Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

More secure email change #201

Open
pgrenaud opened this issue Oct 6, 2015 · 1 comment
Open

More secure email change #201

pgrenaud opened this issue Oct 6, 2015 · 1 comment
Labels
backend enhancement frontend

Comments

@pgrenaud
Copy link
Member

pgrenaud commented Oct 6, 2015

Currently, a user can change the email address without any verification on our side. As per standard internet way of doing things, we need to enforce 2 verifications:

  1. When a user attempt to change his email, we need to ask for his current password, the same way we ask for the current password when changing password. That will protect the user from someone changing his email address if he left his session open unattended.
  2. When a user successfully submitted a new email address, we need to send a verification link to the new email address. Until the new address is validated, we still continue to use the old one.
@jdupl
Copy link
Member

jdupl commented Oct 6, 2015

Vérifier à nouveau le courriel demande de changer pas mal de code.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
backend enhancement frontend
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jdupl @pgrenaud