Open
Description
Preconditions and environment
- Magento 2.4.6 & 2.4.7
- Set config path
customer/create_account/confirmto1and clear cache to let this setting take effect - Register a customer account and keep it unconfirmed
Steps to reproduce
Try activate customer via https://<domain>/rest/V1/customers/me/activate.
Output: {"message":"The consumer isn't authorized to access %resources.","parameters":{"resources":"self"}
Try get customer access token as described in official document.
You will get EmailNotConfirmedException(You may need a PHP debugger)
Expected result
Can activate(confirm) the customer via WebAPI.
Actual result
Cannot activate(confirm) the customer via WebAPI.
Additional information
See webapi.xml
<route url="/V1/customers/me/activate" method="PUT">
<service class="Magento\Customer\Api\AccountManagementInterface" method="activateById"/>
<resources>
<resource ref="self"/>
</resources>
<data>
<parameter name="customerId" force="true">%customer_id%</parameter>
</data>
</route>
This endpoint requires resource self.
Paradox:
So to activate(confirm) customer, you need customer token.
To get customer token, you need to activate(confirm) the customer first.
Related Customer Confirmation Bug: #39254
Release note
No response
Triage and priority
- Severity: S0 - Affects critical data or functionality and leaves users without workaround.
- Severity: S1 - Affects critical data or functionality and forces users to employ a workaround.
- Severity: S2 - Affects non-critical data or functionality and forces users to employ a workaround.
- Severity: S3 - Affects non-critical data or functionality and does not force users to employ a workaround.
- Severity: S4 - Affects aesthetics, professional look and feel, “quality” or “usability”.