Opened 12 years ago

Closed 10 years ago

#36 closed defect (wontfix)

Trac allows account creation without e-mail or verification

Reported by: wtogami Owned by: datallah
Milestone: Component: trac
Version: Keywords:
Cc:

Description

This trac is currently setup to allow account creation without e-mail, and without verification of that e-mail address.

Change History (16)

comment:1 Changed 12 years ago by lschiere

  • Milestone set to Go public with Pidgin 2.0.0

comment:2 Changed 12 years ago by datallah

I've updated the AccountManager? plugin's registration feature to force that *something* be entered for the email address. It doesn't do any sort of validation that it is a real email address (nor does it send anything to that address) - that would require more significant changes.

Is that enough?

comment:3 Changed 12 years ago by wtogami

Trac really doesn't have account registration validation built in?

It is awfully easy for anybody to create an account (with bogus info), add spam to Wiki pages or fill the tracker full of garbage.

comment:4 Changed 12 years ago by wtogami

"tracker full of garbage"

I realize that is exactly how sf.net is, but isn't the goal to make this better than sf? =)

comment:5 follow-up: Changed 12 years ago by datallah

Trac doesn't even have account registration built in, we're using a third party plugin for that.

comment:6 in reply to: ↑ 5 Changed 12 years ago by whitehat

Replying to datallah:

Trac doesn't even have account registration built in, we're using a third party plugin for that.

  • Would it be worth it to switch to a different plugin for account creation and auth?
    • OpenID Plugin
      • uses OpenID
      • would pass account validation off to OpenID provider
      • could run provider from pidgin.im or use MyOpenID
      • might require some work but I'd be willing to work on it
    • might want to use LDAP server
      • centralize auth for trac, monotone (??), other services on pidgin.im

comment:7 Changed 12 years ago by rlaager

  • Milestone 2.0.0 deleted

comment:8 follow-up: Changed 12 years ago by plop

it's also not possible to view or correct your email address after account creation.

comment:9 Changed 12 years ago by Dread Knight

OpenID integration would be cool...

comment:10 in reply to: ↑ 8 Changed 11 years ago by datallah

Replying to plop:

it's also not possible to view or correct your email address after account creation.

Yes it is, via the "Settings" link in the top right (You probably need to Logout and Log back in in the browser session to access it though).

comment:11 Changed 11 years ago by datallah

  • Version 2.0 deleted

This has already been filed as a feature request in the Trac AccountManagerPlugin.

comment:12 follow-up: Changed 11 years ago by datallah

This is now possible to do with the accountmanager plugin in 0.11.1. It isn't turned on, but we can do so if that is what the consensus is to do.

comment:13 in reply to: ↑ 12 ; follow-up: Changed 11 years ago by rekkanoryo

Replying to datallah:

This is now possible to do with the accountmanager plugin in 0.11.1. It isn't turned on, but we can do so if that is what the consensus is to do.


Email verification should definitely be done.

comment:14 in reply to: ↑ 13 Changed 11 years ago by rlaager

Replying to rekkanoryo:

Email verification should definitely be done.

+1

comment:15 Changed 11 years ago by datallah

This should probably be brought up on d@… if we want to change this.

comment:16 Changed 10 years ago by rekkanoryo

  • Resolution set to wontfix
  • Status changed from new to closed

I brought this up on the mailing list. The basic consensus was no preference, but there was one point that we don't have any significant wiki or ticket spam problems. There's basically no need for us to have e-mail address verification at this point.

Note: See TracTickets for help on using tickets.
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!