Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Pledges: Create system for generating and validating temporary confirmation links #34

Closed
coreymckrill opened this issue Oct 18, 2019 · 3 comments · Fixed by #46
Assignees

Comments

@coreymckrill
Copy link
Contributor

@coreymckrill coreymckrill commented Oct 18, 2019

There are several parts of this system that are going to rely on the user confirming something or accessing something by clicking a unique link that they receive in an email.

  • Confirm the email address associated with a pledge #10
  • Access and manage an existing pledge #5
  • Confirm a contributor connection to a pledge #12
  • Remind pledge owners to update their info #27

Ideally, I think, these links would be true one-time use. But if building that system is too complex, utilizing WP's nonce system might be sufficient.

@coreymckrill coreymckrill added this to the Create a pledge milestone Oct 18, 2019
@iandunn iandunn self-assigned this Oct 21, 2019
@iandunn

This comment has been minimized.

Copy link
Member

@iandunn iandunn commented Oct 24, 2019

I considered just using WP "nonces" for this, but ultimately didn't feel comfortable enough with it from a security perspective, and am working on a true NONCE system.

The WIP is in https://github.com/WordPress/five-for-the-future/compare/email-auth if anyone has any high-level concerns about the overall direction.

@coreymckrill

This comment has been minimized.

Copy link
Contributor Author

@coreymckrill coreymckrill commented Oct 24, 2019

What are your concerns with the not-nonces in WP?

@iandunn

This comment has been minimized.

Copy link
Member

@iandunn iandunn commented Oct 24, 2019

iandunn added a commit that referenced this issue Oct 25, 2019
Fixes #34.
Fixes #10.
iandunn added a commit that referenced this issue Oct 25, 2019
Fixes #34.
Fixes #10.
@iandunn iandunn closed this in #46 Oct 25, 2019
iandunn added a commit that referenced this issue Oct 25, 2019
Email: Send pledge confirmation with authentication token.

Fixes #34.
Fixes #10.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.