Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sitewide Email Verification Milestone I - As a Gitcoin operator, when a user updates or changes their email, I want a system to make sure they verify their email, and Gitcoin has to verify consent. #5451

Open
frankchen07 opened this issue Nov 5, 2019 · 1 comment

Comments

@frankchen07
Copy link
Contributor

@frankchen07 frankchen07 commented Nov 5, 2019

User Story

Sitewide Email Verification Milestone I - As a Gitcoin operator, when a user updates or changes their email, I want a system to make sure they verify their email, and Gitcoin has to verify consent.

Why Is this Needed

If a user changes their email, we need verification that they are adding an email address they own for security purposes.

Gitcoin will also have to re-gain consent for the updated email given GDPR requirements.

Description

Andrew Redden & Dan Lipert have suggested general outline for a system that would do this well. It should include these components:

  1. it is of high certainty that users who created a gitcoin profile from a github profile are already verified

  2. when updating or changing an email, a system to create / store / invalidate verification tokens (24-48 hours) is utilized in order to have the user verify this new email (create token ,send & confirm email, erase token).

  3. banner at the top of the site to warn a user that an updated email has not been verified

  4. caveat to point 2 is email addresses from providers who support hyphens, periods / other forms of punctuated email addresses as similar to the original one. This should hypothetically be solved using the verification system (since the aliases should link to the original email).

  5. When a new email is updated, Gitcoin must regain consent to send transactional emails to the new email address. Is this done within email or in-app?

  6. When a user logins in using "login" through Github Authentication, do they sign the TOS agreement for consent into marketing materials?

Current Behavior

none of this currently exists

Expected Behavior

build out verification system for email updates & re-consent for updated email

Definition of Done

  • verification token system
  • banner warning
  • test if verification token system works with aliases
  • method of consent for new email address
@frankchen07 frankchen07 added this to To do in Robot Board via automation Nov 5, 2019
@frankchen07 frankchen07 added this to November / Sprint 23 in Gitcoin Roadmap Nov 5, 2019
@molecula451

This comment has been minimized.

Copy link
Contributor

@molecula451 molecula451 commented Nov 5, 2019

Excellent. I am facing this issue right now. It doesn't matter how many times I update the e-mail on Gitcoin. It always keeps showing the old "Github" e-mail. Plus. Imo, it needs to be change in every site of the app. Including "Work done" section where it provides user payable address and e-mail information

@frankchen07 frankchen07 moved this from To do to In progress in Robot Board Nov 12, 2019
@frankchen07 frankchen07 removed this from In progress in Robot Board Nov 12, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Gitcoin Roadmap
November / Sprint 23
3 participants
You can’t perform that action at this time.