Closed Bug 137499 Opened 22 years ago Closed 22 years ago

creating an account should wait for confirmation

Categories

(Bugzilla :: User Accounts, defect)

Product:
Bugzilla
Component:
User Accounts
Version:
2.15
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED DUPLICATE of bug 87795

People

(Reporter: bbaetz, Assigned: myk)

Details

Currently, when we create an account, we set it up, and mail the password (to
ensure that the user really owns that account)

If the user makes a typo, that means that we end up with a valid account, which
can never be used.

Instead, we should create a token which expires in n days (1-2 ?) which ahs to
be confirmed before an entry is made in teh profiles table.

From endico on irc, there are 48890 accounts, but only 19158 distinct reporters,
and 21976 distinct people who have made a comment. Even if you assume that noone
who has made a comment has ever filed a bug (which is really really really
unlikely), that still leaves us with about 20% of accounts who have never done
either. So unless there is another class of users I've forgotton about, this
accounts for a large number of people, and so this would also be worth doing.

This also ensures that the postmaster doesn't get bounces from incorrect emails,
and that you can't cc a user (and thus give them spam mail) before their account
is activated.

We'd obviously then have to check the tokens table for these sort of email
adressess, just like we currently check them for email changes in progress.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE

*** This bug has been marked as a duplicate of 87795 ***
Status: RESOLVED → VERIFIED
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.