous behavior can be maintained by removing the realm property from the request

curl -kv --location 'https://localhost:9443/t/tenant1.com/api/identity/recovery/v0.9/recover-password' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic YWRtaW5AdGVuYW50MS5jb206YWRtaW4=' \
--data '{
    "user": {
        "username": "testuser1",
        "tenant-domain": "tenant1.com"
    },
    "properties": []
}'

However this would require a change in the client side.

[1]https://is.docs.wso2.com/en/5.11.0/learn/password-recovery/#recovery-using-notifications

Version

WSO2-IS-5.11.0

Environment Details (with versions)

No response

The text was updated successfully, but these errors were encountered:

tharakawijekoon added the Type/Bug label Jan 21, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Password recovery email has userstore domain prepended to the user #22343

Password recovery email has userstore domain prepended to the user #22343

tharakawijekoon commented Jan 21, 2025 •

edited

Loading

Password recovery email has userstore domain prepended to the user #22343

Password recovery email has userstore domain prepended to the user #22343

Comments

tharakawijekoon commented Jan 21, 2025 • edited Loading

Description

Steps to Reproduce

Version

Environment Details (with versions)

tharakawijekoon commented Jan 21, 2025 •

edited

Loading