How to send email confirmation from authenticated user to anonymous user

Open on Drupal.org →

Created on 11 January 2024, 6 months ago

Updated 25 January 2024, 5 months ago

Problem/Motivation

I am trying to send a confirmation link from a authenticated account for confirmation of an anonymous user. As expected, the anonymous user gets a 403 error when trying to access the link.

The authenticated account is actually an API method that I have created, and it's trying to confirm the authenticity of the email address before allowing access.

According to this post, https://www.drupal.org/project/email_confirmer/issues/3019765#comment-12... → , I should be able to do it like this:

/**
 * Implements hook_ENTITY_TYPE_presave().
 */
function mycustommodule_email_confirmer_confirmation_presave(Drupal\Core\Entity\EntityInterface $entity) {
  /** @var \Drupal\email_confirmer\Entity\EmailConfirmation $entity */
  if ($entity->getRealm() == 'email_confirmer_user') {
    $entity->setPrivate(FALSE);
  }
}

But this does not work at all.

Steps to reproduce

Created a REST API method which is accessed using an api-key. That api-key loads the API user I use to manage verification of API calls. One verification step is to make sure the email address submitted is confirmed. Trying to use email confirmer to do this, but every time it sends a link, the anonymous user gets a 403 error when trying to access it.

My understanding is that this fails because an authenticated account cannot send a confirmation link to an anonymous account. The solution, as presented above, was to set the privacy status of the $entity to FALSE.

I tried to resolve the situation with this code:

function solrai_email_confirmer_confirmation_presave(Drupal\Core\Entity\EntityInterface $entity) {
  // Ensure this is an EmailConfirmation entity.
  if ($entity instanceof \Drupal\email_confirmer\Entity\EmailConfirmation) {
    // Get the current user.
    $currentUser = \Drupal::currentUser();

    // Check if the current user's username is 'api'.
    if ($currentUser->getAccountName() === 'api') {
      // Set the privacy status of the entity.
      $entity->setPrivate(FALSE);

      // Optional: Log this action for debugging.
      $logger = \Drupal::service('logger.factory')->get('solrai');
      $logger->debug('Email confirmer privacy status set to FALSE for user api');
    }
  }
}

However, anonymous users still get 403 errors when following the returned links.

How to resolve?

Proposed resolution

I just need to know the correct method to accomplish this task.

💬 Support request

Status

Fixed

Component

Code

Created by

🇺🇸United States SomebodySysop

Live updates comments and jobs are added and updated live.

Sign in to follow issues

Comments & Activities

Issue created by @SomebodySysop
Comment 6 months ago →
🇺🇸United States SomebodySysop
Update: Privacy status is being updated.

Field private, Delta 0: {"value":0}

But the links still don't work for anonymous. They do work for logged in users.
Comment 6 months ago →
🇺🇸United States SomebodySysop
The entity privacy status is changed, so this title is no longer appropriate: How to set entity privacy status to FALSE
Status changed to Fixed 6 months ago9:44am 11 January 2024
Comment 6 months ago →
🇺🇸United States SomebodySysop
Figured it out. I had the "same IP address" configuration item checked, and I can't use that because the IP address will be the server IP address once user gets to the API controller.

But, the IP address will be their own once they receive link and go to site to confirm.

Duh!

Unchecked and everything works as expected.

So the code here does work: https://www.drupal.org/project/email_confirmer/issues/3019765#comment-12... →
Comment 5 months ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions

Production build 0.69.0 2024