email verification for account creation
completed by: Julian Brost
mentors: Bastian Blank, Reimar Bauer, Thomas Waldmann, Prashant Kumar, Eugene Syromyatnikov
Abstract
We need (optional) email verification for new accounts.
Details
Currently we let a user enter an email address for user creation but we don't verify if that email address exists.
This needs to be changed to:
- when a user wants to create an account, we send an email to the email address the user has given
- when receiving the email, there will be a link in it, the user has to visit that url to activate his account
- make sure we can get rid of not activated accounts, make sure the method is secure / not easily to abuse
- use same code as for password / account recovery (the difference is that for new users we set should set a random password and then send the recovery token)
- should be configurable, so it can also work without email sending/verification.
Deliverables: patch or changeset
Benefits
New user accounts are based on a verified email address. Makes it harder for spammers also.
Skill Requirements
See tags.
Links
Note: unless otherwise noted, tasks usually refer to moin2 (http://moinmo.in/MoinMoin2.0)!
http://hg.moinmo.in/moin/2.0 or http://bitbucket.org/thomaswaldmann/moin-2.0 - repository of moin2
http://hg.moinmo.in/moin/1.9 - repository of moin 1.9
http://moimo.in/MoinMoinChat - please join us on IRC #moin-dev
You can discuss this issue in the MoinMoin wiki: http://moinmo.in/EasyToDo/email%20verification%20for%20account%20creation