Skip to content

Fix mail activation, warn inactive accounts + send out new activation mails

Dominik Hayon requested to merge pfaufisch-mail-activation-check into master

Closes #564 (closed) (kinda, see below)

What does this MR do?

Basically three things:

  1. It fixes mail activation which currently seems not to be working (at least in some cases)
  2. It adds a check on Dashboard and will display a big red warning if a user's mail is not properly activated
  3. It allows clicking a link which will trigger a new activation mail

As with the previous MR, especially point 3. holds some potential for abuse, as this makes it possible to sign up with a foreign mail address and trigger endless activation mails to this address. I've only got a semi-clever idea to solve this by doing some pseudo-rate-limiting: Newly generated tokens will hold data on current date and a count. If a specified count per date is exceeded (I've set it to 3 for now), no more mails will be sent out.

Not sure if that's a good idea at all, so I'd appreciate some feedback.

--

#564 (closed) suggests not allowing user's login at all if mails are not activated. This MR is (at least for now?) not enforcing anything like that, as I think it might cause (more or less) trouble and could force us to set active to 1 for all registered users. I think this is up for discussion.

How confident are you it won't break things if deployed?

Should not break stuff. There's probably an off-by-one-error hiding somewhere, and please check especially migration as I don't really know what I'm doing :)

Links to related issues

This is a follow up MR for !914 (closed) which was my first attempt to solve #564 (closed) but got a bit out of hand.

How to test

Steps a reviewer can take to verify that this MR does what it says it does e.g.

  1. Checkout branch locally
  2. Login as foodsaver (or create new account)
  3. Set active to 0
  4. Go to dashboard: See warning message?
  5. Click link to trigger new activation mail, check if mail is being sent
  6. Click link several more times: Are not more than 3 mails going out?

Screenshots (if applicable)

Bildschirmfoto_2020-01-29_um_20.09.34 Bildschirmfoto_2020-01-29_um_20.09.45 Bildschirmfoto_2020-01-29_um_20.10.51

Checklist

  • added a test, or explain why one is not needed/possible...
  • no unrelated changes
  • asked someone for a code review
  • joined #foodsharing-beta channel at https://slackin.yunity.org
  • added an entry to CHANGELOG.md (description, merge request link, username(s))
  • Once your MR has been merged, you are responsible to update the #foodsharing-beta Slack channel about what has been changed here. They will test your work in different browsers, roles or other settings

Release notes text

Die Funktion der Account-Aktivierung wurde überarbeitet. Auf dem Dashboard erscheint jetzt eine Warnung, wenn der Account nicht aktiviert ist. Dort kann man über einen Link den Aktivierungslink erneut per Mail anfordern. Außerdem wird eine Warnung angezeigt, wenn deine persönliche Mail-Adresse auf unserer Sperr-Liste gelandet ist.

Edited by Christian Walgenbach

Merge request reports