Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User verification works multiple times #44

Closed
kris7ian opened this issue Apr 19, 2019 · 3 comments
Closed

User verification works multiple times #44

kris7ian opened this issue Apr 19, 2019 · 3 comments
Assignees
@apragacz
Labels
priority:high type:bug

Comments

@kris7ian
Copy link

Shouldn't the link that gets sent to activate an account only work once? Seems especially relevant when having 'REGISTER_VERIFICATION_AUTO_LOGIN': True
@apragacz
Copy link
Owner

Well, the account activation is idempotent: if the user was already activated, then basically setting the verification field to True again does not change the state.

I guess the problem could arise when you have REGISTER_VERIFICATION_AUTO_LOGIN enabled: someone could use the link to auto-login again, which is probably not what we want.

I will introduce REGISTER_VERIFICATION_ONE_TIME_USE which will work similarly to RESET_PASSWORD_VERIFICATION_ONE_TIME_USE. It will be disabled by default for backward compatibility; probably will be changed in the distant future to True as default with other backward incompatible changes (version 1.0.0 or maybe even 0.5.0?)
For now I will provide a Django system check to see whether REGISTER_VERIFICATION_ONE_TIME_USE is enabled in case REGISTER_VERIFICATION_AUTO_LOGIN is enabled.

@apragacz apragacz self-assigned this Apr 19, 2019
apragacz added a commit that referenced this issue Apr 24, 2019
@apragacz
Issue #44: WIP
5d24e88
apragacz added a commit that referenced this issue Apr 25, 2019
@apragacz
Issue #44: register verification one-time use
7373571 
* Added REGISTER_VERIFICATION_ONE_TIME_USE setting
* Added warning check in case
  REGISTER_VERIFICATION_AOUT_LOGIN is enabled
@apragacz
Copy link
Owner

This fix will be released in next version (0.4.4).

apragacz added a commit that referenced this issue May 10, 2019
@apragacz
Version 0.4.4
260806d 
Changes:

* Resolved issue #44
* Resolved issue #45
@lock
Copy link

lock bot commented Apr 25, 2020

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@lock lock bot locked as resolved and limited conversation to collaborators Apr 25, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@apragacz apragacz

Labels
priority:high type:bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@apragacz @kris7ian