Details
-
Type: New Feature
-
Status: Closed
-
Priority: Major
-
Resolution: Fixed
-
Affects Version/s: 4.6.0
-
Component/s: Plugins, Staff Interface
-
Labels:None
Description
It may be necessary to have new customers verify their email address prior to accepting an order or allowing certain functionality through extensions. Blesta core should be aware of and handle email verification, and the order plugin should be able to enforce it.
New Setting
Add a new setting for the company and client group to require email verification for new accounts. This would apply to both the client (primary contact) and any other contacts.
When a contact or client is created in the client group or company, based on the setting, send an email to the contact with a special link that can be used to validate their email address. Track whether an email address has been verified. The link should not have an expiry like password resets.
UI
If the setting is enabled and the email address has not been verified, display a warning in the client area with an option to resend the verification email. We may want to stop showing the message after a period of time if the user does not verify their email.
Functionality
Email address changes should not take affect until the address is verified. We will need to store the new email address and only update the official record when the verification link is clicked. This is necessary for security reasons, through 3rd party plugins that may trust the email address and associate it with an external account, like Kayako.
A method to check whether an email address has been verified should be available over the API, so such a method should not be private. Plugins may want to check whether an address has been verified, and thus can be trusted.
See sub-tasks for full/updated details.
Issue Links
- relates to
-
CORE-2222 Add additional client status of "Closed" and "In Review"
- Open
It may be useful to incorporate CORE-2222 and use that "In Review" status for clients with unverified emails