Recovery flow: email address stays filled in the code field

Question

Recovery flow: email address stays filled in the code field

hyperknot opened this issue 2 years ago · 5 comments

Preflight checklist

I could not find a solution in the existing issues, docs, nor discussions.
I agree to follow this project's Code of Conduct.
I have read and am following this repository's Contribution Guidelines.
This issue affects my Ory Cloud project.
I have joined the Ory Community Slack.
I am signed up to the Ory Security Patch Newsletter.

Describe the bug

After sending the email in the recovery flow, the email stays filled in the UI, in the code field.

I think people would be quite confused about this, not realising that they need to delete the email address first and then copy-paste the code.

Reproducing the bug

Run the next.js example, do the recovery.

Version

master

Answer 1 · 2023-02-12T20:15:57.000Z

I got this problem too.

Answer 2 · 2023-10-03T19:05:20.000Z

Any updates on the pull requests?

Answer 3 · 2023-10-10T16:00:29.000Z

I cannot reproduce this anymore, is this already fixed on the latest version? I used the next.js SPA example and recovery just worked as expected.

Answer 4 · 2023-10-10T16:03:20.000Z

I think this might be related to when you use the returned payload from recovery to populate the fields. I've updated the examples to avoid this and re-fetch the flow data a while back.

85cc979#diff-88bbaecc97b612f9578a168dd4f2749e93c0844283f8c4f58736dc880a2b1e1f

Answer 5 · 2023-10-10T16:04:24.000Z

Checking on a customer's deployed UI that has the issue, it appears that the same ID is used for the input field, which makes react not re-render the field and keeps the wrong content. I guess we can easily fix this by constructing a unique ID.
Or rather react key, which gets translated to the key.