Open Closed

Self-Registering User Logged In Without Confirming Email First #1113


0
riley.trevillion created
  • ABP Framework version: v4.2.2
  • UI type: Angular
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): No
  • Exception message and stack trace: See my comment (due to text limit)
  • Steps to reproduce the issue: See below

Hello

I'm having trouble with users self registering where they are being directly logged into the application before they've confirmed their email address. This only occurs when they register initially. If they log out and attempt to log in again they are prevented from doing so until they confirm their email address. Ideally, they should not be immediately logged in upon registration until they have confirmed their email.

I have seen other people bring this issue up in another ticket (https://github.com/abpframework/abp/issues/3541), but I don't think concrete steps have been given to you for confirming the issue which is why it was closed off. Hopefully these steps will help

Steps To Reproduce

  1. Brand new project created via ABP Suite v4.2.2
  2. Build the app, run initial db migration, yarn install, yarn start etc etc. to get ABP running as per the standard documention you provide to your users for setup
  3. Log in as the preseeded host admin user (I have confirmed this issue also affects user registration with tenants too)
  4. Enable 'Require confirmed email' setting
  5. Log out
  6. Register a new user from the login page
  7. Observe that the user is immediately taken to the home page and is logged into the application instead of returned to the login screen until they confirm their email
  8. Confirmation email was 'sent' (NullEmailSender for development) during the registration process as expected. Evidence of this is in the log extract below provided in my comment. Clicking on the confirmation link provided correctly verifies the user email allowing them access to the application for subsequent logins. The log extract is from the moment I pressed the 'Register' button through to the home screen above where the user is logged in.

<br> Any assistance on whether I need to perform additional configuration would be appreciated, or whether this is a bug that needs fixing. If it's a bug, any workaround code as a temporary solution until a real fix is integrated into the main ABP codebase would also be appreciated.

Thankyou


9 Answer(s)
  • 0
    riley.trevillion created

    Log extract part 1 (split due to forum text limit) <br>

    [17:57:04 INF] Request starting HTTP/2 POST https://localhost:44362/Account/Register?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Dcode%26client_id%3DEmailConfirmationVerify_App%26state%3DLWlUVlBrY3BFMU9PZ3BGbnNaVEY3bGJwcGRIVy5qcmVPcEdIWHB4REozUVRs%26redirect_uri%3Dhttp%253A%252F%252Flocalhost%253A4200%26scope%3Doffline_access%2520openid%2520profile%2520role%2520email%2520phone%2520EmailConfirmationVerify%26code_challenge%3DcQ4FhogKNMUbr6EIkVpCDsG-db_LISzwN8TPrhdWWp8%26code_challenge_method%3DS256%26nonce%3DLWlUVlBrY3BFMU9PZ3BGbnNaVEY3bGJwcGRIVy5qcmVPcEdIWHB4REozUVRs application/x-www-form-urlencoded 278
    [17:57:04 INF] CORS policy execution failed.
    [17:57:04 INF] Request origin https://localhost:44362 does not have permission to access the resource.
    [17:57:04 INF] No CORS policy found for the specified request.
    [17:57:04 INF] Executing endpoint '/Account/Register'
    [17:57:04 INF] Route matched with {page = "/Account/Register", action = "", controller = "", area = ""}. Executing page /Account/Register
    [17:57:04 INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy
    [17:57:04 INF] Executing handler method Volo.Abp.Account.Public.Web.Pages.Account.RegisterModel.OnPostAsync - ModelState is Valid
    [17:57:04 DBG] Added 0 entity changes to the current audit log
    [17:57:04 DBG] Added 0 entity changes to the current audit log
    [17:57:04 DBG] Added 0 entity changes to the current audit log
    [17:57:04 DBG] Added 0 entity changes to the current audit log
    [17:57:04 WRN] USING NullEmailSender!
    [17:57:04 DBG] SendEmailAsync:
    [17:57:04 DBG] [email protected]
    [17:57:04 DBG] 
    [17:57:04 DBG] Email confirmation
    [17:57:04 DBG] <!DOCTYPE html>
    <html lang="en" xmlns="http://www.w3.org/1999/xhtml">
    <head>
        <meta charset="utf-8" />
    </head>
    <body>
        <h3>Email confirmation</h3>
    <p>Please confirm your email address by clicking the following link.</p>
    <div>
        <a href="https://localhost:44362/Account/EmailConfirmation?userId=39fb9418-c0c9-105d-2469-f451a67e059c&tenantId=&confirmationToken=CfDJ8EsHVoI09O9NqclZwYBgchfwhFgPHiKsv2nj17jXpv7vh3DthB5QHOvX5iim0tJ2q%2BXiHpfS9DAj%2BPNn4KYkIyQqe6Ky1gvPndCYob7rFZ9WS%2BuLOKgSLCUSIf3MOBORWNAI5X%2Bo1cv6nLCN4Oo3seFtoYEAAZUd8mAVfAv0oIzTeHAjTkT%2BWORmsSy2HuclR70ALN8Bs8rvENhedD3sth8lgfDya4OIzH6v1y1J563ia665fkOX0uqh%2BHqdnH25%2FQ%3D%3D&returnUrl=http://localhost:4200">Confirm my email address</a>
    </div>
    </body>
    </html>
    [17:57:04 DBG] Augmenting SignInContext
    [17:57:04 DBG] Adding idp claim with value: local
    [17:57:04 DBG] Adding amr claim with value: pwd
    [17:57:04 DBG] Adding auth_time claim with value: 1617087424
    [17:57:04 INF] AuthenticationScheme: Identity.Application signed in.
    [17:57:04 INF] Executed handler method OnPostAsync, returned result Microsoft.AspNetCore.Mvc.RedirectResult.
    [17:57:04 INF] Executing RedirectResult, redirecting to /connect/authorize/callback?response_type=code&client_id=EmailConfirmationVerify_App&state=LWlUVlBrY3BFMU9PZ3BGbnNaVEY3bGJwcGRIVy5qcmVPcEdIWHB4REozUVRs&redirect_uri=http%3A%2F%2Flocalhost%3A4200&scope=offline_access%20openid%20profile%20role%20email%20phone%20EmailConfirmationVerify&code_challenge=cQ4FhogKNMUbr6EIkVpCDsG-db_LISzwN8TPrhdWWp8&code_challenge_method=S256&nonce=LWlUVlBrY3BFMU9PZ3BGbnNaVEY3bGJwcGRIVy5qcmVPcEdIWHB4REozUVRs.
    [17:57:04 INF] Executed page /Account/Register in 79.2189ms
    [17:57:04 INF] Executed endpoint '/Account/Register'
    [17:57:04 DBG] Added 0 entity changes to the current audit log
    [17:57:04 DBG] Added 0 entity changes to the current audit log
    [17:57:04 INF] Request finished HTTP/2 POST https://localhost:44362/Account/Register?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Dcode%26client_id%3DEmailConfirmationVerify_App%26state%3DLWlUVlBrY3BFMU9PZ3BGbnNaVEY3bGJwcGRIVy5qcmVPcEdIWHB4REozUVRs%26redirect_uri%3Dhttp%253A%252F%252Flocalhost%253A4200%26scope%3Doffline_access%2520openid%2520profile%2520role%2520email%2520phone%2520EmailConfirmationVerify%26code_challenge%3DcQ4FhogKNMUbr6EIkVpCDsG-db_LISzwN8TPrhdWWp8%26code_challenge_method%3DS256%26nonce%3DLWlUVlBrY3BFMU9PZ3BGbnNaVEY3bGJwcGRIVy5qcmVPcEdIWHB4REozUVRs application/x-www-form-urlencoded 278 - 302 - - 95.2128ms
    [17:57:04 INF] Request starting HTTP/2 GET https://localhost:44362/connect/authorize/callback?response_type=code&client_id=EmailConfirmationVerify_App&state=LWlUVlBrY3BFMU9PZ3BGbnNaVEY3bGJwcGRIVy5qcmVPcEdIWHB4REozUVRs&redirect_uri=http%3A%2F%2Flocalhost%3A4200&scope=offline_access%20openid%20profile%20role%20email%20phone%20EmailConfirmationVerify&code_challenge=cQ4FhogKNMUbr6EIkVpCDsG-db_LISzwN8TPrhdWWp8&code_challenge_method=S256&nonce=LWlUVlBrY3BFMU9PZ3BGbnNaVEY3bGJwcGRIVy5qcmVPcEdIWHB4REozUVRs - -
    [17:57:04 DBG] Request path /connect/authorize/callback matched to endpoint type Authorize
    [17:57:04 DBG] Endpoint enabled: Authorize, successfully created handler: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint
    [17:57:04 INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint for /connect/authorize/callback
    [17:57:04 DBG] Start authorize callback request
    [17:57:04 DBG] User in authorize request: 39fb9418-c0c9-105d-2469-f451a67e059c
    [17:57:04 DBG] Start authorize request protocol validation
    [17:57:04 DBG] client configuration validation for client EmailConfirmationVerify_App succeeded.
    [17:57:04 DBG] Checking for PKCE parameters
    [17:57:04 DBG] Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator
    [17:57:04 DBG] ValidatedAuthorizeRequest
    {"ClientId": "EmailConfirmationVerify_App", "ClientName": "EmailConfirmationVerify_App", "RedirectUri": "http://localhost:4200", "AllowedRedirectUris": ["http://localhost:4200"], "SubjectId": "39fb9418-c0c9-105d-2469-f451a67e059c", "ResponseType": "code", "ResponseMode": "query", "GrantType": "authorization_code", "RequestedScopes": "offline_access openid profile role email phone EmailConfirmationVerify", "State": "LWlUVlBrY3BFMU9PZ3BGbnNaVEY3bGJwcGRIVy5qcmVPcEdIWHB4REozUVRs", "UiLocales": null, "Nonce": "LWlUVlBrY3BFMU9PZ3BGbnNaVEY3bGJwcGRIVy5qcmVPcEdIWHB4REozUVRs", "AuthenticationContextReferenceClasses": null, "DisplayMode": null, "PromptMode": "", "MaxAge": null, "LoginHint": null, "SessionId": "60EB95D1AF5D4756950AB452A81480BF", "Raw": {"response_type": "code", "client_id": "EmailConfirmationVerify_App", "state": "LWlUVlBrY3BFMU9PZ3BGbnNaVEY3bGJwcGRIVy5qcmVPcEdIWHB4REozUVRs", "redirect_uri": "http://localhost:4200", "scope": "offline_access openid profile role email phone EmailConfirmationVerify", "code_challenge": "cQ4FhogKNMUbr6EIkVpCDsG-db_LISzwN8TPrhdWWp8", "code_challenge_method": "S256", "nonce": "LWlUVlBrY3BFMU9PZ3BGbnNaVEY3bGJwcGRIVy5qcmVPcEdIWHB4REozUVRs"}, "$type": "AuthorizeRequestValidationLog"}
    [17:57:04 DBG] Client is configured to not require consent, no consent is required
    [17:57:04 DBG] Creating Authorization Code Flow response.
    [17:57:04 INF] {"ClientId": "EmailConfirmationVerify_App", "ClientName": "EmailConfirmationVerify_App", "RedirectUri": "http://localhost:4200", "Endpoint": "Authorize", "SubjectId": "39fb9418-c0c9-105d-2469-f451a67e059c", "Scopes": "offline_access openid profile role email phone EmailConfirmationVerify", "GrantType": "authorization_code", "Tokens": [{"TokenType": "code", "TokenValue": "****787D", "$type": "Token"}], "Category": "Token", "Name": "Token Issued Success", "EventType": "Success", "Id": 2000, "Message": null, "ActivityId": "80000089-0001-d900-b63f-84710c7967bb", "TimeStamp": "2021-03-30T06:57:04.0000000Z", "ProcessId": 15492, "LocalIpAddress": "127.0.0.1:44362", "RemoteIpAddress": "127.0.0.1", "$type": "TokenIssuedSuccessEvent"}
    [17:57:04 DBG] Authorize endpoint response
    {"SubjectId": "39fb9418-c0c9-105d-2469-f451a67e059c", "ClientId": "EmailConfirmationVerify_App", "RedirectUri": "http://localhost:4200", "State": "LWlUVlBrY3BFMU9PZ3BGbnNaVEY3bGJwcGRIVy5qcmVPcEdIWHB4REozUVRs", "Scope": "offline_access openid profile role email phone EmailConfirmationVerify", "Error": null, "ErrorDescription": null, "$type": "AuthorizeResponseLog"}
    [17:57:04 DBG] Augmenting SignInContext
    [17:57:04 INF] AuthenticationScheme: Identity.Application signed in.
    [17:57:04 INF] Request finished HTTP/2 GET https://localhost:44362/connect/authorize/callback?response_type=code&client_id=EmailConfirmationVerify_App&state=LWlUVlBrY3BFMU9PZ3BGbnNaVEY3bGJwcGRIVy5qcmVPcEdIWHB4REozUVRs&redirect_uri=http%3A%2F%2Flocalhost%3A4200&scope=offline_access%20openid%20profile%20role%20email%20phone%20EmailConfirmationVerify&code_challenge=cQ4FhogKNMUbr6EIkVpCDsG-db_LISzwN8TPrhdWWp8&code_challenge_method=S256&nonce=LWlUVlBrY3BFMU9PZ3BGbnNaVEY3bGJwcGRIVy5qcmVPcEdIWHB4REozUVRs - - - 302 - - 41.7471ms
    [17:57:05 INF] Request starting HTTP/2 GET https://localhost:44362/.well-known/openid-configuration - -
    [17:57:05 INF] CORS policy execution successful.
    [17:57:05 DBG] CORS request made for path: /.well-known/openid-configuration from origin: http://localhost:4200
    [17:57:05 DBG] CorsPolicyService allowed origin: http://localhost:4200
    [17:57:05 INF] CORS policy execution successful.
    [17:57:05 DBG] Request path /.well-known/openid-configuration matched to endpoint type Discovery
    [17:57:05 DBG] Endpoint enabled: Discovery, successfully created handler: IdentityServer4.Endpoints.DiscoveryEndpoint
    [17:57:05 INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.DiscoveryEndpoint for /.well-known/openid-configuration
    [17:57:05 DBG] Start discovery request
    [17:57:05 INF] Request finished HTTP/2 GET https://localhost:44362/.well-known/openid-configuration - - - 200 - application/json;+charset=UTF-8 25.6047ms
    [17:57:05 INF] Request starting HTTP/2 GET https://localhost:44362/.well-known/openid-configuration/jwks - -
    [17:57:05 INF] CORS policy execution successful.
    [17:57:05 DBG] CORS request made for path: /.well-known/openid-configuration/jwks from origin: http://localhost:4200
    [17:57:05 DBG] CorsPolicyService allowed origin: http://localhost:4200
    [17:57:05 INF] CORS policy execution successful.
    [17:57:05 DBG] Request path /.well-known/openid-configuration/jwks matched to endpoint type Discovery
    [17:57:05 DBG] Endpoint enabled: Discovery, successfully created handler: IdentityServer4.Endpoints.DiscoveryKeyEndpoint
    [17:57:05 INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.DiscoveryKeyEndpoint for /.well-known/openid-configuration/jwks
    [17:57:05 DBG] Start key discovery request
    [17:57:05 INF] Request finished HTTP/2 GET https://localhost:44362/.well-known/openid-configuration/jwks - - - 200 - application/json;+charset=UTF-8 17.5562ms
    [17:57:05 INF] Request starting HTTP/2 POST https://localhost:44362/connect/token application/x-www-form-urlencoded 247
    [17:57:05 INF] CORS policy execution successful.
    [17:57:05 DBG] CORS request made for path: /connect/token from origin: http://localhost:4200
    [17:57:05 DBG] CorsPolicyService allowed origin: http://localhost:4200
    [17:57:05 INF] CORS policy execution successful.
    [17:57:05 DBG] Request path /connect/token matched to endpoint type Token
    [17:57:05 DBG] Endpoint enabled: Token, successfully created handler: IdentityServer4.Endpoints.TokenEndpoint
    [17:57:05 INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.TokenEndpoint for /connect/token
    [17:57:05 DBG] Start token request.
    [17:57:05 DBG] Start client validation
    [17:57:05 DBG] Start parsing Basic Authentication secret
    [17:57:05 DBG] Start parsing for secret in post body
    [17:57:05 DBG] client id without secret found
    [17:57:05 DBG] Parser found secret: PostBodySecretParser
    [17:57:05 DBG] Secret id found: EmailConfirmationVerify_App
    [17:57:05 DBG] client configuration validation for client EmailConfirmationVerify_App succeeded.
    [17:57:05 DBG] Public Client - skipping secret validation success
    [17:57:05 DBG] Client validation success
    
  • 0
    riley.trevillion created

    Log extract part 2 <br>

    [17:57:05 INF] {"ClientId": "EmailConfirmationVerify_App", "AuthenticationMethod": "NoSecret", "Category": "Authentication", "Name": "Client Authentication Success", "EventType": "Success", "Id": 1010, "Message": null, "ActivityId": "80000038-0005-eb00-b63f-84710c7967bb", "TimeStamp": "2021-03-30T06:57:05.0000000Z", "ProcessId": 15492, "LocalIpAddress": "127.0.0.1:44362", "RemoteIpAddress": "127.0.0.1", "$type": "ClientAuthenticationSuccessEvent"}
    [17:57:05 DBG] Start token request validation
    [17:57:05 DBG] Start validation of authorization code token request
    [17:57:05 DBG] Client required a proof key for code exchange. Starting PKCE validation
    [17:57:05 DBG] Validation of authorization code token request success
    [17:57:05 INF] Token request validation success, {"ClientId": "EmailConfirmationVerify_App", "ClientName": "EmailConfirmationVerify_App", "GrantType": "authorization_code", "Scopes": null, "AuthorizationCode": "****787D", "RefreshToken": "********", "UserName": null, "AuthenticationContextReferenceClasses": null, "Tenant": null, "IdP": null, "Raw": {"grant_type": "authorization_code", "code": "E6FEB6A7F36746AE123310B92BD9E63D398A406E3BAC7F69B80715B28CC5787D", "redirect_uri": "http://localhost:4200", "code_verifier": "MUswUERQazhBUS5hUDB2VWhtVTJDYVUtdTBTMUhYZWJEYzVycmhmWmk2a0hG", "client_id": "EmailConfirmationVerify_App"}, "$type": "TokenRequestValidationLog"}
    [17:57:05 DBG] client configuration validation for client EmailConfirmationVerify_App succeeded.
    [17:57:05 DBG] Getting claims for access token for client: EmailConfirmationVerify_App
    [17:57:05 DBG] Getting claims for access token for subject: 39fb9418-c0c9-105d-2469-f451a67e059c
    [17:57:05 DBG] Creating refresh token
    [17:57:05 DBG] Setting an absolute lifetime: 31536000
    [17:57:05 DBG] client configuration validation for client EmailConfirmationVerify_App succeeded.
    [17:57:05 DBG] Getting claims for identity token for subject: 39fb9418-c0c9-105d-2469-f451a67e059c and client: EmailConfirmationVerify_App
    [17:57:05 INF] {"ClientId": "EmailConfirmationVerify_App", "ClientName": "EmailConfirmationVerify_App", "RedirectUri": null, "Endpoint": "Token", "SubjectId": "39fb9418-c0c9-105d-2469-f451a67e059c", "Scopes": "offline_access openid profile role email phone EmailConfirmationVerify", "GrantType": "authorization_code", "Tokens": [{"TokenType": "id_token", "TokenValue": "****37Jw", "$type": "Token"}, {"TokenType": "refresh_token", "TokenValue": "****F8C5", "$type": "Token"}, {"TokenType": "access_token", "TokenValue": "****FQsg", "$type": "Token"}], "Category": "Token", "Name": "Token Issued Success", "EventType": "Success", "Id": 2000, "Message": null, "ActivityId": "80000038-0005-eb00-b63f-84710c7967bb", "TimeStamp": "2021-03-30T06:57:05.0000000Z", "ProcessId": 15492, "LocalIpAddress": "127.0.0.1:44362", "RemoteIpAddress": "127.0.0.1", "$type": "TokenIssuedSuccessEvent"}
    [17:57:05 DBG] Token request success.
    [17:57:05 INF] Request finished HTTP/2 POST https://localhost:44362/connect/token application/x-www-form-urlencoded 247 - 200 - application/json;+charset=UTF-8 108.0022ms
    [17:57:05 INF] Request starting HTTP/2 OPTIONS https://localhost:44362/api/abp/application-configuration - -
    [17:57:05 INF] CORS policy execution successful.
    [17:57:05 INF] Request finished HTTP/2 OPTIONS https://localhost:44362/api/abp/application-configuration - - - 204 - - 0.1693ms
    [17:57:05 INF] Request starting HTTP/2 GET https://localhost:44362/api/abp/application-configuration - -
    [17:57:05 INF] CORS policy execution successful.
    [17:57:05 INF] Successfully validated the token.
    [17:57:05 DBG] CORS request made for path: /api/abp/application-configuration from origin: http://localhost:4200 but was ignored because path was not for an allowed IdentityServer CORS endpoint
    [17:57:05 INF] No CORS policy found for the specified request.
    [17:57:05 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController.GetAsync (Volo.Abp.AspNetCore.Mvc)'
    [17:57:05 INF] Route matched with {area = "abp", action = "Get", controller = "AbpApplicationConfiguration", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationConfigurationDto] GetAsync() on controller Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController (Volo.Abp.AspNetCore.Mvc).
    [17:57:05 DBG] Executing AbpApplicationConfigurationAppService.GetAsync()...
    [17:57:05 DBG] Getting not cache granted permissions from the repository for this provider name,key: U,39fb9418-c0c9-105d-2469-f451a67e059c
    [17:57:05 DBG] Setting the cache items. Count: 63
    [17:57:05 DBG] Finished setting the cache items. Count: 63
    [17:57:05 DBG] Getting not cache granted permissions from the repository for this provider name,key: R,user
    [17:57:05 DBG] Setting the cache items. Count: 63
    [17:57:05 DBG] Finished setting the cache items. Count: 63
    [17:57:05 DBG] Executed AbpApplicationConfigurationAppService.GetAsync().
    [17:57:05 INF] Executing ObjectResult, writing value of type 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationConfigurationDto'.
    [17:57:05 INF] Executed action Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController.GetAsync (Volo.Abp.AspNetCore.Mvc) in 98.628ms
    [17:57:05 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController.GetAsync (Volo.Abp.AspNetCore.Mvc)'
    [17:57:05 INF] Request finished HTTP/2 GET https://localhost:44362/api/abp/application-configuration - - - 200 - application/json;+charset=utf-8 112.3838ms
    [17:57:05 INF] Request starting HTTP/2 OPTIONS https://localhost:44362/api/account/profile-picture/39fb9418-c0c9-105d-2469-f451a67e059c - -
    [17:57:05 INF] CORS policy execution successful.
    [17:57:05 INF] Request finished HTTP/2 OPTIONS https://localhost:44362/api/account/profile-picture/39fb9418-c0c9-105d-2469-f451a67e059c - - - 204 - - 0.5028ms
    [17:57:05 INF] Request starting HTTP/2 GET https://localhost:44362/api/account/profile-picture/39fb9418-c0c9-105d-2469-f451a67e059c - -
    [17:57:05 INF] CORS policy execution successful.
    [17:57:05 INF] Successfully validated the token.
    [17:57:05 DBG] CORS request made for path: /api/account/profile-picture/39fb9418-c0c9-105d-2469-f451a67e059c from origin: http://localhost:4200 but was ignored because path was not for an allowed IdentityServer CORS endpoint
    [17:57:05 INF] No CORS policy found for the specified request.
    [17:57:05 INF] Executing endpoint 'Volo.Abp.Account.AccountController.GetProfilePictureAsync (Volo.Abp.Account.Pro.Public.HttpApi)'
    [17:57:05 INF] Route matched with {area = "account", action = "GetProfilePicture", controller = "Account", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Volo.Abp.Account.ProfilePictureSourceDto] GetProfilePictureAsync(System.Guid) on controller Volo.Abp.Account.AccountController (Volo.Abp.Account.Pro.Public.HttpApi).
    [17:57:05 INF] Executing ObjectResult, writing value of type 'Volo.Abp.Account.ProfilePictureSourceDto'.
    [17:57:05 INF] Executed action Volo.Abp.Account.AccountController.GetProfilePictureAsync (Volo.Abp.Account.Pro.Public.HttpApi) in 14.7263ms
    [17:57:05 INF] Executed endpoint 'Volo.Abp.Account.AccountController.GetProfilePictureAsync (Volo.Abp.Account.Pro.Public.HttpApi)'
    [17:57:05 INF] Request finished HTTP/2 GET https://localhost:44362/api/account/profile-picture/39fb9418-c0c9-105d-2469-f451a67e059c - - - 200 - application/json;+charset=utf-8 25.2785ms
    
  • 0
    maliming created
    Support Team

    hi

    The 4.3 version will enhanced mail & phone confirmation feature.

    If the user can't log in due to unconfirmed email or phone number, they will be redirected to the following page for confirmation.

  • 0
    riley.trevillion created

    Hi maliming

    Thankyou for your reply.

    The upcoming enhancements sound great. I will wait for 4.3 to be released to verify whether the issue I've described above has been resolved or not. I think the 4.3-preview is coming out in the next couple of days according to the milestones you have defined in Github.

    Thanks again

  • 0
    riley.trevillion created

    Hi @maliming

    I have switched over to the 4.3-preview branch using ABP Suite and the issue I have described above is still happening. Are you able to confirm the issue on your end using the reproducability steps I've provided above?

    Thankyou

  • 0
    maliming created
    Support Team

    hi @riley.trevillion

    Can you try to the template project of 4.3 rc1?

  • 0
    riley.trevillion created

    Hi @maliming

    I have created a brand new 4.3.0-rc.2 application but, unfortunately, the problem has not been resolved. I am still immediately logged in to the application upon registration without having to verify my email address first.

    Have you been able to reproduce the issue on your end using the reproducability steps I have provided?

    Many thanks

  • 0
    maliming created
    Support Team

    hi

    The email confirmation page will show when you log out and log in again, I will fix this problem in rc3.

  • 0
    riley.trevillion created

    Hi @maliming

    I've upgraded our solution to 4.3 and this issue appears to be fixed now. Thankyou for resolving this.