Hello,i am trying to add the plugin.On localhost i can see the plugin and configure it .When i try to execute the request it returns error
POST http://localhost:1337/api/passwordless/send-link
body:{
"email": "[email protected]",
"username":"safi_981"
}
response: {
"data": null,
"error": {
"status": 400,
"name": "Error",
"message": "Unauthorized",
"details": {}
}
}

When i send username and email,a new user is created but no token returned.Same with already created ones.When i deploy the changes,plugin is not visible.I can see it only localhost.

In order to facilitate development, I suggest we add a debugMode: boolean in the settings page.
If it's on, GET /api/passwordless/login?loginToken={tokenFromEmail} will never set is_active to false.

This allows the dev to use the same token multiple times without the need to generate a new one.
Another option would be to use NODE_ENV === 'development'

I'm happy to work on this if you think it fits your vision

Hi thanks for building this plugin, it would be great to have OTP based login as well.

I can sponsor as well if that helps.

Issue

"context" remains empty even though it exists in the database.

The culprit is this line:

It throws a SyntaxError:

which is due to parsing a non-JSON entity

Proposed solution:
Update line to context = JSON.parse(JSON.stringify(token.context))

After enabling everything as mentioned in the Readme, it's not sending requests and showing the following error. How to debug this?

I am using Strapi v. 4.0.5 and my endpoints becomes as follows, which does not look like those in the README.

Is that how it is supposed to be or am I missing something?

Hi!

I have a question on the Frontend part of passwordless out.
The API works great, I get emails with the correct token and can use it to get the correct jwt-token!

However, I don't quite understand how to use it with Strapi (v4) as there is now no way to customize the default strapi login page and no way to display a custom button + input to request email with passwordless link.
I also don't really understand how to handle the redirect, as there is no documentation about custom pages in strapi where I can control the redirect logic.

Do you have any examples or frontend documentation for a passwordless authentication flow for strapi?

Hello,

After updating the settings the Save button stays disabled. I am not able to click it to save the changes.

When configuring the extension, it isn't clear what variables are available for the login email.

I think the only thing we have is:
<%= URL %>?loginToken=<%= CODE %>
... for generating the login URL.

I'd actually like to know if we can alter the messaging for NEW USERS vs RETURNING USERS. And also, if there is any possibility for control logic in the email? Can the subject contain any variables/ control logic?

Hi,

I've been facing a weird intermittent issue where sometimes the newly created user get assigned a Public role instead of Authenticated role despite never changing the setting in User-Permissions.
I haven't been able to reliably reproduce it but I suspect it is this line

Is this syntax supported in v4? Should the params be an object as given in the docs at

https://docs.strapi.io/developer-docs/latest/developer-resources/database-apis-reference/query-engine/single-operations.html#findone

findOne( {  
    where : { type : userSettings.default_role }  
})

Please let me know if this is intended or am I missing something. Thank you.

Now outlook will wrap any url with safelinks, which upon click will access the link on behalf of the user first before redirecting the user.

I implemented the handover of jwt at server side rendering setting httpOnly cookie.

I think could wrap another redirect at browser side which then actually calls the login API. Or, can we have a switch to allow re-use of the link or only invalidate the link after few access counts instead of 1.

Seems Related:
#16

Hi! I noticed that if you use the plugin's /api/passwordless/send-link endpoint with non-existing user data, it will create a new user with that data. I'm taking advantage of this feature in my project's registration view, but I need to add an avatar as an additional parameter:

import axios from "axios";

// Stuff...

axios
    .post(`${BASE_URL}api/passwordless/send-link`, {
        ...{
	    avatar: "1",
	    email: "[email protected]",
	    username: "JohnnyDoe21"
        },
        ...{
            headers: {
                cors: "*"
            }
        }
    })

The problem is that when I send the data to the endpoint (avatar, username, and email), the "avatar" field is ignored by the plugin. If I check the users-permissions's beforeCreate life cycle method, the "params" field doesn't contain "avatar"; it is removed:

{
  action: 'beforeCreate',
  model: { ... },
    lifecycles: {},
    indexes: [ [Object], [Object] ],
    columnToAttribute: { ... }
  },
  state: {},
  params: {
    data: {
      email: '[email protected]',
      username: 'JohnnyDoe21',
      role: [Object],
      createdAt: 2022-09-07T10:59:29.049Z,
      updatedAt: 2022-09-07T10:59:29.049Z
    },
    populate: [ 'role' ]
  }
}

Is there a way to make the plugin to keep certain params if required?

Thank you in advance!

I see that need for non techy admins who want to create & invite users manually. Adding new user in admin UI should trigger sending out link email.

Is there a way and example how to configure it? Could there be new button to re-send login email for existing users in UI?

The plugin is not returning relations when fetching the user from a token after sending the link, is there any way to populate these relations?

Is it Possible to add an ID from the strapi-plugin-email-designer?

I am looking forward to design the E-Mail templates, for passwordless via the strapi-plugin-email-designer!

Is it possible?

Hi There! The plugin is perfectly working on development. Now, I have deployed the strapi app on DigitalOcean and when I call the endpoint "send-link" I am getting unauthorized back? Any idea how this can happen? I just deployed the app and did not change anything?

After I installed this plugin and restarted my server I didn't have this plugin in the plugins section. Then I deleted .cache and dist folders and it helps me to solve this problem. I think the problem is in .cache folder. By my opinion it might be helpful if there is will be a mention about it in README.md

Hi,

Thanks for your work on this plugin -- it has been very helpful for us.

For the last few weeks, we've been trying to chase a bug where new login tokens were invalid. It seemed random, we couldn't figure out why.

I think this issue was fixed by #13. I just deployed it installing directly from GitHub, so we're unsure if it actually fixed the error, but it seems likely 🙏

When you have some time, could you release a new bugfix release? We're probably not the only ones facing this issue, so it might save people time going down these rabbit holes.

Thank you!

How can we add a rate limit to the send link and login endpoints ?

Tried v. 4.0.2 on Strapi version 4, mail user with login link works okay but Endpoint for Login with token results with an error.

http://localhost:1337/api/passwordless/login?loginToken=753816f096737f49b6534ec77f686ff1086d5cd2

strapi-plugin-passwordless was working with the previous version.

Is there anything additional that I need to do to get it working?

[2022-02-09 19:53:11.955] error: Unexpected token o in JSON at position 1
SyntaxError: Unexpected token o in JSON at position 1
    at JSON.parse (<anonymous>)
    at Object.login (/development/</anonymous>node_modules/strapi-plugin-passwordless/server/controllers/auth.js:65:21)
    at processTicksAndRejections (internal/process/task_queues.js:95:5)
    at async returnBodyMiddleware (/development/</anonymous>node_modules/@strapi/strapi/lib/services/server/compose-endpoint.js:52:18)
    at async policiesMiddleware (/development/</anonymous>node_modules/@strapi/strapi/lib/services/server/policy.js:24:5)
    at async serve (/development/</anonymous>node_modules/koa-static/index.js:59:5)
    at async returnBodyMiddleware (/development/</anonymous>node_modules/@strapi/strapi/lib/services/server/compose-endpoint.js:52:18)
    at async policiesMiddleware (/development/</anonymous>node_modules/@strapi/strapi/lib/services/server/policy.js:24:5)
    at async /development/</anonymous>node_modules/@strapi/strapi/lib/middlewares/body.js:24:7
    at async /development/</anonymous>node_modules/@strapi/strapi/lib/middlewares/logger.js:22:5
    at async /development/</anonymous>node_modules/@strapi/strapi/lib/middlewares/powered-by.js:16:5
    at async cors (/development/</anonymous>node_modules/@koa/cors/index.js:56:32)
    at async /development/</anonymous>node_modules/@strapi/strapi/lib/middlewares/errors.js:13:7

I've installed the plugin and do whatever the docs say and I do create tokens that allow accounts to log in. However, I have to copy the token manually then put it into the API to log in. Tokens are generated even though errors pop up and my Gmail account doesn't receive any confirmation emails.

Did anyone try to extend strapi-plugin-passwordless?

I tried methods suggested in official docs and I'm not able to customize createToken service function.

I've tried the extensions folder technique and override it through server-strapi.js. Any advice on what should I try next?