Opened 2 years ago

Closed 20 months ago

Last modified 17 months ago

#10204 closed defect (fixed)

Users can delete their email address even when verify_email=true

Reported by: stuge Owned by: hasienda
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords: email verification
Cc: rjollos Trac Release: 0.12


This allows user accounts to end up without a valid verified email address, which is bad since the purpose of the feature in the first place is to ensure that all users have valid verified email addresses.

Preliminary research suggest to add some sort of request handler in acct_mgr for POSTs that want to set the email address, and fail if the new address is empty.

Attachments (0)

Change History (4)

comment:1 Changed 2 years ago by rjollos

  • Cc rjollos added

comment:2 Changed 23 months ago by hasienda

  • Keywords email verification added

(In [11929]) AccountManagerPlugin: Protect users email address, if account verification is enabled, refs #10204.

This is even an immediate reward for bringing modular registration checks in, as you can see here.

comment:3 Changed 20 months ago by hasienda

  • Resolution set to fixed
  • Status changed from new to closed

(In [12398]) AccountManagerPlugin: Releasing version 0.4, pushing development to acct_mgr-0.5dev.

Availability of that code as stable release
closes #874, #3459, #4677, #5295, #5691, #6616, #7577, #8076, #8685, #8770, #8791, #8990, #9052, #9079, #9090, #9139, #9246, #9252, #9547, #9618, #9676, #9843, #9852, #9940, #10023, #10028, #10123, #10142, #10204, #10276, #10397, #10412, #10594, #10625 and #10644.

Some more issues have been worked-on, yet without confirmed resolution,
refs #5464 (for JiraToTracIntegration), #8927 and #10134.

And finally there are some issues and enhancement requests showing progress,
but known to require more work to resolve them satisfactorily,
refs #843, #1600, #5964, #8217, #8933.

Thanks to all contributors and followers, that enabled and encouraged a good
portion of this development work.

comment:4 Changed 17 months ago by hasienda

(In [12689]) AccountManagerPlugin: Disregard conflicting, but earlier configured emails addresses, refs #10204 and #10910.

It has been reported, that under certain conditions, i.e. late activation of
email verification, a legal name change in user preferences might be rejected,
if his/her current email address is not unique among all registered accounts.
Consistency checking has been improved lately; anyway I agree, that this
should be handled gracefully, if the email address remains unchanged.

At this occasion it appeared sensible to roll full email checks on input to
user preferences too, causing much more changes than initially intended.

Add Comment

Modify Ticket

as closed .
as The resolution will be set. Next status will be 'closed'.
to The owner will be changed from hasienda. Next status will be 'closed'.
The resolution will be deleted. Next status will be 'reopened'.

E-mail address and user name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.