Send confirmation email after registering #636
Labels
No labels
A: API
A: Backend
A: Federation
A: Front-End
A: I18N
A: Meta
A: Security
Build
C: Bug
C: Discussion
C: Enhancement
C: Feature
Compatibility
Dependency
Design
Documentation
Good first issue
Help welcome
Mobile
Rendering
S: Blocked
S: Duplicate
S: Incomplete
S: Instance specific
S: Invalid
S: Needs Voting/Discussion
S: Ready for review
Suggestion
S: Voted on Loomio
S: Wontfix
No project
No assignees
4 participants
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: Plume/Plume#636
Loading…
Add table
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Is your feature request related to a problem? Please describe.
Describe the solution you'd like
Send a confirmation email when creating an account.
Accounts created from the CLI should probably be immediately confirmed.
Describe alternatives you've consideredAdditional context
From #635
someone could sign up in your name, and leave hateful comments.
I'm not even sure admins can see a user's email address at this point, so doing this would not really impersonate the email owner. And doing it using their pseudo is probably unavoidable, and far more effective to discredit someone
Would love to see some form of notification to admins whenever a new account is created.
A very primitive way to do it is to BCC confirmation emails to admin's email address
Also, want to see support of ESPs such as SendGrid, Mailgun. Thanks!
You should open a new issue for supporting ESPs, the two you named seems to have some rust bindings so it should not be too difficult, but if it stay here as a comment, it will definitely get forgotten
I'm implementing this feature that it sends email before registering.
Required consideration:
What happen if an email which is already used for existing user is posted for registration?
I think it is clearly assumable that email is identity linked, so that if an email is already referenced it should not be reused, but this failed the goal of the fediverse as this can means a central database...
There are many directions:
In the first option, it is mandatory when using the email to also provide the username, but maybe there are some impersonating issues (someone claim as another user).
In the second one, email is identifiable and we just have to check and emit an error if it is already in use.
I think the second option is the most heavy one (needs to query the database with some
SELECT COUNT(username) FROM users WHERE mail = ?given_email
), but it is also the safest one.Thank you for your thouhgs.
I choose the second. How we should do if an email which is used already for a user is provided for sign up?
My current thought is: