Set user account to verified=true after a password reset action?
User goes to reset password, receives password reset email, successfully sets password.
However, account remains verified = false.
What hook can I use in this context to set verified = true? The user has 'effectively' verified their email through this action. I've got it working after a magic email link sign in since that creates a user session and can access user object. Can't figure it out for a password reset where a session isn't created.
2 Replies
temporary 'hack' of a workaround is to hook into the form itself and use the user's entry to (a) check if email exists and (b) if so, push a SQL update to change verified = true
Not ideal. But acceptable for my use case. Would prefer a proper solution though.
Hey, I just opened a PR fix this.
emailVerified will be set to true upon successful password reset.
You can track the PR here until it's merged:
https://github.com/better-auth/better-auth/pull/2578