Better Auth•2mo ago

sendVerificationEmail bug?

What will happen if run sendVerificationEmail to email that not registered? because i already tried and it return success

2 Replies

dunOP•2mo ago

import { authClient } from '@/lib/auth/auth-client';

export default async function VerifyEmailPage(
  props: PageProps<'/auth/verify-email'>
) {
  const { email } = await props.searchParams;
  const verificationEmail = await authClient.sendVerificationEmail({
    email: 'test@test.test',
    callbackURL: '/',
  });
  console.log(verificationEmail.data);

  return <div>{email}</div>;
}

import { authClient } from '@/lib/auth/auth-client';

export default async function VerifyEmailPage(
  props: PageProps<'/auth/verify-email'>
) {
  const { email } = await props.searchParams;
  const verificationEmail = await authClient.sendVerificationEmail({
    email: 'test@test.test',
    callbackURL: '/',
  });
  console.log(verificationEmail.data);

  return <div>{email}</div>;
}

POST /api/auth/send-verification-email 200 in 1030ms
{ status: true }

POST /api/auth/send-verification-email 200 in 1030ms
{ status: true }

Duk•2mo ago

If there is no active session and the email does not belong to an existing user (which i am assuming is the case), then calling the sendVerificationEmail will always return true. In the library you will find the following reasoning in email-verification.ts "//we're returning true to avoid leaking information about the user"

Gaming

Programming

sendVerificationEmail bug?

Did you find this page helpful?