Resend Activation Email - 404 Error

john.sanchirico · September 18, 2023, 7:27pm

When a user signs up the activation email works fine. However attempting to Sign In and resend the activation emails results in the following production log:

Started POST "/u/action/send_activation_email" for (removed ip and timestamp)
Processing by UsersController#send_activation_email as */*
Completed 404 Not Found in 2ms (Views: 0.1ms | ActiveRecord: 0.0ms | Allocations: 542)

This error occurs on all of containers running 3.2.0.beta1-dev. “production_errors.log” is empty.

Steps to reproduce:

Sign up with the default form
Ignore the activation email and attempt to sign in
Click “Resend Activation Email” on the popup “You can’t log in yet. We previously sent an activation email to you…”
“An error occurred: The requested URL or resource could not be found.”
Click “OK” and then the following popup appears “We sent another activation email to you at…” (However the second activation email is not actually sent)

I see the function/action send_activation_email is rate limited.

def send_activation_email
    if current_user.blank? || !current_user.staff?
      RateLimiter.new(nil, "activate-hr-#{request.remote_ip}", 30, 1.hour).performed!
      RateLimiter.new(nil, "activate-min-#{request.remote_ip}", 6, 1.minute).performed!
    end

Would this result in the 404 error? Is there any other logs I can look at to debug this issue?

simon · September 19, 2023, 10:06pm

Testing this on my local dev site, the problem seems to be that neither the username or email parameters get set for the POST request that’s made to /u/action/send_activation_email when the request is made after a user who has not clicked the link in the activation email attempts to login with a username/password:

If, instead, the user clicks the Resend Activation Email button from the account-created page that’s displayed immediately after registering an account, the username parameter is set for the request. For reference, the button that is working is this one:

My guess about what’s happening is that for the request that is working, is that the parameters for the POST request are being set based off the values the user enters when they complete the signup form.

The 404 error is being triggered here:

github.com

discourse/discourse/blob/main/app/controllers/users_controller.rb#L1175-L1177


      
          @user = User.find_by_username_or_email(params[:username].to_s) if params[:username].present?
          
          raise Discourse::NotFound unless @user

pfaffman · September 20, 2023, 12:29am

This sounds like a bug to me.

simon · September 28, 2023, 7:08pm

Just adding a note that this issue also prevents users who have had their accounts deactivated from their admin / users page from triggering the activation email after they attempt to login and click the “Resend Activation Email” button.

That causes the same error as has been reported above.

david · October 2, 2023, 11:39am

Thanks for the report @john.sanchirico, and also @simon for the detailed analysis

This will be fixed by

nat · October 4, 2023, 12:00am

This topic was automatically closed after 20 hours. New replies are no longer allowed.

Topic		Replies	Views
Re-sending activation links causes issues Bug	7	3857	August 24, 2015
Some people are unable to complete the registration, the activate button does not work or the email does not arrive Support	5	478	September 20, 2023
Staff cannot manually activate invited accounts after 48 hours has elapsed Bug	18	2185	July 31, 2017
There was a problem sending another activation email. http: undefined - undefined Bug	5	1382	May 3, 2016
Buggy activation email false alarm? Bug	9	1319	April 18, 2017

Resend Activation Email - 404 Error

Related topics