ok i don't know if it is a simple or tough question but i have no clue to resolve it
what i am doing is converting an email-id:currenttime:date:mobile to base64 and sending that token to that email (token is used for forgetting password).
now in email(gmail) say it is showing like this
abc.com/restyourpass/bGFrc2htaS5kZXZpQGdlbmllZG9jLmNvbToxNDY5NTkzODMwNTA0OjgzNzM5MDAzMTY=
when user click on the link sent to the email, gmail or any other email provider
reads this url ->
abc.com/restyourpass/bGFrc2htaS5kZXZpQGdlbmllZG9jLmNvbToxNDY5NTkzODMwNTA0OjgzNzM5MDAzMTY (except "=" at the last)
now in gmail or any other email provider they are not able to read "=" at the last of the token, how can i solve this situation?
Related
How can we validate if the given email in reset credentials form is a valid email, not to check if he's a registered user but to validate if the email format is right.
How can we handle this?
I tried adding username validation in flows of authentication for reset credentials, it validates the email as expected but when the email format is wrong it takes me to different page and throws below error.
{"error":"invalid_grant","error_description":"Invalid user credentials"}
But I want to handle it in the same page with custom error messages.
Any solutions to this?
I am using Cognito in my service and I want to enable my service to change email address.
In my frontend, I added code like this.
const email = 'foo#example.com'; // input
const user = await Auth.currentAuthenticatedUser();
await Auth.updateUserAttributes(user, { email });
I found this updateUserAttributes not only send verification email, but also change email address and set Email verified false before verification success.
When a user send wrong email address, I think, the user will no longer login, because the user cannot access to verification code and login old email.
Is there functions like rollback old email address in Cognito?
After some digging, I found the related issue
I found this updateUserAttributes not only send verification email, but also change email address and set Email verified false before verification success.
Unfortunately, this is Cognito side problem, and now there is no way to solve it fundamentally.
In the issue, Can-Sahin approach may help you.
Try to send a sample of an email and receive a notice that the Marketo send test failed.
There are two token-related reasons that Send Sample may fail:
You may have an invalid value for a token in your email. If there is an incorrect token value, the send sample will not work.
Example: If you have the token for first name written like this {{lead.FirstName:default=Hello}}, when you try to approve the email Marketo will let you know that the token value is incorrect. The correct token value is {{lead.First Name:default=Hello}}. For this example if you change the token value to {{lead.First Name:default=Hello}}, Marketo will allow you to approve the email and it will allow you to do a send sample.
You may have a token in the From or Reply-To line that is not populating with an email address
Example: If you have a token in the Reply-To like this one, {{lead.Email Address:default=edit me}}, then the Send Sample using the default will have "edit me" in the Reply-To, which is not an email address. Marketo cannot send an email without a Reply-To email address, so the Send Sample will fail.
If any of the above does not apply, run the following tests and provide the information to Marketo Support
Clone the email in question and test to send as a sample
Create a new email and test to send as a sample
Send the email via a live campaign or a single flow step to a test lead
Absolutely love Firebase so far except it is not sending emails. Every time that I go on my console to reset one of my user's passwords, I click on the authentication tab on the left, go to one of my users, click on the right side of the user, and click on reset password. Then it sends an email to my personal email saying that the message wasn't delivered to "billybob123#email.com" and the reason is that "unsafe characters or length in username."
Now I know what the issue is here, there is no username. I have no idea how to set it. In my app, the users sign up and sign in with their email, but Firebase must not think that is their username. Also, the failure email shows the email that the server tried to send. In that email below, it shows the password reset link. Here is an example of the link below.
https://greenbananatech-jbs.firebaseapp.com/__/auth/action?mode=resetPassword&oobCode=chubW2CkIyYbJvAUviPYUevyHtr-KKYLjFRhABglpFkAAAFkGfcgkw&apiKey=AIzaSyDYrCkVfzNww2V_BuBSTfV85s2lSwW8hO4&lang=en
See what I think where the issue lies is that empty space after ".com". I think this is where the username is supposed to go. I just don't know how to set the username of the users. I have already changed the DISPLAY name of my users in my Xcode project but that doesn't do anything. Also when I click on the "faulty" link, it is in no way faulty because it works perfectly! Here is the picture of the failure email below.
Thanks so much.
Top of email
Bottom of email
I went through the same problem. I tried to configure Firebase SMTP using CPanel's outbound service, and I only received the error message. The problem is the "SMTP account username" field. Try passing the email address on it. It worked for me.
Does anyone have a reason / preference as to the best format to send email responses from a website (payment confirmation / password reminder’s etc)?
Thanks
Jon
In your emails, use plaintext with links to your HTML pages. HTML in email is generally widely reviled as a bad idea, because it's a gigantic security hole.
Never send passwords in email, even as a reminder. Send a link to the user's registered email address that allows them to reset their password. The absolute fastest way to make me quit using your service is to send me my password via email in plaintext.
plain text. No html.
Formatted plain text, please. The system my office uses currently, I had nothing to do with designing it, sends customers a formatted plain text email that looks professional, loads quite quickly in email clients, and it prints just as it looks on the screen. Not only is HTML a security hole, it can really slow down the email downloading/opening process depending on how much extraneous content is included (background colors, images, etc.). In addition, plain text is almost guaranteed to print out as displayed on the screen whereas HTML can have issues.
For passwords, as McWafflestix said, don't send passwords to email addresses. One approach to addressing the forgotten password is to create a module on your website that sends users an email with a link confirming they forget and need to reset their password and then have them answer a secret question they created. Once the identity is confirmed, send them an email with the new temporary password with a link to log in--once they click the link and enter the temporary password, have the user enter a new personal password.