Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🐛 Bug Report: Server SDK Create Recovery functionality does not mirror similar functions #3008

Open
2 tasks done
Swinkid opened this issue Mar 24, 2022 · 2 comments
Open
2 tasks done

🐛 Bug Report: Server SDK Create Recovery functionality does not mirror similar functions #3008

Swinkid opened this issue Mar 24, 2022 · 2 comments
Labels
bug Something isn't working

Comments

@Swinkid
Copy link
Contributor

Swinkid commented Mar 24, 2022
edited
Loading

👟 Reproduction steps

        client
            .setEndpoint(env['APPWRITE_FUNCTION_ENDPOINT'])
            .setProject(env['APPWRITE_FUNCTION_PROJECT_ID'])
            .setKey(env['APPWRITE_FUNCTION_API_KEY']);
...
         let recovery = await account.createRecovery('...', '...');

or

        client
            .setEndpoint(env['APPWRITE_FUNCTION_ENDPOINT'])
            .setProject(env['APPWRITE_FUNCTION_PROJECT_ID']);
...
         let recovery = await account.createRecovery('...', '...');

👍 Expected behavior

If calling the createRecovery endpoint from the server SDK, it should allow an API Key and NOT send an email to the user. This is to match similar functionality provided by the teams endpoints. If an membership is created from the server SDK, the server does NOT send an email and automatically adds the user to the team.

This proves useful if the developer is trying to develop a custom recovery flow, for example texting a recovery code to a phone number registered to the account or if the developer is trying to send a custom email.

👎 Actual Behavior

If called with an API key you get the following error and no email:

response: {

17:27:35 0|server  |     message: '[email protected] (role: application) missing scope (public)',

17:27:35 0|server  |     code: 401,

17:27:35 0|server  |     type: 'general_unauthorized_scope',

17:27:35 0|server  |     version: '0.13.3'

17:27:35 0|server  |   }

If called without a API Key, you'll get an email.

🎲 Appwrite version

Version 0.13.x

💻 Operating system

Windows

🧱 Your Environment

No response

👀 Have you spent some time to check if this issue has been raised before?

  • I checked and didn't find similar issue

🏢 Have you read the Code of Conduct?
@Swinkid Swinkid added the bug Something isn't working label Mar 24, 2022
@Swinkid Swinkid changed the title 🐛 Bug Report: Server SDK Create Recovery Functionality Incorrect 🐛 Bug Report: Server SDK Create Recovery functionality does not mirror similar functions Mar 24, 2022
@stnguyen90
Copy link
Contributor

I could see how generating that secret and not sending the email can be useful. I don't think it should be in account api though because the account api is for doing stuff on behalf of a user. So perhaps a new endpoint in users api would make most sense.

@Swinkid
Copy link
Contributor Author

Swinkid commented Mar 24, 2022
edited
Loading

After discussion with

I could see how generating that secret and not sending the email can be useful. I don't think it should be in account api though because the account api is for doing stuff on behalf of a user. So perhaps a new endpoint in users api would make most sense.

Actually I agree with that, probably more of a feature improvement than a bug. Looking the API in accounts.php, probably fairly easy to do this for users.. don't mind picking this up if no objections?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stnguyen90 @Swinkid