I'm using Open SaaS and I want to disable email verification as I'm creating accounts from Admin
I want to create user account from admin with a default password and then trigger a mail that conveys the username and password with a login link.
on first login I want to compel the user to change the password.
5 Replies
Hi @ComputO. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:
----------------------
Based on the available knowledge sources, here’s what you can (and cannot) do with Wasp/Open SaaS regarding your requirements:
1. Disabling Email Verification
You can skip the email verification step in development by setting the following in your
- You can skip email verification in development, but not in production by default. - Creating users from admin with a default password and sending credentials via email is not directly supported, but can be implemented with custom code. - Forcing a password change on first login is not built-in and would require custom logic. If you need to implement these features, you will need to extend Wasp’s default behavior with custom actions and UI. The knowledge sources do not provide step-by-step instructions for this specific workflow, so you would be venturing beyond the documented features. If you need code examples for custom signup actions or email customization, let me know! ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ---------------------- Sorry @ComputO, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist: Perhaps try again in 15mins?
.env.server file:
This will allow users to log in without verifying their email during development. However, this is intended for development only, and there is no documented way to disable email verification in production via configuration alone. By default, Wasp requires email verification before login is allowed in production environments Docs: Email Verification Flow.
2. Creating Users from Admin with Default Password
There is no explicit documentation or example in the knowledge sources about creating users from the admin panel with a default password. Wasp’s standard signup flow is user-initiated and expects the user to set their own password during signup. However, you can create a custom signup action using the lower-level API, which would allow you to implement custom logic for user creation, including setting a default password Docs: Customizing the Auth Flow.
3. Sending Username and Password via Email
Wasp allows you to customize the content of emails sent to users, such as verification and password reset emails Docs: Email Verification Config. However, sending plain-text passwords via email is not recommended for security reasons, and there is no built-in function for this. You would need to implement a custom email-sending function if you choose to do this.
4. Forcing Password Change on First Login
There is no built-in support or documented pattern for forcing a user to change their password on first login. You would need to implement this logic yourself, likely by adding a field (e.g., mustChangePassword: Boolean) to your User entity and checking it after login, then redirecting the user to a password change page if necessary.
---
Summary:- You can skip email verification in development, but not in production by default. - Creating users from admin with a default password and sending credentials via email is not directly supported, but can be implemented with custom code. - Forcing a password change on first login is not built-in and would require custom logic. If you need to implement these features, you will need to extend Wasp’s default behavior with custom actions and UI. The knowledge sources do not provide step-by-step instructions for this specific workflow, so you would be venturing beyond the documented features. If you need code examples for custom signup actions or email customization, let me know! ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ---------------------- Sorry @ComputO, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist: Perhaps try again in 15mins?
Hey @ComputO, this sounds possible. What did you try and where did you get stuck?
@Carlos I'm tagging you if this gets reactivated, balancing support threads between you and @miho
I tried creating accounts by just inserting into the Users , Auth and Auth Identity table .. This limits me to with a default password hash , and I cannot trigger auth hooks like after on signup . I has some logic in the hook which I want to reuse as and when admin creates an account.
I was thinking of calling the signup operation with a random generated password, but was wondering how to not trigger a email verification on prod and how to send a mail with the generated password.
If I could extend or call the hashing function that provides me with hashes that are to be populated in the AuthIdentity table that also would be sufficient.
Here we talk about custom signup actions: https://wasp.sh/docs/auth/advanced/custom-auth-actions
You can adopt that logic to your use-case and make it into a "create an account" action 🙂
Custom sign-up actions | Wasp
If you need to deeply hook into the sign-up process, you can create your own sign-up action and customize the code to, for example, add extra validation, store more data, or otherwise call custom code at registration time.
In this case, instead of triggering the full signup operation and the email verification, you can adapt the custom signup action example to do the following:
1. check that only the admin is logged in
2. not trigger the email verification, mark the email as verified directly (like this)
then you ask users to do the Password Reset flow when first logging in https://wasp.sh/docs/auth/email#password-reset-flow
if that is useful, tell us so we'll mark the question as solved 🙂