Or a different idea would be to prompt the client to change the generated password, and set the /client/login password the same.
The confusing part is that once you’ve tried to login to the /client/login via the URL the page will ask you for the invoice password, instead of the client login… at the same URL, even if you visit it at a later time
Try this:
- Activate the dashboard for clients, and password protect (and generate) the invoices
- Set up a new client without a password
- Create a new invoice under that client and send it
- Login via the URL in the email, and the password in the email
- “pay it”
- Log out of the account and imagine some time passing
- Get a new invoice, and not know the password because its not in the email
- Press “lost password”, and get a password reset for your client login
- “pay it”
- Log out/get logged out and imagine some time passing
- Get a new invoice, click the link, see only the “password” box pop up, try loggin in with the password you set in step 8 and see it’s not valid
Repeat step 8-11