#10204 closed defect (fixed)
Users can delete their email address even when verify_email=true
| Reported by: | stuge | Owned by: | Steffen Hoffmann |
|---|---|---|---|
| Priority: | normal | Component: | AccountManagerPlugin |
| Severity: | normal | Keywords: | email verification |
| Cc: | Ryan J Ollos | Trac Release: | 0.12 |
Description
This allows user accounts to end up without a valid verified email address, which is bad since the purpose of the feature in the first place is to ensure that all users have valid verified email addresses.
Preliminary research suggest to add some sort of request handler in acct_mgr for POSTs that want to set the email address, and fail if the new address is empty.
Attachments (0)
Change History (4)
comment:1 Changed 12 years ago by
| Cc: | Ryan J Ollos added; anonymous removed |
|---|
comment:2 Changed 12 years ago by
| Keywords: | email verification added |
|---|
comment:3 Changed 12 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
(In [12398]) AccountManagerPlugin: Releasing version 0.4, pushing development to acct_mgr-0.5dev.
Availability of that code as stable release closes #874, #3459, #4677, #5295, #5691, #6616, #7577, #8076, #8685, #8770, #8791, #8990, #9052, #9079, #9090, #9139, #9246, #9252, #9547, #9618, #9676, #9843, #9852, #9940, #10023, #10028, #10123, #10142, #10204, #10276, #10397, #10412, #10594, #10625 and #10644.
Some more issues have been worked-on, yet without confirmed resolution,
refs #5464 (for JiraToTracIntegration), #8927 and #10134.
And finally there are some issues and enhancement requests showing progress, but known to require more work to resolve them satisfactorily, refs #843, #1600, #5964, #8217, #8933.
Thanks to all contributors and followers, that enabled and encouraged a good portion of this development work.
comment:4 Changed 12 years ago by
(In [12689]) AccountManagerPlugin: Disregard conflicting, but earlier configured emails addresses, refs #10204 and #10910.
It has been reported, that under certain conditions, i.e. late activation of email verification, a legal name change in user preferences might be rejected, if his/her current email address is not unique among all registered accounts. Consistency checking has been improved lately; anyway I agree, that this should be handled gracefully, if the email address remains unchanged.
At this occasion it appeared sensible to roll full email checks on input to user preferences too, causing much more changes than initially intended.
(In [11929]) AccountManagerPlugin: Protect users email address, if account verification is enabled, refs #10204.
This is even an immediate reward for bringing modular registration checks in, as you can see here.