How to set email address as verified?

I somehow locked myself out. I just installed passbolt fresh before lunch. Back then my colleague was not finished with creating the email account for sending emails. I thought I will do the whole rest and then later correct the email settings. After lunch I wanted now to go into passbolt again but I get now a message that my email address needs to be verified. But this is not possible as the mail settings are not correct and I never will get the email with the verification link.

How can I set the email address to verified so that I can correct the mail server config?

Hello @modir and welcome to the forum !

There are possibilities to get back a link to setup/recover your Passbolt account on your browser. I suppose you have a terminal access to your Passbolt instance.

You can log in to your Passbolt server via SSH and with the user www-data (or the user nginx depending on your distro) you can run a command to get a link to recover/setup your account (the link you normally find in the email you receive for that process).

I suppose you have the user www-data on your server (replace it with nginx in the following commands if it’s the other one).

Log on your server through SSH then, switch to the user www-data

sudo su -s /bin/bash www-data

Go in the folder where you can find the commands we want:

cd /usr/share/php/passbolt

from there you can run (don’t put the < and the >):

./bin/cake passbolt recover_user -c -u <the user's email address>

The option -c asks the command to generate a new recover token and -u is to precise for which user you want a recover link.

The command will display a recover link you can use in the browser you want to recover your account.

If you wish to create an account with a similar command (don’t put the < and the >):

./bin/cake passbolt register_user -f <user's firstname> -l <user's lastname> -u <user's email address> -r <user's role>

The user’s role could be either admin or user.

Hope it helps!

Thank you very much @Steph !! This helped.

1 Like

I jumped into a potential solution of the problem but forgot to tell you a bit more about your question first.

Actually, Passbolt doesn’t work like that. It doesn’t mark an email as verified and later we are good to go to use a given email address.
This step you encountered is a way for Passbolt to ensure the person who is asking for a recovery has access to the email and is not trying to impersonate an account.
So, every time a recover of an account is asked, there will be a verification email sent to the recipient with the link to continue the process.
It’s simply a verification step during the recovery process.

Thanks for the detailed explanation. It is just strange that I never actively started a recovery process. I just started the browser after lunch and then logged in with username and password and then I got the message that a verification email was sent.

Why would such a recovery process start in this situation? Are you sure that the first user account doesn’t need to be verified as well?

Yes, you’re right it shouldn’t start a recovery process randomly.
The recovery page (the first one where you’ve been asked to enter your email) is shown by default when a Passbolt instance is accessed. If the browser extension is configured with an account and if the server domain is the one used to configure the account, the browser extension detects that page and put a page on top of that which is the application itself.

I don’t know exactly what happened in your case without more details. It could be many things like:

  • the server domain changed
  • the browser profile is not the one used during the first install or recover
  • the browser did empty the local storage of the browser extension to allow some other things to be registered (I very highly doubt about this one, it’s doable in theory and we don’t have any control on that, but AFAIK we never faced a case like this).

If it happens again, don’t hesitate to create another forum post describing the problem.