Version: v5.7.30-C125
As an employee, the customer portal can only be accessed via the link in the invoices; access data is requested at all other points.
Example invoice:
https://mydomain/client/invoices/XXXX?silent=true
Example of other places:
https://mydomain/client/login/YYYYYYYYYYY
Hi,
It looks like you’re using the Flutter app, can you please check in the React app?
The same problem with both variants.
With React, it also asks for a password via the path, which works without a password with Flutter.
Is the password feature enabled on Settings > Client Portal > Authorization?
@david do you have any suggestions?
You mean password for invoicees?
Yes, this will be enabled:
But the question is:
Why can I, as an employee, open the customer centre via the link at the invoices without a password and not via the link at the top of the menu (see my screenshot at the beginning)?
As an employee/support person, I don’t know the customer’s password. Therefore, the call must work via the token, i.e. without entering the password for the employee/support staff. Otherwise the links don’t make any sense.
It looks like one link is including a client hash to enable the user to get around the password while the other it not. We’ll look into it,
@david I believe the AP is sending the client_hash query param for both routes. Can you please check that it’s supported when using the contact.link URL.
The design here is to allow direct access to the invoice only from the invoice page.
If password protection is enabled, clicking on the client portal links on the client overview page should not work.
Is there a reason not to enable admins to access the client overview page?
