[Uganda project-Technoforte team, Unauthorized error while password reset and Username reminder] #11309

Naveen1401 · 2025-12-11T08:08:35Z

Naveen1401
Dec 11, 2025

Summary:
While password reset and Username reminder getting Unauthorized error

Screenshot:

Requirement:
Should be able to change the password

Current Observation:
Currently while clicking on Continue getting "Email address not found" error and in the networks tab, it's unauthorized call.

Expected Behaviour:
Once we click on the continue btn it should redirect to the password change feature.

Environment:
OpenCRVS Version: v1.9.2 (Tag)

Answered by euanmillar

Jan 13, 2026

@Naveen1401 if you see what you are doing, you are using localhost to test this using our fake users used for development in your default-employees.csv file. Try using real users created via the UI in production and consider what would happen in a reset flow. We would ask the user answers to their security questions that they set on first login to verify their identity. These test, development users have been created for developers to quick start configuration development, not for exhaustive testing of every possible user flow.

No fake security questions are set. We could make this clearer in documentation what can and cannot be tested with these users but there are 1000s of business func…

View full answer

prinzab · 2025-12-17T20:46:09Z

prinzab
Dec 17, 2025
Maintainer

@Naveen1401 A ticket has been created for this. Follow it here: #11418

1 reply

euanmillar Jan 13, 2026
Maintainer

@Naveen1401 if you see what you are doing, you are using localhost to test this using our fake users used for development in your default-employees.csv file. Try using real users created via the UI in production and consider what would happen in a reset flow. We would ask the user answers to their security questions that they set on first login to verify their identity. These test, development users have been created for developers to quick start configuration development, not for exhaustive testing of every possible user flow.

No fake security questions are set. We could make this clearer in documentation what can and cannot be tested with these users but there are 1000s of business functional use cases and it would be impossible to maintain as a document.

If you follow the core code on the verifyUser handler in the auth microservice through to user-mgnt, you will see that the localhost and QA experience using fake users gets as far as here:

opencrvs-core/packages/user-mgnt/src/features/verifyUser/handler.ts

Line 64 in 7243ccb

throw conflict("User doesn't have security questions")

.

Try on a server with users created in the UI and you will see that it works. In future, please follow the code through opencrvs-core to be sure that what you are raising is a legitimate bug. User rest emails require the environment variable QA_ENV to be set to false in order to be sent. This fact is documented. FYI @prinzab

Answer selected by euanmillar

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Uganda project-Technoforte team, Unauthorized error while password reset and Username reminder] #11309

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment 1 reply

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Select a reply

Uh oh!

[Uganda project-Technoforte team, Unauthorized error while password reset and Username reminder] #11309

Uh oh!

Naveen1401 Dec 11, 2025

Replies: 1 comment · 1 reply

Uh oh!

prinzab Dec 17, 2025 Maintainer

Uh oh!

Uh oh!

euanmillar Jan 13, 2026 Maintainer

Naveen1401
Dec 11, 2025

Replies: 1 comment 1 reply

prinzab
Dec 17, 2025
Maintainer

euanmillar Jan 13, 2026
Maintainer