Hi! When trying to reset their password, some of my users are getting emails with the title "Account access attempted". Looking in my Kratos DB, I can see the users having trouble are missing the

email-recovery

trait. Is there a way to fix this beyond manually adding that trait to every single user? Any ideas on how their getting into this state?

Is there a way to fix this beyond manually adding that trait to every single user?

AFAIK no 😕, you probably have to update all the affected users. As for how that happened, I am not sure, did you change the identity schema at some point?

Let me take a look through our commit history to see if I can figure out when the last update. AFIAK, it's been quite a while since we updated the identity schema.

Yes, I dont think the trait is necessary, its not really a “standard” trait I think. Can you share your identity schema maybe?

if someone starts the recovery flow but doesn’t complete it, would that get them into this state?

I dont think so unless you have some custom logic for that.

To start account recovery, Ory Kratos must know which address to send the recovery message to. In most cases this is the email address the user provides when registering their account. Other fields inside the

traits

section are supported as well.

Usually you have

"recovery": {
              "via": "email"
            }

Sure thing!

{
  "$id": "<http://predibase.com/schemas/v3/user.schema.json>",
  "$schema": "<http://json-schema.org/draft-07/schema#>",
  "title": "User",
  "type": "object",
  "properties": {
    "traits": {
      "type": "object",
      "properties": {
        "username": {
          "title": "Username",
          "type": "string"
        },
        "email": {
          "title": "E-Mail",
          "type": "string",
          "format": "email",
          "minLength": 3,
          "<http://ory.sh/kratos|ory.sh/kratos>": {
            "credentials": {
              "password": {
                "identifier": true
              }
            },
            "verification": {
              "via": "email"
            },
            "recovery": {
              "via": "email"
            }
          }
        },
        "email_recovery": {
          "type": "string",
          "format": "email",
          "<http://ory.sh/kratos|ory.sh/kratos>": {
            "recovery": {
              "via": "email"
            }
          }
        },
        "name": {
          "type": "object",
          "properties": {
            "first": {
              "type": "string"
            },
            "last": {
              "type": "string"
            }
          },
          "required": [
            "first"
          ]
        },
        "oidc": {
          "type": "object",
          "properties": {
            "provider": {
              "type": "string"
            },
            "domain": {
              "type": "string"
            }
          }
        },
        "token": {
          "title": "Registration Token",
          "type": "string"
        }
      },
      "required": [
        "username",
        "email",
        "name",
        "token"
      ],
      "additionalProperties": false
    }
  }
}

Hey @acoustic-zebra-63757 Apologies for the late response, and glad I could help. Let us know if there are any issues.