Page MenuHomePhabricator
Create Task
Maniphest T2677

Require email address verification upon account creation (if an email address was given)
Closed, ResolvedPublic
Actions

Description

Author: ropers

Description:
Feature request:

I suggest changing our signup process so that any email
addresses submitted will be verified in a way similar to Mailman's
opt-in process. (Users not giving an email address obviously
should remain unaffected.) This verification procedure should
also be triggered/required if/when users submit an email address
later and with any change to the email address.

Rationale:
It's only a minor inconvenience to users signing up and it's
probably best practice to do it.

Version: unspecified
Severity: normal
URL: http://meta.wikimedia.org/wiki/Enotif

Details

Reference
bz677

Revisions and Commits

Unknown Object (Diffusion Commit)

Related Objects
Search...

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 6:59 PM
bzimport added a project: WMF-General-or-Unknown.
bzimport set Reference to bz677.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.Oct 10 2004, 8:35 PM
bzimport added a comment.Oct 10 2004, 9:12 PM

gangleri wrote:

Dear friends, e-mails returned with failure because of the header
item "Return-path: <wiki@wikimedia.org>" should be processed in
the "system" too. This should disable the "email tis user" function
and prompt to these users during login to go trough the e-mail
verification again. If a feedback could be given to the sender it
would be great.
Regards Reinhardt

Wikinaut added a comment.Jun 27 2005, 7:26 PM

I think, the blocker can be justified after a recent discussion with Brion about
a certain scenario with temp.passwords mailed to not-yet-authenticated address.

Disclaimer, because I am not fully sure, if the scenario can be exploited to
hijack an account:
In case that I was over-reacting, pls. apologize and silently remove the blocker.

bzimport added a comment.Aug 6 2005, 1:06 AM

rowan.collins wrote:

I don't see any way you could hijack an account using the temp password
mechanism - you'd have to already have control of the account to set the
password, authenticated or not. But I wasn't party to this discussion, so I
won't touch anything here.

bzimport added a comment.Oct 9 2005, 5:01 PM

robchur wrote:

We already have this functionality; it's a configuration issue.

brion added a comment.Oct 10 2005, 7:32 AM

Been there for some time. Resolving FIXED.

bzimport added a comment.Oct 10 2005, 8:07 AM

spam wrote:

Please mention where? Becuase I sure in the heck don't see anything for it
anywhere.

bzimport added a comment.Oct 10 2005, 8:10 AM

robchur wrote:

It's configured during MediaWiki installation, in the email options section.

Wikinaut added a comment.Oct 10 2005, 8:16 AM

(In reply to comment #7)

It's configured during MediaWiki installation, in the email options section.

Yes.
see also switch $wgEmailAuthentication and documentation (see
http://meta.wikimedia.org/wiki/Enotif )

epriestley added a commit: Unknown Object (Diffusion Commit).Mar 4 2015, 8:20 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL