Alternative login method for when email not working

There are lots of situations where email sending from the system might not work or where sent mail might not be received.

I want to install the system at a client location but see this limitation as a fundamental flaw. Is there an alternate method available for situations where the system can not send mail or the target recipient can not receive?

Thanks,

Chris

Hi @xray Welcome to the forum!

Does your client have an alternative means of communication already in place?

The content of the emails is recorded in the db, so things like registration links, etc can be manually retrieved, but this is not a programmatic solution - more of an emergency approach.

Thnaks Garrett.

Sure alternative means of communications are in place. Let’s assume a working internet connection and browser; there should be a way for at least an admin to be able to log in to be able to conveniently access without knowing how to query via cli client or without having to install phpMyAdmin, etc.

I hesitate to recommend a solution that a company starts to lean on but has only one means of access exposed to multiple potential points of failure.

Looking forward to your thoughts?

I guess I’m not understanding. If there is working internet, and a browser, any registered user should be able to login even if outgoing email from the server has been disabled.

Generally, the browser extension is the app, plus the backend API. Once the browser extension is registered, the user can login without needing an additional email sent during the login process.

For cases where the user needs the link that would have come via email, the admin can retrieve from a command line request and provide to the user a different way.[0] This would be for registration or for recovery (registration in a new browser included).

Is this helpful or are you asking about something else?

[0] This is what I was meaning about alternative means of communication.

Hi @xray ,

there is a command since passbolt version 4.0 that will enable an admin to generate a recovery token, for himself or any other user:

su -s /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt recover_user -h" www-data

This command was developed exactly for the case where emails cannot be momentarily sent. It will generate a link to an account recovery.

Note however that the user for which the recovery is being requested needs to be active. Therefore it must have at least once in the past received an registration email.

1 Like