Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tenant configuration for blocked domains should still allow self-service edit as long as email is not changing #2907

Open
robotdan opened this issue Oct 28, 2024 · 0 comments
Open

Tenant configuration for blocked domains should still allow self-service edit as long as email is not changing #2907

robotdan opened this issue Oct 28, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@robotdan
Copy link
Member

Tenant configuration for blocked domains should still allow self-service edit as long as email is not changing

Description

Blocked domains are intended to prevent self-service registration or self-service account edit from using protected domains.

For example, you may wish to provision all of your employees, and not allow an end user to create a new user, or change an email on their existing user to your corporate domain.

This all works as expected.

However, when using self-service edit, as long as my email is not changing, I should be able to change my password, or change my name, etc. (anything that is allowed of me via the configured form) when using a protected email domain (configured via blocked domains)

But it seems that we may be blocking the edit path all together when using a blocked domain unless disableDomainBlock: true is passed in on the API.

Observed versions

1.51.2

Affects versions

TBD

Steps to reproduce

  1. Create a user with an email of [email protected]
  2. Add example.com to the blocked domain configuration for the tenant
  3. Try to change your password or name in the self-service account form.

Expected behavior

It seems we should allow a user to change their email to something that isn't blocked, and change anything else about their user.

Assuming the validation really only needs to return a validation error for [blocked]user.email if the user is creating this user, or changing their email to a value in the blocked list. If the user is not changing their email address, we should not return a validation error I don't believe.

Needs more investigation, but on the surface seems like are doing this incorrectly.

Screenshots

If applicable, add screenshots to help explain your problem. Delete this section if it is not applicable.

Community guidelines

All issues filed in this repository must abide by the FusionAuth community guidelines.

Additional context

Add any other context about the problem here.
@robotdan robotdan added the bug Something isn't working label Oct 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@robotdan