EmailVerificationModule not documented - and not enforcing email to be entered on registration

Simply enabling the component does the trick for me.

After doing so, it is still possible to create an account w/o specifying an email address (at least on my test server) - which to me is not the same as "requiring a valid email address" (it's not even requiring an email address at all). Though existing users with an email address specified in their records get notified they have to verify it. Guess I'm doing something wrong, since this makes no sense to me - but can anybody tell me what it is?

Besides: Enabling EmailVerificationModule? without having a valid smtp server configured lets Trac crash with an Error 500 - so without shell access to disable it in the config, one is messed up. Shouldn't that be caught? (Just in case: I'm using the latest SVN code, r6741, on Trac 0.11)

Patch to force entering an email address on registration when EmailVerificationModule? is enabled

I just attached a patch which forces the new user to enter something into the email field. This still leaves two things open:

• the email field is still in the "optional" section, which is a bit confusing
• there's no check whether the entered value is a valid email address

Is there something like a "timeout" removing unfinished accounts?

The latest patch (registration_emailcheck.diff) also moves the email input to the mandatory part of the form if the verification module is enabled, but leaves it in the optional part otherwise. Now it's only missing some (at least raw) check on the syntax for the email address. Maybe some regexp like /^.+@.+\..+/is (i.e. make sure it has some chars followed by the '@', followed by more chars plus a '.' plus some more chars), which would be at least a very basic check? Though this would also allow invalid addresses like "a@b.c", so someone may provide something better here...

Patch to force entering an email address on registration when EmailVerificationModule?? is enabled (includes previous plus moves email input to mandatory part, and does a raw check on email syntax)

Just replaced the latest diff with an updated version doing a basic regexp check on the entered email. The regexp I used here is ^[A-Z0-9._%+-]+@(?:[A-Z0-9-]+\.)+[A-Z]{2,6}$ (used case insensitive) - which matches e.g. foo@bar.com, Foo.Bar@baz.com, and foo.bar@bar.baz.museum' - but not foo, foo@bar, or foo@bar.thisistoolong. Note that this also matches the latest one and two letter second-level-domains (I just read they really did that for .de) - so it should be safe for 99.9% of all email addresses.

Of course, nothing speaks against adding a config option for whether or not to run this check, if somebody will do that...

Concerning the last issue of comment:4 - I searched the code, but found no "cleanup procedure" for attempted but not approved registrations (i.e. the verification code was sent, but never entered). Maybe I'll write a little script for that to be run via cron (or some similar scheduler). IMHO, if one didn't enter it within two weeks, it's unlikely it will happen later - so those accounts will most probably stay unused and thus could be removed to keep things clean.

Replying to hanswurst:

The EmailVerificationModule? is not documented at http://trac-hacks.org/wiki/AccountManagerPlugin nor in the source code.

I was so free to add a short description to the wiki page (I thought: It's a wiki, so why shouldn't I do so ;)). Anybody having experience with this module, please crossread and correct, if necessary.