Modify

Opened 2 years ago

Closed 2 years ago

Last modified 21 months ago

#10204 closed defect (fixed)

Users can delete their email address even when verify_email=true

Reported by: stuge Owned by: hasienda
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords: email verification
Cc: rjollos Trac Release: 0.12

Description

This allows user accounts to end up without a valid verified email address, which is bad since the purpose of the feature in the first place is to ensure that all users have valid verified email addresses.

Preliminary research suggest to add some sort of request handler in acct_mgr for POSTs that want to set the email address, and fail if the new address is empty.

Attachments (0)

Change History (4)

comment:1 Changed 2 years ago by rjollos

  • Cc rjollos added; anonymous removed

comment:2 Changed 2 years ago by hasienda

  • Keywords email verification added

(In [11929]) AccountManagerPlugin: Protect users email address, if account verification is enabled, refs #10204.

This is even an immediate reward for bringing modular registration checks in, as you can see here.

comment:3 Changed 2 years ago by hasienda

  • Resolution set to fixed
  • Status changed from new to closed

(In [12398]) AccountManagerPlugin: Releasing version 0.4, pushing development to acct_mgr-0.5dev.

Availability of that code as stable release closes #874, #3459, #4677, #5295, #5691, #6616, #7577, #8076, #8685, #8770, #8791, #8990, #9052, #9079, #9090, #9139, #9246, #9252, #9547, #9618, #9676, #9843, #9852, #9940, #10023, #10028, #10123, #10142, #10204, #10276, #10397, #10412, #10594, #10625 and #10644.

Some more issues have been worked-on, yet without confirmed resolution, refs #5464 (for JiraToTracIntegration), #8927 and #10134.

And finally there are some issues and enhancement requests showing progress, but known to require more work to resolve them satisfactorily, refs #843, #1600, #5964, #8217, #8933.

Thanks to all contributors and followers, that enabled and encouraged a good portion of this development work.

comment:4 Changed 21 months ago by hasienda

(In [12689]) AccountManagerPlugin: Disregard conflicting, but earlier configured emails addresses, refs #10204 and #10910.

It has been reported, that under certain conditions, i.e. late activation of email verification, a legal name change in user preferences might be rejected, if his/her current email address is not unique among all registered accounts. Consistency checking has been improved lately; anyway I agree, that this should be handled gracefully, if the email address remains unchanged.

At this occasion it appeared sensible to roll full email checks on input to user preferences too, causing much more changes than initially intended.

Add Comment

Modify Ticket

Action
as closed The owner will remain hasienda.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.