Disabled users get token while signup

Question

Disabled users get token while signup

Closed this issue 3 months ago · 3 comments

While signing up with NEW_USER_DISABLED flag set to true, response is sent with a valid token.
While EMAIL_VERIFIED flag is honoured during the same, DISABLED flag is not.

However, when the user tries to re-login, a token does not get generated.

Similar to the handling of Email Verified flag, if Disabled flag is set, token should not be sent in response.

Answer 1 · 2023-12-16T06:18:11.000Z

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

Answer 2 · 2023-12-18T09:51:21.000Z

Hello @im-what-im,
apologies for the late response. I just tried replicating this issue and I am afraid I couldn't. I started hasura-auth with:

AUTH_DISABLE_NEW_USERS: "true"

and then ran signed up a user:

$ curl -H "Content-Type: application/json" -X POST -d '{"email": "asdd@asd.com", "password": "asd234sadqeA"}' https://local.auth.nhost.run/v1/signup/email-password
{"session":null,"mfa":null}

As you can see there is no session coming back. Would you mind providing step by step instructions to reproduce?

Thanks!

Answer 3 · 2024-06-15T13:33:18.000Z

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.