Plume
/
Plume
8
16
Atdalīts 22
Kods Problēmas 174 Izmaiņu pieprasījumi 8 Laidieni 8 Vikivietne Aktivitāte

Etiķetes Atskaites punkti

Jauna problēma

Send confirmation email after registering #636

Slēgta
elegaanz atvēra pirms 5 gadiem · 8 komentāri
elegaanz " komentēja pirms 5 gadiem" (Migrēts no github.com)

Is your feature request related to a problem? Please describe.

  • You can't be sure that the email you used to register was correct
  • Spammers can create a lot of accounts very easily
  • Someone else can use your email (even if I don't know why anyone would do that?)

Describe the solution you'd like

Send a confirmation email when creating an account.

Accounts created from the CLI should probably be immediately confirmed.

Describe alternatives you've considered

Additional context

From #635

**Is your feature request related to a problem? Please describe.** - You can't be sure that the email you used to register was correct - Spammers can create a lot of accounts very easily - Someone else can use your email (even if I don't know why anyone would do that?) **Describe the solution you'd like** Send a confirmation email when creating an account. Accounts created from the CLI should probably be immediately confirmed. **~~Describe alternatives you've considered~~** **Additional context** From #635
👍 2
igalic " komentēja pirms 5 gadiem" (Migrēts no github.com)

Someone else can use your email (even if I don't know why anyone would do that?)

someone could sign up in your name, and leave hateful comments.

> Someone else can use your email (even if I don't know why anyone would do that?) someone could sign up in your name, and leave hateful comments.
trinity-1686a " komentēja pirms 5 gadiem"
Īpašnieks

I'm not even sure admins can see a user's email address at this point, so doing this would not really impersonate the email owner. And doing it using their pseudo is probably unavoidable, and far more effective to discredit someone

I'm not even sure admins can see a user's email address at this point, so doing this would not really impersonate the email owner. And doing it using their pseudo is probably unavoidable, and far more effective to discredit someone
👍 1
GitHubGeek " komentēja pirms 5 gadiem" (Migrēts no github.com)

Would love to see some form of notification to admins whenever a new account is created.

A very primitive way to do it is to BCC confirmation emails to admin's email address

Also, want to see support of ESPs such as SendGrid, Mailgun. Thanks!

Would love to see some form of notification to admins whenever a new account is created. A very primitive way to do it is to BCC confirmation emails to admin's email address Also, want to see support of ESPs such as SendGrid, Mailgun. Thanks!
👍 1
trinity-1686a " komentēja pirms 5 gadiem"
Īpašnieks

You should open a new issue for supporting ESPs, the two you named seems to have some rust bindings so it should not be too difficult, but if it stay here as a comment, it will definitely get forgotten

You should open a new issue for supporting ESPs, the two you named seems to have some rust bindings so it should not be too difficult, but if it stay here as a comment, it will definitely get forgotten
👍 1
KitaitiMakoto nomainīja atskaites punktu no 1.0 uz 0.8.0 pirms 2 gadiem
KitaitiMakoto " komentēja pirms 2 gadiem"
Īpašnieks

I'm implementing this feature that it sends email before registering.

I'm implementing this feature that it sends email *before* registering.
KitaitiMakoto " komentēja pirms 2 gadiem"
Īpašnieks

Required consideration:

What happen if an email which is already used for existing user is posted for registration?

Required consideration: What happen if an email which is already used for existing user is posted for registration?
Marius " komentēja pirms 2 gadiem"

I think it is clearly assumable that email is identity linked, so that if an email is already referenced it should not be reused, but this failed the goal of the fediverse as this can means a central database...

There are many directions:

  • Just send the e-mail and store the adress for that user, with a (1:Email)->(N:User) mapping, but this mean that given an email we can't get the user (is this really a problem ?)
  • Verify that the mail is not linked to another user on the local instance, email so become an identifying data and can maybe be used in place of the username for connecting.
  • Verify that the mail is not linked on every plume instance, but this prevent someone to have two identities links to the same email.

In the first option, it is mandatory when using the email to also provide the username, but maybe there are some impersonating issues (someone claim as another user).
In the second one, email is identifiable and we just have to check and emit an error if it is already in use.

I think the second option is the most heavy one (needs to query the database with some SELECT COUNT(username) FROM users WHERE mail = ?given_email ), but it is also the safest one.

I think it is clearly assumable that email is **identity** linked, so that if an email is already referenced it should not be reused, but this failed the goal of the fediverse as this can means a central database... There are many directions: - Just send the e-mail and store the adress for that user, with a (1:Email)->(N:User) mapping, but this mean that given an email we can't get the user (is this really a problem ?) - Verify that the mail is not linked to another user on the local instance, email so become an identifying data and can maybe be used in place of the username for connecting. - Verify that the mail is not linked on every plume instance, but this prevent someone to have two identities links to the same email. In the first option, it is mandatory when using the email to also provide the username, but maybe there are some impersonating issues (someone claim as another user). In the second one, email is identifiable and we just have to check and emit an error if it is already in use. I think the second option is the most heavy one (needs to query the database with some `SELECT COUNT(username) FROM users WHERE mail = ?given_email` ), but it is also the safest one.
KitaitiMakoto " komentēja pirms 2 gadiem"
Īpašnieks

Thank you for your thouhgs.

I choose the second. How we should do if an email which is used already for a user is provided for sign up?

  • Should send an email to the existing user?
  • Show "This email is already used"?
    • It might expose privacy

My current thought is:

  • Doesn't send an email
  • But shows "Email is sent to the address"
    • In order to protect privacy
  • Writes warning to log file
Thank you for your thouhgs. I choose the second. How we should do if an email which is used already for a user is provided for sign up? * Should send an email to the existing user? * Show "This email is already used"? * It might expose privacy My current thought is: * Doesn't send an email * But shows "Email is sent to the address" * In order to protect privacy * Writes warning to log file
KitaitiMakoto slēdza šo problēmu pirms 2 gadiem
Pierakstieties, lai pievienotos šai sarunai.
Nav norādīts atzars/tags
Atzari Tagi
paginate-search-init
main
s3
fix-delete-user
timeline-cli
blog-title
signature
remove-dup-images
ldap-non-anon
drone-ci
DearRude/force-lang
igalic/go/async-all-mut
go/async
floreal/translations-update
missing-docs
RAOF/fix-arm64-build
epsilon-phase/authorized-fetch
upgrade
improve-the-editor-once-again
igalic/feat/custom-fairing-domains
feature/ldap
test/dotenv_error
fix-mobile-margin
0.7.2
0.7.0
0.2.0-alpha-1
0.3.0-alpha-2
0.4.0-alpha-4
0.5.0
0.6.0
0.7.1
Etiķetes
Apstiprināt etiķetes
Noņemt etiķetes   
A: API

Related to the REST API   
A: Backend

Code running on the server   
A: Federation

Stuff related to Federation   
A: Front-End

Related to the front-end   
A: I18N

Translations, and related code   
A: Meta

More about project management or code than the project itself   
A: Security
   
Build

The building, or installation process of Plume   
C: Bug

Something isn't working   
C: Discussion

We need to talk   
C: Enhancement

New feature or request   
C: Feature

This is a new feature   
Compatibility

Compatibility with different browsers, readers and OS   
Dependency

Related to an external package that Plume uses   
Design

UI/UX related issues and PRs   
Documentation
   
Good first issue

Good for newcomers   
Help welcome

Extra attention is needed   
Mobile

Issues affecting only mobile UX   
Rendering

How elements're rendered out for the end user   
S: Blocked

Something else needs to be fixed first   
S: Duplicate

This issue or pull request already exists   
S: Incomplete

This PR is not complete yet   
S: Instance specific

Issues concern a limited number of instances   
S: Invalid

This doesn't seem right   
S: Needs Voting/Discussion

Need to be discussed by the community (on Loomio)   
S: Ready for review

This PR is ready to be reviewed   
Suggestion

Proposed ideas worth considering   
S: Voted on Loomio

This is issue has been created after a vote on Loomio   
S: Wontfix

This will not be worked on
Nav etiķešu
A: API
A: Backend
A: Federation
A: Front-End
A: I18N
A: Meta
A: Security
Build
C: Bug
C: Discussion
C: Enhancement
C: Feature
Compatibility
Dependency
Design
Documentation
Good first issue
Help welcome
Mobile
Rendering
S: Blocked
S: Duplicate
S: Incomplete
S: Instance specific
S: Invalid
S: Needs Voting/Discussion
S: Ready for review
Suggestion
S: Voted on Loomio
S: Wontfix
Atskaites punkts
Uzstādīt atskaites punktu
Notīrīt atskaites punktus
Nav neviena ieraksta
Nav atskaites punktu
0.8.0
Atbildīgie
Piešķirt lietotājus
Noņemt atbildīgo
Nav atbildīgo
4 dalībnieki
Paziņojumi
Izpildes termiņš
Datums līdz nav korekts. Izmantojiet formātu 'gggg-mm-dd'.

Izpildes termiņš nav uzstādīts.

Atkarības

Nav atkarību.

Atsaucas uz: Plume/Plume#636
Rakstīt Priekšskatītījums
Notiek ielāde…
Atcelt
Saglabāt
Vēl nav satura.
Dzēst atzaru '%!s(<nil>)'

Atzara dzēšana ir neatgriezeniska, kā arī tā ir NEATGRIEZENISKA. Vai turpināt?