Change how authentication with unverified email addresses is implemented #128
Conversation
Commit test README.md
…opers should implement warnings about verification themselves then. Last parameter of constructor : `new Auth($databaseConnection, $ipAddress, $dbTablePrefix, $throttling, $sessionResyncInterval, $dbSchema, $loginUnverified)`
|
Thanks! Glad that this works for you, but I’m not sure if we really want it in this repository here. There’s also a way to disable email verification and thus let users sign in immediately, as explained in the README:
So I guess we don’t need another way to make this work. Granted, with your solution, you decide on login, and with our current solution, you decide on registration. But I think that’s sufficient in most cases and often what you actually want. That’s also why the README says:
Thanks for your contribution, nevertheless. |
|
I just don’t think the user should be marked as verified in the database if they’re not. |
That is certainly a good point. Thank you! You could later reverse your decision and need information on the authenticity of the email address. If it’s immediately marked as verified although it’s actually not, that’s a problem. These “allegedly confirmed” email addresses could even be mixed with addresses that have in fact been confirmed. We could solve that problem simply by introducing a third state, i.e. in addition to
Well, it’s not only about verifying the client as a human. Even more important is verifying the email address as not belonging to some stranger. So if you use email for identification and authentication, it’s really important to know that it’s actually owned by the user. It’s not as easy as just merging your pull request, in any case. So that’s one reason why pull requests are not always merged. If you can sign in with an unverified email address, this needs to be taken into account in other areas as well. Some pull requests are also just bad – that’s another reason. Some are too extensive and complex, and change the whole library with hundreds or even thousands of lines in a very opinionated way. That’s something that should go into a fork, in most cases. Then, as we have explained in the README, and as I have quoted for you again, we explicitly state that we very much like to see and discuss contributions, but please let’s talk about these ideas and possible implementations first. Sometimes, the contributor just got something wrong and didn’t have a perfect understanding of the existing code yet, which is absolutely comprehensible. Finally, we do merge some pull requests, just not with GitHub’s tools but instead by applying Git’s raw patches. That’s why they’re not marked as merged on GitHub. |
ocram
changed the title
|
Thanks for your kind and thorough reply! I’ll be happy to discuss this more extensively later on this week.
So next question is, in what use case will I need to allow the unverified user to login but also need email verification at one point? |
|
Totally agree with all of what you said here! And as I said before, your solution seems to be the one that is conceptually clearer. If you allow logins without a verified email address, though, you have to guard every usage of the email address against the possibility of that email address not being verified. Further:
|
No description provided.