I have set up Mailman Core Version GNU Mailman 3.3.5 with Mailman Core API Version 3.1 (Python 3.8.10) using the version 0.40 Docker images. I was able to get things set up and tested by requesting a password reset for the MAILMAN_ADMIN_USER specified in the docker.yaml.
Using the web API, I have created several mailing lists and I have added members to these lists also using the web API (most relevant: https://docs.mailman3.org/projects/mailman/en/latest/src/mailman/rest/docs/m...), specifying that each member is already pre_verified, pre_confirmed, and pre_approved. The lists themselves seem to be working fine.
The problem is when our staff try to reset their password (through Postorious) to get access and do moderation tasks. The error message "The e-mail address is not assigned to any user account" displays no matter which email address I enter (except the one from MAILMAN_ADMIN_USER which works). Using the MAILMAN_ADMIN_USER I can sign in, view the list of all the users, see their Addresses (one each) and Subscriptions, but even after toggling off "Verified" for the staff email address, clicking Update, then turning Verified back on and updating again, I still can't reset the password for that email address from the "forgot pasword" screen. Even tried adding that email address as another list owner.
I have not made any API calls specific to adding users because the API documentation says, "Since her email address is not yet known to Mailman, a user is created for her." This does seem to have happened; GET 127.0.0.1:8001/3.1/users does show everyone's display name and unique user_id strings.
I have tried using the API to PATCH a temporary password to the user but that didn't fix the inability to reset. The encrypted password does show in the /users/ data reported by the API (where previously there had been none), and a POST to users/<user_id>/login with that password return the 204 status shown to indicate success (instead of 403)... but I can't log in using Postorious with this user's email address and password. I also tried PATCHing the cleartext_password to /users/<email_address> and wasn't able to login or reset after that either.
According to the API, each of the users -- webadmin where I can reset the password and staff where I can't -- does have a single address. (In the following, I redacted the API username and password ; changed email addresses, and IP address. And the display name, but left the timestamps and user_ids )
$ curl --user xxxx:xxxx "127.0.0.1:8001/3.1/users/29bf1eef2ee14f39a7990757544f11a9/addresses" {"start": 0, "total_size": 1, "entries": [{"email": "webadmin@example.com", "original_email": "webadmin@example.com", "registered_on": "2021-11-25T04:20:33.408184", "self_link": "http://1.2.3.4:8001/3.1/addresses/webadmin@example.com", "verified_on": "2021-11-25T04:20:33.960577", "user": "http://1.2.3.4:8001/3.1/users/29bf1eef2ee14f39a7990757544f11a9", "http_etag": "\"394c07148f3fd0479cc582358b63b919fd988e36\""}], "http_etag": "\"a6621373598d299c32aa946fef7e32167d796bf3\""}
$ curl --user xxxx:xxxx "127.0.0.1:8001/3.1/users/73235926306843ccb41f288d0464240a/addresses" {"start": 0, "total_size": 1, "entries": [{"email": "staff@example.com", "original_email": "staff@example.com", "registered_on": "2021-12-15T02:25:24.055741", "self_link": "http://1.2.3.4:8001/3.1/addresses/staff@example.com", "display_name": "Staff Member", "verified_on": "2021-12-15T02:40:04.941153", "user": "http://1.2.3.4:8001/3.1/users/73235926306843ccb41f288d0464240a", "http_etag": "\"f24ba7ca9d71a7f814dc41d70c48ce947c1324be\""}], "http_etag": "\"e8d5b9f3ce0abbc7bbf51c03c69367f82679f93e\""}
I am probably missing something, but this second query seems to confirm that the address "staff@example.com" is assigned to the user 73235926306843ccb41f288d0464240a and so shouldn't I should be able to request a password reset for "staff@example.com"?
I've tried tailing all the log files I can find while attempting the reset and am not seeing any error messages, but I don't know exactly where to look.
Thank you for any suggestions for what to try next!
Dave