Page MenuHomePhabricator
Create Task
Maniphest T4832

Users receive notifications before confirming email address
Closed, WontfixPublic
Actions

Description

  1. Register to a Phabricator instance.
  2. You will receive an email asking for verification. Do nothing about it.
  3. Post a comment in a Maniphest task.

EXPECTED
Nothing happens in my mailbox until my email is verified. I could have typed a wrong email, I might be spamming someone else.

ACTUAL
Notifications start landing in your mailbox before any verification is completed.

Is this bad? Maybe not for the average user, but it is unusual, and not very professional.

Original report, fwiw: http://fab.wmflabs.org/T138

Event Timeline

qgil created this task.Apr 18 2014, 6:55 PM
qgil raised the priority of this task from to Needs Triage.
qgil updated the task description. (Show Details)
qgil added projects: Auth, Maniphest.
qgil updated the task description. (Show Details)
qgil added a subscriber: qgil.
epriestley closed this task as Wontfix.Apr 18 2014, 8:21 PM
epriestley claimed this task.

You can enable auth.require-email-verification to require users to verify their email addresses before they can take actions within the system. With this option off, we're intentionally permissive to make it easy for users to sign up and interact with the system.

If we let you take actions but didn't send you email until you verified your address, it would be confusing (why am I not getting email?) and we'd need to introduce additional UI to communicate to the user that they need to verify. We'd also still presumably want to send some email, like password reset email. When you verified the address, we'd potentially either send you a bunch of queued mail, or you'd never get this mail. It would also be confusing to other users who, e.g., sent you a message in Conpherence that you never received.

qgil added a comment.Apr 18 2014, 8:33 PM

Ah, sorry for having missed this detail. Makes total sense.

epriestley added a comment.Apr 18 2014, 8:36 PM

Well, we have way too many config options, but it's hard to get rid of them and there's a lot of interest in adding more.

Phabricator · Built by Phacility