Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Feature] Allow user self-update of email and notification of changes #436

Open
4 tasks
fmigneault opened this issue Jun 16, 2021 · 0 comments
Open
4 tasks
Assignees
Labels
enhancement Improvements in term of performance or behaviour feature New feature to be developed

Comments

@fmigneault
Copy link
Collaborator

fmigneault commented Jun 16, 2021

Context

With the integration of user self-registration feature (#435), users can self-register to Magpie (if enabled).
During this process, email confirmation is accomplished to validate that the registering user can receive notifications to submitted email address.
Because user can also self-update their accounts (following whole approval process of registration), it was possible for the user to immediately change the email without new confirmation.

To reduce the scope of the (already large) feature #435, email update was disabled for the moment when user-registration is enabled (see FIXME notes with this issue number in the code).

# FIXME: disable email edit when self-registration is enabled to avoid not having any confirmation of new email
# (see https://github.com/Ouranosinc/Magpie/issues/436)
update_email_admin_only = False
if update_email and asbool(get_constant("MAGPIE_USER_REGISTRATION_ENABLED", request)):
update_email_admin_only = True

A message is displayed to indicate to communicate with an administrator for the time being if email change is needed by a user.
Administrators can still enforce a change of email as required.

TODO

  • Whenever a user self-update occurs that requires email change, a temporary token similar to the ones created during user registration process should be generated. The token/hook would send an email to the new user email to request its confirmation.
    Once confirmation is received (from link in new email), the email address change would be applied to the account.

  • A notification email should also be sent to old email for double checking the change whenever a change of email is requested.
    (eg: "an email update was requested for your account <user-name> for <magpie-url> on <datetime>")
    This would allow a user to raise a flag (or acknowledge and discard the email) if this change was somehow not requested by them directly.

  • Special logic will be required to handle this type of change via temporary tokens, since user column refers to a current state of a pending or registered user. In this case, we require a pending-state of a field for a registered user. Probably a separate field (no specific value for future cases - per tmp token type?) could be a method to handle this.

  • All API and UI locations that temporarily disable email update will need to be adjusted to support pending email validation.

@fmigneault fmigneault added enhancement Improvements in term of performance or behaviour feature New feature to be developed labels Jun 16, 2021
@fmigneault fmigneault self-assigned this Jun 16, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement Improvements in term of performance or behaviour feature New feature to be developed
Projects
None yet
Development

No branches or pull requests

1 participant