Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-70381

Resend email confirmation cannot be extended

XMLWordPrintable

    • Icon: New Feature New Feature
    • Resolution: Unresolved
    • Icon: Trivial Trivial
    • None
    • 4.5
    • Authentication
    • MOODLE_405_STABLE
    • Hide

      Steps to reproduce:

      1. Install https://moodle.org/plugins/auth_emailadmin
      2. Select it as User Registration plugin
      3. Optionally disable the regular Email plugin
      4. While not signed in, create a new account. The admin should receive the request to confirm.
      5. Attempt to sign in as the new user. You'll get redirected the Resend Confirmation page.
      6. No "Resend Confirmation" button is provided.
      7. Resend is not executed even if the user attempts to fake the resend request by manually crafting the proper URL
        • Crafted URL: POST /moodle/index.php
        • POST data: username=<username>&password=<password>&resendconfirmemail=1&logintoken=<tokenGeneratedIfAuthAdmin>&sesskey=<sessKeyGeneratedIfAuthAdmin>
      Show
      Steps to reproduce: Install https://moodle.org/plugins/auth_emailadmin Select it as User Registration plugin Optionally disable the regular Email plugin While not signed in, create a new account. The admin should receive the request to confirm. Attempt to sign in as the new user. You'll get redirected the Resend Confirmation page. No "Resend Confirmation" button is provided. Resend is not executed even if the user attempts to fake the resend request by manually crafting the proper URL Crafted URL: POST /moodle/index.php POST data: username=<username>&password=<password>&resendconfirmemail=1&logintoken=<tokenGeneratedIfAuthAdmin>&sesskey=<sessKeyGeneratedIfAuthAdmin>

      Hello,

      The Resend Confirmation mechanism is not extendable nor defined in the regular auth/email plugin.

      People trying to use their own auth plugins to manage confirmation are not able to disable it.

      For example: https://moodle.org/plugins/auth_emailadmin

      This plugin moves the confirmation responsibility to the admins, but the Resend Confirmation feature completely bypasses it.

      Please move this functionality onto the regular auth/email plugin so that it can be disabled, or make it depend on the active auth plugin.

       

      Thank you,

      Felipe

        1. image-2020-12-02-22-25-24-568.png
          image-2020-12-02-22-25-24-568.png
          52 kB
        2. moodle-MDL-70381.patch
          10 kB
        3. moodle-MDL-70381-36.patch
          7 kB
        4. moodle-MDL-70381-37.patch
          7 kB

            Unassigned Unassigned
            hrimhari Felipe Carasso
            Mihail Geshoski Mihail Geshoski
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:

                Estimated:
                Original Estimate - 0 minutes
                0m
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 5 hours, 1 minute
                5h 1m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.