-
Bug
-
Resolution: Fixed
-
Low
-
None
-
8
-
Severity 3 - Minor
-
If the create user endpoint /rest/api/3/user is used with the notification enabled it sends to the customer an email to reset the password, in case the user hasn't set a password yet. However, the link to reset password (https://yourinstance.atlassian.net/secure/ResetPassword.jspa) is leading to the instance instead of lead the customer to reset his password on id.atlassian.com. If the customer tries to reset the password on that link, it gets an error saying "This structure only supports synchronising".
curl -u EMAIL:APItoken --request POST --url 'https://testinstance.atlassian.net/rest/api/3/user' --header 'Accept: application/json' --header 'Content-Type: application/json' --data '{ "name": "Charlie", "emailAddress": "charlie@atlassian.com", "displayName": "Charlie of Atlassian" "notification": "true" }'
Summary
Steps to Reproduce
- Use the create user API to sent to a user a notification to reset his password
- This call:
curl -u EMAIL:APItoken --request POST --url 'https://testinstance.atlassian.net/rest/api/3/user' --header 'Accept: application/json' --header 'Content-Type: application/json' --data '{ "name": "Charlie", "emailAddress": "charlie@atlassian.com", "displayName": "Charlie of Atlassian" "notification": "true" }'
Expected Results
The "set my password" present on the email should lead the user to id.atlassian.com
Actual Results
The link is going to the instance and the user gets an error
Notes
This happens if the user was created but didn't set the password through the invitation email and the endpoint is used to resent the "invitation email".
Workaround
- duplicates
-
-
- Closed
-