console - email address change workflow #4208
Conversation
| Dear {name}, | ||
|
|
||
| You asked to change your e-mail address on {publicUrl}/. | ||
| If you did not request any password update, just ignore this e-mail, you're safe (I DON'T THINK SO). |
There was a problem hiding this comment.
If you are reacting about the "I DON'T THINK SO", I had a doubt when I wrote it about a possible security problem, but now I think I misunderstood the workflow and there is no longer a problem if a user receive such an e-mail without having asked for it. It just means that someone else entered his e-mail in change form, but without validating it won't do anything more.
|
does this make sure that the new e-mail isn't already in use by another existing user ? iirc an email can/should be linked with only one account.. |
If it is already in use, it will silently fail with an exception when the user loads validation link, and user will be redirected to user details page as if it worked, except his e-mail won't have changed. We may check for conflicts before, but what to do next ? If we inform the user that new e-mail already exists, doesn't this have a security concern so that he could know if a specific e-mail from anyone is registered on the platform ? I ask this because I see that in password recovery procedure, we do not allow users to know if the e-mail entered is registered. We could also proceed to next step silently but without sending the e-mail to not bother the real recipient. |
that's already the case in the account creation form, if you try to register with an email that is already linked with an existing account you get rejected/pointed at the password reset form
so yes, maybe you can see that as a security concern/user list harvesting, but if you look at it from the pov of the end-user or an user admin that has confused users on the phone, making sure that it is clearly reported to the user that this new e-mail can't be used (before sending anything to anyone) is important. |
OK, so we should go this way and report it to the user |
fvanderbiest
changed the title
emmdurin
force-pushed
the
email_address_change
branch
2 times, most recently
from
a545947 to
c371a61
Compare
emmdurin
force-pushed
the
email_address_change
branch
from
c371a61 to
6bec135
Compare
|
i welcome the feature but i don't think i qualify to review this java/jsp madness ;) |
|
I pushed a commit to :
|
There was a problem hiding this comment.
LGTM :) Thanks for this nice feature !
As discussed we can improve IT tests on it but I hope we could find time to re-develop the console without jsp and angularJS behind it.
We can also use hibernate in future to get rid on those queries in every file.
I also have to fix this geonetwork CI ...
emmdurin
force-pushed
the
email_address_change
branch
from
a5d70b1 to
7692806
Compare
emmdurin
force-pushed
the
email_address_change
branch
from
63eb1bf to
4020f81
Compare
Added a workflow to change user e-mail address.
Still missing things :
check e-mail address format before sending validation e-maile-mail conflict checkinge-mail template to fine tuneuse a separate column in token DB to store e-mail address instead of reusing UID columntranslations