Allow editing your own email address #808
Comments
|
@natboehm is working on this! |
|
Here's how npm is rolling out email verification: http://blog.npmjs.org/post/163187838935/upcoming-change-verified-email-required?utm_campaign=newsletter20170720&utm_source=newsletter_mailer&utm_medium=email |
|
@natboehm there were some questions about what the issues are around email and how we're planning to implement emails over in #924. Could you please write up what we've talked about? Here are some questions from over there too:
|
|
The plan for user emails we've come up with is:
(1) is almost completed in PR #921. For (2), the plan was to send the user a verification email on the addition or edit of their email address. We would generate a token in the database and send in the email as part of a link. Once the user clicks the link, we would look up by the token, see if the user matches, and if the account is found, the email is confirmed. I've been looking into doing this yesterday and today, and found the crate lettre that might be helpful used in combination with the Heroku app Mailgun to be able to send an email from the app to the user. For step (3), we've talked about a few options. One would be require users to confirm their emails when publishing a crate. Another would be on account creation or next time logging in. More extreme would be to disable accounts until a valid email is provided and confirmed. I could see using a combination of these options to make sure no one slips through an unforeseen loophole. We also might want to figure out a way to make sure that the email received from GitHub is an active account/valid email. Questions from #924:
@carols10cents and I looked into this and found that you're right, that does work. Even though it says on GitHub that your email is private, everything seems private in the email settings, with the proper authentication you can query
By mailer service, we do mean something that sends emails. As mentioned above, I've actually been looking into using Mailgun with the lettre crate in hopes of making this easier to implement. If whoever asked this has experience using Mailgun I'd love to hear more about it!
If by fetching lazily and storing as needed you mean getting emails when needed and storing them, it is problematic that if don't have a user's email, we don't have a way of contacting them in the first place to then get their email. We could deactivate their account and require them to add their email the next time they log in or publish to get their account, but that seems unnecessarily unfriendly. For our use case I don't think fetching emails lazily would work. Conversely, if you were referring to the process of getting user emails as lazy, I would say that is what we are likely going to want to do. We wouldn't want to immediately deactivate all user accounts lacking an email, we would want to perhaps first require it on crate publish, then on updating a crate's version, account creation, etc.
I'd agree with that, anything after the initial confirmation email and other than critical emails should probably be opt-in. If we have the ability to confirm a user as a crate owner on the web UI, receiving an email in addition probably isn't necessary but could be an option if desired. |
921: Ability to add/update user email r=carols10cents This PR addresses issue #808, allow editing your own email address. This is the first step in a three part implementation, adding a field to edit an email address. Yet to be implemented before the issue is resolved is (1) the ability to verify emails with users and (2) figuring out how to get everyone to add their email to their account. This PR only implements the addition of a button to the email field such that a user's email can be added or updated, as well as hiding the email field from public view by separating `EncodableUser` into `EncodablePublicUser` and `EncodablePrivateUser`.
|
Is this still being worked on @natboehm? |
|
Yes, she's still working on this. |
1045: Sending an email to a user to confirm their email address r=carols10cents This PR addresses issue #808, allow editing your own email address. Following the discussion on the issue, this implements the second of three parts, the ability to send a confirmation email to a user for verification. For a full explanation of the issue, see [this comment](#808 (comment)) I left which should fully explain the changes made, as well as parts 1 and 3. In short, I added two tables to the database: one for the user's email, the other for a confirmation token associated with the email. Once the user clicks the link sent, the associated token is deleted from the token table and `email_verified` is set to `true` in the email table. It is indicated to the user if they have not verified their email on the account settings page, a message and email resend button being displayed. Sending emails requires Mailgun to be added to the crates.io Heroku account. This has applications for issue #924 in that we should now be able to send an email to a user, if they have added their email. I know there was a lot of discussion on that issue regarding the ability to send users an email to be added as an owner.
1045: Sending an email to a user to confirm their email address r=carols10cents This PR addresses issue #808, allow editing your own email address. Following the discussion on the issue, this implements the second of three parts, the ability to send a confirmation email to a user for verification. For a full explanation of the issue, see [this comment](#808 (comment)) I left which should fully explain the changes made, as well as parts 1 and 3. In short, I added two tables to the database: one for the user's email, the other for a confirmation token associated with the email. Once the user clicks the link sent, the associated token is deleted from the token table and `email_verified` is set to `true` in the email table. It is indicated to the user if they have not verified their email on the account settings page, a message and email resend button being displayed. Sending emails requires Mailgun to be added to the crates.io Heroku account. This has applications for issue #924 in that we should now be able to send an email to a user, if they have added their email. I know there was a lot of discussion on that issue regarding the ability to send users an email to be added as an owner.
1045: Sending an email to a user to confirm their email address r=carols10cents This PR addresses issue #808, allow editing your own email address. Following the discussion on the issue, this implements the second of three parts, the ability to send a confirmation email to a user for verification. For a full explanation of the issue, see [this comment](#808 (comment)) I left which should fully explain the changes made, as well as parts 1 and 3. In short, I added two tables to the database: one for the user's email, the other for a confirmation token associated with the email. Once the user clicks the link sent, the associated token is deleted from the token table and `email_verified` is set to `true` in the email table. It is indicated to the user if they have not verified their email on the account settings page, a message and email resend button being displayed. Sending emails requires Mailgun to be added to the crates.io Heroku account. This has applications for issue #924 in that we should now be able to send an email to a user, if they have added their email. I know there was a lot of discussion on that issue regarding the ability to send users an email to be added as an owner.
|
I think this can be closed now! 🎉 |
Turbo87
added
C-enhancement ✨
We save the email address that we get through github oauth, but you can have multiple email addresses or no email address publicly viewable from your github account.
We don't actually use user email anywhere right now, but before we add anything that might use it (ex: alerts/notifications), we should make it editable (and confirm email address before sending email to it)
The text was updated successfully, but these errors were encountered: