Wp-calypso: Account Settings: Can't fix typo in email address
Steps to reproduce
- Start by creating a new account with a typo in the email address
- Try fixing the email address here and saving the settings: https://wordpress.com/me/account
What I expected
In the past, if someone typed their email address wrong, they could update the setting. It wouldn't "stick" until they verified the new address, but it was possible to change it.
What happened instead
We get an error: "The e-mail address of your WordPress.com account is not verified. Please verify it first before updating this setting."
Browser / OS version
Any
Screenshot / Video
https://cloudup.com/c_kcwmNxBFK
Context / Source
We've had several new users run into this in the past day or two. Since this has worked in the past, we thought it was user error. Not a good #nux since users can't start posting until their address is verified, and literally can't fix their address.
user-report - I'll include a few links from the forums below.
supernovia
All 24 comments
supernovia
on 1 May 2018
=====
Having looked into this, it appears that this issue the result of an error response being returned from the wpcom.me().settings().update() call at
https://github.com/Automattic/wp-calypso/blob/master/client/lib/user-settings/index.js#L163
The API endpoint appears to be configured to reject changes to the email address unless the existing email has been confirmed.
I'm trying to figure out where the API code is located. Can anyone point me in the right direction?
getdave
on 2 May 2018
gemmagarner
on 2 May 2018
gemmagarner
on 2 May 2018
gemmagarner
on 3 May 2018
gemmagarner
on 3 May 2018
gemmagarner
on 3 May 2018
gemmagarner
on 3 May 2018
Eek, I noticed a user contacting us via email for help with this as well. They likely won't see my response. Ticket 1130007
supernovia
on 3 May 2018
Tested and confirmed that I cannot fix a typo in my email address for a new user signup.
Video: 1m11s
Tested with Firefox 59.0.2 on macOS 10.13.4.
API POST request: https://public-api.wordpress.com/rest/v1.1/me/settings/?http_envelope=1
Request headers:
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.5
Authorization: X-WPCOOKIE 8943865e5e81f7fe30394999b7485d5f:1:https://wordpress.com
Connection: keep-alive
Content-Length: 35
Content-Type: application/json
Cookie: tk_tc=bDyMYshePhnbyFa4; tk_qs=; dcmsid=BoTbWh7BTmc0joYudJZVFXgxmwuKMKqj; G_ENABLED_IDPS=google; wordpress_logged_in=user2397%7C1525561352%7C5JJQH93sq4F9VvzeI3gVo7xFaKjfjUFVu3Mobffnp9D%7Cef30fc885974fb5a2e16069decd68831898e08d3153d27270b9e9bc068db8ea4; _wpndash=348a56e0db9c0962c018f6f3; wpc_wpc=account=user2397&avatar=https%3A%2F%2F0.gravatar.com%2Favatar%2F015dae6a96ea07123d779da71ab4d1d3%3Fs%3D25%26amp%3Bd%3Dhttps%253A%252F%252Fs2.wp.com%252Fwp-content%252Fmu-plugins%252Fhighlander-comments%252Fimages%252Fwplogo.png&email=sheri%2Btyppo%40a8c.com&link=http%3A%2F%2Fmadefortesting2397.wordpress.com&name=user2397&uid=138588397&access_token=4b139166e2a772b0d6989a425e2e1c9ac8dd754a; wordpress_test_cookie=WP+Cookie+check; wp_api_sec=user2397%7C1525561352%7C5JJQH93sq4F9VvzeI3gVo7xFaKjfjUFVu3Mobffnp9D%7Caeb6c4c14d4274770f320a6d8445a6f69f425808b4b5df3f08c278ac884cf010
DNT: 1
Host: public-api.wordpress.com
Referer: https://public-api.wordpress.com/wp-admin/rest-proxy/?v=2.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:59.0) Gecko/20100101 Firefox/59.0
Response payload:
{"code":400,"headers":[{"name":"Content-Type","value":"application\/json"}],"body":{"error":"invalid_input","message":"The e-mail address of your WordPress.com account is not verified. Please verify it first before updating this setting."}}
p5XAZ9-1IE-p2 (internal reference)
designsimply
on 4 May 2018
gemmagarner
on 4 May 2018
gemmagarner
on 4 May 2018
3354869-hc
senff
on 4 May 2018
3354968-hc
senff
on 4 May 2018
279284-h
SiobhyB
on 5 May 2018
gemmagarner
on 7 May 2018
gemmagarner
on 7 May 2018
gemmagarner
on 7 May 2018
I've seen a lot of reports of this in the past few days. HEs, as a work around I've been verifying the email from the user RC on behalf of the user if they say they are currently logged into the account. Once the incorrect email is marked as verified they are able to update it to the correct one.
catrymer
on 7 May 2018
1150009-zen
Robertght
on 10 May 2018
1145457-zen
kriskorn
on 10 May 2018
supernovia
on 10 May 2018
I researched this issue and found that the change was made for security reasons. There are current discussions underway to find out if it would be possible to make a different change which keeps the security benefits but which can still give some flexibility to people who have made a legitimate typo in an email address during sign up.
Please see (internal reference) p4TIVU-8Uj-p2 for more detail.
designsimply
on 11 May 2018
Closing this issue for now because some changes have been made to help.
If you work at Automattic and would like to learn more about the security issue, please see (internal reference) p4TIVU-8Uj-p2 for more detail. Thank you!
designsimply
on 18 May 2018
Related issues
alisterscott
路
47Comments
jblz
路
116Comments
gwwar
路
40Comments
cpapazoglou
路
64Comments
correliebre
路
83Comments
Most helpful comment
I've seen a lot of reports of this in the past few days. HEs, as a work around I've been verifying the email from the user RC on behalf of the user if they say they are currently logged into the account. Once the incorrect email is marked as verified they are able to update it to the correct one.