Modify

Opened 5 years ago

Closed 5 years ago

Last modified 4 years ago

#10204 closed defect (fixed)

Users can delete their email address even when verify_email=true

Reported by: stuge Owned by: Steffen Hoffmann
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords: email verification
Cc: Ryan J Ollos Trac Release: 0.12

Description

This allows user accounts to end up without a valid verified email address, which is bad since the purpose of the feature in the first place is to ensure that all users have valid verified email addresses.

Preliminary research suggest to add some sort of request handler in acct_mgr for POSTs that want to set the email address, and fail if the new address is empty.

Attachments (0)

Change History (4)

comment:1 Changed 5 years ago by Ryan J Ollos

Cc: Ryan J Ollos added; anonymous removed

comment:2 Changed 5 years ago by Steffen Hoffmann

Keywords: email verification added

(In [11929]) AccountManagerPlugin: Protect users email address, if account verification is enabled, refs #10204.

This is even an immediate reward for bringing modular registration checks in, as you can see here.

comment:3 Changed 5 years ago by Steffen Hoffmann

Resolution: fixed
Status: newclosed

(In [12398]) AccountManagerPlugin: Releasing version 0.4, pushing development to acct_mgr-0.5dev.

Availability of that code as stable release closes #874, #3459, #4677, #5295, #5691, #6616, #7577, #8076, #8685, #8770, #8791, #8990, #9052, #9079, #9090, #9139, #9246, #9252, #9547, #9618, #9676, #9843, #9852, #9940, #10023, #10028, #10123, #10142, #10204, #10276, #10397, #10412, #10594, #10625 and #10644.

Some more issues have been worked-on, yet without confirmed resolution, refs #5464 (for JiraToTracIntegration), #8927 and #10134.

And finally there are some issues and enhancement requests showing progress, but known to require more work to resolve them satisfactorily, refs #843, #1600, #5964, #8217, #8933.

Thanks to all contributors and followers, that enabled and encouraged a good portion of this development work.

comment:4 Changed 4 years ago by Steffen Hoffmann

(In [12689]) AccountManagerPlugin: Disregard conflicting, but earlier configured emails addresses, refs #10204 and #10910.

It has been reported, that under certain conditions, i.e. late activation of email verification, a legal name change in user preferences might be rejected, if his/her current email address is not unique among all registered accounts. Consistency checking has been improved lately; anyway I agree, that this should be handled gracefully, if the email address remains unchanged.

At this occasion it appeared sensible to roll full email checks on input to user preferences too, causing much more changes than initially intended.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Steffen Hoffmann.
The resolution will be deleted.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.