[buddypress-trac] [BuddyPress Trac] #9137: REST API related issues for signups and pending accounts
buddypress-trac
noreply at wordpress.org
Thu Apr 25 02:36:47 UTC 2024
#9137: REST API related issues for signups and pending accounts
---------------------------------------+--------------------------
Reporter: niftythree | Owner: espellcaste
Type: defect (bug) | Status: new
Priority: normal | Milestone: Up Next
Component: REST API | Version:
Severity: normal | Resolution:
Keywords: needs-patch needs-testing |
---------------------------------------+--------------------------
Comment (by niftythree):
Hi @espellcaste,
Can you confirm that you've tested each scenario using BuddyPress version
12.4.0? We've been able to replicate each of these issues multiple times
on this version.
----
> I actually can't confirm this. Currently, the REST API requires a signup
id or email or activation key to request sending an activation email.
> So it is not possible to use an username of a pending account or
password. We do not however protect this endpoint. So it is a public
endpoint. And anyone with any of this data, could fire it.
Please try testing this through the website with BuddyPress version
12.4.0. i.e. register an account through the REST API, and then you will
be able to constantly request the resending of activation emails by
entering the username and anything into the password field on the website.
----
Regarding the upcoming next BuddyPress version, we're unable to identify
how a user could request the resending of their activation email through
the REST API with their email, as you suggested. For example:
{{{
https://domain.com/wp-json/buddypress/v1/signup/resend/signupid
https://domain.com/wp-json/buddypress/v1/signup/resend/activationkey
}}}
These work, but a user does not have access to their signup id or
activation key, and therefore can't request their activation email through
these means.
{{{
https://domain.com/wp-json/buddypress/v1/signup/resend/user@example.com
}}}
This does not work. We've tried sending the email address in multiple
formats, with no success. Should we be approaching this in a different
way?
Thanks.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/9137#comment:4>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list