Email confirmation can be enabled without setting SMTP settings

[Morgul]

I was playing around with setting up an install of RocketChat, and I enabled email verification. However, I didn't get around to setting up my SMTP settings, and then (for other reasons), logged out. Now, I can't ever get back in, because it requires me to confirm my email, something I can never do without an SMTP server configured.

This is definitely an edge case, but new users just playing around with the system (like myself) seem likely to make mistakes like this. In short, you should never be able to lock yourself out while setting up a new install.

As a secondary question: once a user's been created (like my admin user), why would enabling email confirmation then require that user to confirm it's email? The user's already been made; email confirmation should only be for new accounts, right?

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

[Morgul]

Additionally, I'd also take some suggestions on recovering from this state. ;)

[k0nsl]

@Morgul:

This may not be the most optimal solution, but wouldn't it be possible to export the values for SMTP and have them set up using something like Mandrill?

Export these: SMTP_Host, SMTP_Port, SMTP_Username and SMTP_Password.

I have not tested that, but logically it should work.

[graywolf336]

@Morgul if you have database access, you can set yourself as email verified or change the setting in the database. db.getCollection('rocketchat_settings').find({ _id: 'Accounts_EmailVerification' }) and then set the value field to false.

[Morgul]

@graywolf336 I'm running it in a docker, I'll look up the docker commands to get access to the DB, shouldn't be hard. Thanks.

@k0nsl I'm not sure I follow?Are you suggesting as a way to work around my current install being locked out, or as a way to allow users to fix this problem if they run into it?

My thought for a general solution, not knowing the code, is basically having the radio buttons for enabling email verification disabled if there's nothing set in the SMTP_* fields. I'd imagine it's a straightforward change, though I'd say this is definitely a candidate for a 'papercut' label.

[Morgul]

@graywolf336 Updating the database worked like a charm.

For posterity, this is what I had to do:

Log into docker

$ docker exec -i -t <<docker_mongo_container_name>> bash

Update the database

root@65ca236a61c7:/# mongo
MongoDB shell version: 3.0.6
connecting to: test
> use rocketchat
switched to db rocketchat
> db.getCollection('rocketchat_settings').find({ _id: 'Accounts_EmailVerification' })
{ "_id" : "Accounts_EmailVerification", "value" : true, "i18nLabel" : "Accounts_EmailVerification", "i18nDescription" : null, "type" : "boolean", "group" : "Accounts", "section" : "Registration", "public" : true }
> db.getCollection('rocketchat_settings').update({ _id: 'Accounts_EmailVerification' }, { $set: { value: false } })
WriteResult({ "nMatched" : 1, "nUpserted" : 0, "nModified" : 1 })
> db.getCollection('rocketchat_settings').find({ _id: 'Accounts_EmailVerification' })
{ "_id" : "Accounts_EmailVerification", "value" : false, "i18nLabel" : "Accounts_EmailVerification", "i18nDescription" : null, "type" : "boolean", "group" : "Accounts", "section" : "Registration", "public" : true }

That's it! It worked great.

[graywolf336]

@Morgul Glad to hear and thanks for providing the details!

[geekgonecrazy]

@Morgul sweet! Thanks for posting that! :D I had to mess with mongo in docker a few days ago for something similar but forgot to keep the commands I used. This might be something we stash away in a wiki article somewhere.

[Morgul]

@graywolf336 No problem. Love giving back, even in little ways.

@geekgonecrazy Actually, it'd be nice to beef up the docs for docker usage a bit more. Docker's become my new favorite deployment tool, so the more docker love in the docs, the better.

Heck, I even had a crazy idea for a sh script that takes the local port to bind to, restart strategy and then pulls the docker-compose.yml from the repo, modifies it and streams it into docker-compose up -d. It would turn deploying it via docker into a one liner. Could even serve it off http://get.rocket.chat But, that's getting pretty off topic. ;)

[geekgonecrazy]

<3 docker. I'd love to hear what you have in mind! Sounds cool. Feel free to start an issue and brain storm away. :)

[Morgul]

@geekgonecrazy Opened #770. :)

Out of curiosity, does More information needed mean you need more information from me? If so, what?

[geekgonecrazy]

Probably need a new tag. :). Just wanted to mark it that we needed to discuss implementation potentially

[Morgul]

@geekgonecrazy On my projects, I use a Discussion Needed or Feedback Requested label. :)

[tholu]

@Morgul Thanks for the detailed steps, I was able to restore my login quickly.

[Morgul]

@tholu no problem. :)

[adrianb88]

@Morgul hi. I am a beginner and have no experience with databases. Maybe you can help?
I recently deployed or created an account with rocket.chat via https://rocket.chat/deploy
As already mentioned in your first post from 11th September, I didn't configure any smtp and as an admin "kicked my self out..." because the email confirmation isn't working at all for me (although I am an admin...)
In other words I have no access at all.

Any ideas how I can solve this issue manually?
Btw. I am not using docker etc so I have no access to any database.

[tholu]

@adrianb88 If you are not using docker, you should have direct access to the mongo database. Or what are you using?

[adrianb88]

@tholu hi, well the thing is, I only deployed directly via rocket.chat/deploy and that's it. It worked just fine until I locked my self out (e.g. cannot login in via my client).

[tholu]

@adrianb88 Where exactly did you deploy it? Heroku?