Uploaded image for project: 'Blesta Core'
  1. Blesta Core
  2. CORE-3233

Option to require new account email verification

    Details

      Description

      It may be necessary to have new customers verify their email address prior to accepting an order or allowing certain functionality through extensions. Blesta core should be aware of and handle email verification, and the order plugin should be able to enforce it.

      New Setting

      Add a new setting for the company and client group to require email verification for new accounts. This would apply to both the client (primary contact) and any other contacts.

      Email

      When a contact or client is created in the client group or company, based on the setting, send an email to the contact with a special link that can be used to validate their email address. Track whether an email address has been verified. The link should not have an expiry like password resets.

      UI

      If the setting is enabled and the email address has not been verified, display a warning in the client area with an option to resend the verification email. We may want to stop showing the message after a period of time if the user does not verify their email.

      Functionality

      Email address changes should not take affect until the address is verified. We will need to store the new email address and only update the official record when the verification link is clicked. This is necessary for security reasons, through 3rd party plugins that may trust the email address and associate it with an external account, like Kayako.

      A method to check whether an email address has been verified should be available over the API, so such a method should not be private. Plugins may want to check whether an address has been verified, and thus can be trusted.


      See sub-tasks for full/updated details.

        Issue Links

        There are no Sub-Tasks for this issue.

          Activity

          Hide
          jonathan Jonathan Reissmueller added a comment -

          It may be useful to incorporate CORE-2222 and use that "In Review" status for clients with unverified emails

          Show
          jonathan Jonathan Reissmueller added a comment - It may be useful to incorporate CORE-2222 and use that "In Review" status for clients with unverified emails
          Hide
          admin Paul Phillips added a comment -

          We also need a sub-task for the Support Manager. If this is enabled, we should not allow emails to be imported into the support manager that are not verified.

          Show
          admin Paul Phillips added a comment - We also need a sub-task for the Support Manager. If this is enabled, we should not allow emails to be imported into the support manager that are not verified.

            People

            • Assignee:
              abdy Abdy Franco
              Reporter:
              admin Paul Phillips
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Fix Release Date:
                17/Sep/20

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 week, 2 days, 6 hours, 48 minutes
                1w 2d 6h 48m

                  Agile