🐛 Bug Report: Test email sent to wrong address #417

New Issue

Closed

opened 2025-10-07 00:14:09 +03:00 by OVERLORD · 2 comments

OVERLORD commented 2025-10-07 00:14:09 +03:00

Owner

Copy Link

Originally created by @ethack on GitHub.

Reproduction steps

I logged into my admin account and configured SMTP settings. I hit the "Send Test Email" button.

Here is a screenshot showing the first characters of the email associated with the account I'm authenticated as.

Expected behavior

I expected the test email to be sent to my email address (the one configured on the account I'm logged in as).

Actual Behavior

The test email was sent to a different user's email address. The user is the only other user in Pocket ID and is a regular user (non-admin).

Here is a screenshot of the mail service logs showing the email was sent to the wrong address.

Originally created by @ethack on GitHub. ### Reproduction steps I logged into my admin account and configured SMTP settings. I hit the "Send Test Email" button. Here is a screenshot showing the first characters of the email associated with the account I'm authenticated as.  ### Expected behavior I expected the test email to be sent to my email address (the one configured on the account I'm logged in as). ### Actual Behavior The test email was sent to a different user's email address. The user is the only other user in Pocket ID and is a regular user (non-admin). Here is a screenshot of the mail service logs showing the email was sent to the wrong address. 

OVERLORD added the bug label 2025-10-07 00:14:09 +03:00

OVERLORD closed this issue 2025-10-07 00:14:10 +03:00

OVERLORD commented 2025-10-07 00:14:12 +03:00

Author

Owner

Copy Link

@ethack commented on GitHub:

If I'm understanding this correctly, it looks to be pulling the first user out of the database and sending to their email.

82e475a923/backend/internal/service/email_service.go (L49)

The gorm docs state that First orders by primary key.

I checked and table has a primary key set to id. It just so happens that my second user's id comes before mine.

sqlite> .schema users
CREATE TABLE users
(
    id         TEXT                  NOT NULL PRIMARY KEY,
    created_at DATETIME,
    username   TEXT                  NOT NULL UNIQUE,
    email      TEXT                  NOT NULL UNIQUE,
    first_name TEXT,
    last_name  TEXT,
    is_admin   NUMERIC DEFAULT FALSE NOT NULL
);
sqlite> select * from users order by id;
4a<<redacted>>fcf|1736404168|ash|ash<<redacted>>@<<redacted>>.com|Ash|<<redacted>>|0
a64<<redacted>>65e|1736404013|ethan|ethan<<redacted>>@<<redacted>>.com|Ethan|<<redacted>>|1

I suggest specifying the current logged in user in the query.

@ethack commented on GitHub: If I'm understanding this correctly, it looks to be pulling the first user out of the database and sending to their email. https://github.com/stonith404/pocket-id/blob/82e475a923c82efb1bef2d08b71742937bc7111b/backend/internal/service/email_service.go#L49 The [gorm docs state](https://gorm.io/docs/query.html#:~:text=The%20First%20and%20Last%20methods%20will%20find%20the%20first%20and%20last%20record%20(respectively)%20as%20ordered%20by%20primary%20key.) that `First` orders by primary key. I checked and table has a primary key set to `id`. It just so happens that my second user's `id` comes before mine. ``` sqlite> .schema users CREATE TABLE users ( id TEXT NOT NULL PRIMARY KEY, created_at DATETIME, username TEXT NOT NULL UNIQUE, email TEXT NOT NULL UNIQUE, first_name TEXT, last_name TEXT, is_admin NUMERIC DEFAULT FALSE NOT NULL ); sqlite> select * from users order by id; 4a<<redacted>>fcf|1736404168|ash|ash<<redacted>>@<<redacted>>.com|Ash|<<redacted>>|0 a64<<redacted>>65e|1736404013|ethan|ethan<<redacted>>@<<redacted>>.com|Ethan|<<redacted>>|1 ``` I suggest specifying the current logged in user in the query.

OVERLORD commented 2025-10-07 00:14:13 +03:00

Author

Owner

Copy Link

@stonith404 commented on GitHub:

Thanks, yeah it took the first user. In v0.24.0 it should now send the email to the currently signed in user.

@stonith404 commented on GitHub: Thanks, yeah it took the first user. In `v0.24.0` it should now send the email to the currently signed in user.

OVERLORD referenced this issue 2025-10-07 00:22:45 +03:00

[PR #417] [MERGED] chore(deps-dev): bump vite from 6.2.4 to 6.2.5 in /frontend in the npm_and_yarn group across 1 directory #809

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

i18n_crowdin

breaking/v2

v2/use-item-component

default-env-db-keys

slog-gorm

v1.16.0

v1.15.0

v1.14.2

v1.14.1

v1.14.0

v1.13.1

v1.13.0

v1.12.0

v1.11.2

v1.11.1

v1.11.0

v1.10.0

v1.9.1

v1.9.0

v1.8.1

v1.8.0

v1.7.0

v1.6.4

v1.6.3

v1.6.2

v1.6.1

v1.6.0

v1.5.0

v1.4.1

v1.4.0

v1.3.1

v1.3.0

v1.2.0

v1.1.0

v1.0.0

v0.53.0

v0.52.0

v0.51.1

v0.51.0

v0.50.0

v0.49.0

v0.48.0

v0.47.0

v0.46.0

v0.45.0

v0.44.0

v0.43.1

v0.43.0

v0.42.1

v0.42.0

v0.41.0

v0.40.1

v0.40.0

v0.39.0

v0.38.0

v0.37.0

v0.36.0

v0.35.6

v0.35.5

v0.35.4

v0.35.3

v0.35.2

v0.35.1

v0.35.0

v0.34.0

v0.33.0

v0.32.0

v0.31.0

v0.30.0

v0.29.0

v0.28.1

v0.28.0

v0.27.2

v0.27.1

v0.27.0

v0.26.0

v0.25.1

v0.25.0

v0.24.1

v0.24.0

v0.23.0

v0.22.0

v0.21.0

v0.20.1

v0.20.0

v0.19.0

v0.18.0

v0.17.0

v0.16.0

v0.15.0

v0.14.0

v0.13.1

v0.13.0

v0.12.0

v0.11.0

v0.10.0

v0.9.0

v0.8.1

v0.8.0

v0.7.1

v0.7.0

v0.6.0

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.1

v0.4.0

v0.3.1

v0.3.0

v0.2.1

v0.2.0

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels

breaking

bug

documentation

feature

needs more upvotes

open to pull requests

pull-request

Mirrored from GitHub Pull Request

No Label bug

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/pocket-id#417