Ticket #10204 (closed defect: fixed)

Opened 10 months ago

Last modified 3 months ago

Users can delete their email address even when verify_email=true

Reported by: stuge Assigned to: hasienda
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords: email verification
Cc: rjollos Trac Release: 0.12

Description

This allows user accounts to end up without a valid verified email address, which is bad since the purpose of the feature in the first place is to ensure that all users have valid verified email addresses.

Preliminary research suggest to add some sort of request handler in acct_mgr for POSTs that want to set the email address, and fail if the new address is empty.

Attachments

Change History

07/29/12 07:36:46 changed by rjollos

  • cc set to rjollos.

09/04/12 21:28:02 changed by hasienda

  • keywords set to email verification.

(In [11929]) AccountManagerPlugin: Protect users email address, if account verification is enabled, refs #10204.

This is even an immediate reward for bringing modular registration checks in, as you can see here.

12/01/12 16:55:52 changed by hasienda

  • status changed from new to closed.
  • resolution set to fixed.

(In [12398]) AccountManagerPlugin: Releasing version 0.4, pushing development to acct_mgr-0.5dev.

Availability of that code as stable release closes #874, #3459, #4677, #5295, #5691, #6616, #7577, #8076, #8685, #8770, #8791, #8990, #9052, #9079, #9090, #9139, #9246, #9252, #9547, #9618, #9676, #9843, #9852, #9940, #10023, #10028, #10123, #10142, #10204, #10276, #10397, #10412, #10594, #10625 and #10644.

Some more issues have been worked-on, yet without confirmed resolution, refs #5464 (for JiraToTracIntegration), #8927 and #10134.

And finally there are some issues and enhancement requests showing progress, but known to require more work to resolve them satisfactorily, refs #843, #1600, #5964, #8217, #8933.

Thanks to all contributors and followers, that enabled and encouraged a good portion of this development work.

03/07/13 00:55:56 changed by hasienda

(In [12689]) AccountManagerPlugin: Disregard conflicting, but earlier configured emails addresses, refs #10204 and #10910.

It has been reported, that under certain conditions, i.e. late activation of email verification, a legal name change in user preferences might be rejected, if his/her current email address is not unique among all registered accounts. Consistency checking has been improved lately; anyway I agree, that this should be handled gracefully, if the email address remains unchanged.

At this occasion it appeared sensible to roll full email checks on input to user preferences too, causing much more changes than initially intended.

Add/Change #10204 (Users can delete their email address even when verify_email=true)




Change Properties
Action