Labels Milestones

New Issue

Send confirmation email after registering #636

Closed

by elegaanz opened 3 years ago · 8 comments

elegaanz commented 3 years ago (Migrated from github.com)

Owner

Is your feature request related to a problem? Please describe.

• You can't be sure that the email you used to register was correct
• Spammers can create a lot of accounts very easily
• Someone else can use your email (even if I don't know why anyone would do that?)

Describe the solution you'd like

Send a confirmation email when creating an account.

Accounts created from the CLI should probably be immediately confirmed.

Describe alternatives you've considered

Additional context

From #635

**Is your feature request related to a problem? Please describe.** - You can't be sure that the email you used to register was correct - Spammers can create a lot of accounts very easily - Someone else can use your email (even if I don't know why anyone would do that?) **Describe the solution you'd like** Send a confirmation email when creating an account. Accounts created from the CLI should probably be immediately confirmed. **~~Describe alternatives you've considered~~** **Additional context** From #635

👍 2

igalic commented 3 years ago (Migrated from github.com)

Owner

Someone else can use your email (even if I don't know why anyone would do that?)

someone could sign up in your name, and leave hateful comments.

> Someone else can use your email (even if I don't know why anyone would do that?) someone could sign up in your name, and leave hateful comments.

trinity-1686a commented 3 years ago

Owner

I'm not even sure admins can see a user's email address at this point, so doing this would not really impersonate the email owner. And doing it using their pseudo is probably unavoidable, and far more effective to discredit someone

I'm not even sure admins can see a user's email address at this point, so doing this would not really impersonate the email owner. And doing it using their pseudo is probably unavoidable, and far more effective to discredit someone

👍 1

GitHubGeek commented 3 years ago (Migrated from github.com)

Owner

Would love to see some form of notification to admins whenever a new account is created.

A very primitive way to do it is to BCC confirmation emails to admin's email address

Also, want to see support of ESPs such as SendGrid, Mailgun. Thanks!

Would love to see some form of notification to admins whenever a new account is created. A very primitive way to do it is to BCC confirmation emails to admin's email address Also, want to see support of ESPs such as SendGrid, Mailgun. Thanks!

👍 1

trinity-1686a commented 3 years ago

Owner

You should open a new issue for supporting ESPs, the two you named seems to have some rust bindings so it should not be too difficult, but if it stay here as a comment, it will definitely get forgotten

You should open a new issue for supporting ESPs, the two you named seems to have some rust bindings so it should not be too difficult, but if it stay here as a comment, it will definitely get forgotten

👍 1

KitaitiMakoto modified the milestone from 1.0 to 0.8.0 5 months ago

KitaitiMakoto referenced a pull request that will close this issue 5 months ago

WIP: Closes #636 Confirmation email #979

KitaitiMakoto commented 5 months ago

Owner

I'm implementing this feature that it sends email before registering.

I'm implementing this feature that it sends email *before* registering.

KitaitiMakoto commented 5 months ago

Owner

Required consideration:

What happen if an email which is already used for existing user is posted for registration?

Required consideration: What happen if an email which is already used for existing user is posted for registration?

Marius commented 5 months ago

I think it is clearly assumable that email is identity linked, so that if an email is already referenced it should not be reused, but this failed the goal of the fediverse as this can means a central database...

There are many directions:

• Just send the e-mail and store the adress for that user, with a (1:Email)->(N:User) mapping, but this mean that given an email we can't get the user (is this really a problem ?)
• Verify that the mail is not linked to another user on the local instance, email so become an identifying data and can maybe be used in place of the username for connecting.
• Verify that the mail is not linked on every plume instance, but this prevent someone to have two identities links to the same email.

In the first option, it is mandatory when using the email to also provide the username, but maybe there are some impersonating issues (someone claim as another user).
In the second one, email is identifiable and we just have to check and emit an error if it is already in use.

I think the second option is the most heavy one (needs to query the database with some SELECT COUNT(username) FROM users WHERE mail = ?given_email ), but it is also the safest one.

I think it is clearly assumable that email is **identity** linked, so that if an email is already referenced it should not be reused, but this failed the goal of the fediverse as this can means a central database... There are many directions: - Just send the e-mail and store the adress for that user, with a (1:Email)->(N:User) mapping, but this mean that given an email we can't get the user (is this really a problem ?) - Verify that the mail is not linked to another user on the local instance, email so become an identifying data and can maybe be used in place of the username for connecting. - Verify that the mail is not linked on every plume instance, but this prevent someone to have two identities links to the same email. In the first option, it is mandatory when using the email to also provide the username, but maybe there are some impersonating issues (someone claim as another user). In the second one, email is identifiable and we just have to check and emit an error if it is already in use. I think the second option is the most heavy one (needs to query the database with some `SELECT COUNT(username) FROM users WHERE mail = ?given_email` ), but it is also the safest one.

KitaitiMakoto commented 5 months ago

Owner

Thank you for your thouhgs.

I choose the second. How we should do if an email which is used already for a user is provided for sign up?

• Should send an email to the existing user?
• Show "This email is already used"?
  • It might expose privacy

My current thought is:

• Doesn't send an email
• But shows "Email is sent to the address"
  • In order to protect privacy
• Writes warning to log file

Thank you for your thouhgs. I choose the second. How we should do if an email which is used already for a user is provided for sign up? * Should send an email to the existing user? * Show "This email is already used"? * It might expose privacy My current thought is: * Doesn't send an email * But shows "Email is sent to the address" * In order to protect privacy * Writes warning to log file

KitaitiMakoto referenced a pull request that will close this issue 5 months ago

Fixes #636 Email sign up feature #990

KitaitiMakoto referenced this issue from a commit 5 months ago

Merge pull request 'Fixes #636 Email sign up feature' (#990) from mail-confirmation into main

KitaitiMakoto closed this issue 5 months ago

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

DearRude/force-lang

RAOF/fix-arm64-build

buildenv-rust-toolchain

drone-ci

epsilon-phase/authorized-fetch

feature/ldap

fix-mobile-margin

floreal/translations-update

go/async

igalic/feat/custom-fairing-domains

igalic/go/async-all-mut

improve-the-editor-once-again

ldap-non-anon

main

missing-docs

remove-dup-images

signature

test/dotenv_error

upgrade

0.2.0-alpha-1

0.3.0-alpha-2

0.4.0-alpha-4

0.5.0

0.6.0

0.7.0

0.7.1

0.7.2

Labels

Apply labels

Clear labels

A: API
Related to the REST API A: Backend
Code running on the server A: Federation
Stuff related to Federation A: Front-End
Related to the front-end A: I18N
Translations, and related code A: Meta
More about project management or code than the project itself A: Security Build
The building, or installation process of Plume C: Bug
Something isn't working C: Discussion
We need to talk C: Enhancement
New feature or request C: Feature
This is a new feature Compatibility
Compatibility with different browsers, readers and OS Dependency
Related to an external package that Plume uses Design
UI/UX related issues and PRs Documentation Good first issue
Good for newcomers Help welcome
Extra attention is needed Mobile
Issues affecting only mobile UX Rendering
How elements're rendered out for the end user S: Blocked
Something else needs to be fixed first S: Duplicate
This issue or pull request already exists S: Incomplete
This PR is not complete yet S: Instance specific
Issues concern a limited number of instances S: Invalid
This doesn't seem right S: Needs Voting/Discussion
Need to be discussed by the community (on Loomio) S: Ready for review
This PR is ready to be reviewed Suggestion
Proposed ideas worth considering S: Voted on Loomio
This is issue has been created after a vote on Loomio S: Wontfix
This will not be worked on

No Label A: API A: Backend A: Federation A: Front-End A: I18N A: Meta A: Security Build C: Bug C: Discussion C: Enhancement C: Feature Compatibility Dependency Design Documentation Good first issue Help welcome Mobile Rendering S: Blocked S: Duplicate S: Incomplete S: Instance specific S: Invalid S: Needs Voting/Discussion S: Ready for review Suggestion S: Voted on Loomio S: Wontfix

Milestone

Set milestone

Clear milestone

No items

No Milestone

0.8.0

Assignees

Assign users

Clear assignees

No Assignees

4 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Write Preview

Loading…

Cancel

Save

There is no content yet.