[3.4] [Updated] Users invitation #6220
Conversation
|
What do you think about prefilling (possibly forcing) a username / email address / even display name with the invitation? Really the only thing I don't want to fill in for my users is their password. I'm not saying this should be forced from the admins POV. |
Can we? My understanding was that the intention was to make this an admin feature … that said, yes I think we should either enforce it as required, or make the fields validate. That said, one of my massive concerns about this from the beginning was the security implications, as anyone with a valid link could (until said link is used) create an account… so TBH, there should be some additional stop-gaps to attempt to curb abuse. |
|
Yes it is. I guess my use case is basically the same as create user and then send them a reset password link... |
Derp, by "can we" I meant "is it implemented for non-admin users?"
This is pretty much where I am going. While it is a small vector, it is one that I can see potentially ending up in a CVE if we're not careful. |
|
Does this need anything else than monkey-testing? |
|
Yes, @CarsonF is working on more changes currently |
|
@CarsonF has a copy of this branch … I am withdrawing my work on it, if it gts over the line, it won't be one by me |
|
Is this feature dead? I got lost between issues and PRs. |
|
Not dead, just lacking time to finish. 😞 |
Closes #5496
Fixes #4555
This is a reworking of the PR done by @mangroud in #5496
This is not ready for merge yet
, as I'd like to squash my commits … when we decide collectively on approach … just want to (mostly) get this off my plate.A UX addition in this one too:
