revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-19 03:50:54 +01:00
Code Issues Releases Wiki Activity
No description
2093 commits 3 branches 7 tags 153 MiB
PHP 93.5%
JavaScript 4.1%
CSS 2.4%
Find a file
epriestley 87207b2f4e Allow users to have multiple email addresses, and verify emails 
Summary:
  - Move email to a separate table.
  - Migrate existing email to new storage.
  - Allow users to add and remove email addresses.
  - Allow users to verify email addresses.
  - Allow users to change their primary email address.
  - Convert all the registration/reset/login code to understand these changes.
  - There are a few security considerations here but I think I've addressed them. Principally, it is important to never let a user acquire a verified email address they don't actually own. We ensure this by tightening the scoping of token generation rules to be (user, email) specific.
  - This should have essentially zero impact on Facebook, but may require some minor changes in the registration code -- I don't exactly remember how it is set up.

Not included here (next steps):

  - Allow configuration to restrict email to certain domains.
  - Allow configuration to require validated email.

Test Plan:
This is a fairly extensive, difficult-to-test change.

  - From "Email Addresses" interface:
    - Added new email (verified email verifications sent).
    - Changed primary email (verified old/new notificactions sent).
    - Resent verification emails (verified they sent).
    - Removed email.
    - Tried to add already-owned email.
  - Created new users with "accountadmin". Edited existing users with "accountadmin".
  - Created new users with "add_user.php".
  - Created new users with web interface.
  - Clicked welcome email link, verified it verified email.
  - Reset password.
  - Linked/unlinked oauth accounts.
  - Logged in with oauth account.
  - Logged in with email.
  - Registered with Oauth account.
  - Tried to register with OAuth account with duplicate email.
  - Verified errors for email verification with bad tokens, etc.

Reviewers: btrahan, vrana, jungejason

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T1184

Differential Revision: https://secure.phabricator.com/D2393
2012-05-07 10:29:33 -07:00
bin Make SQL patch management DAG-based and provide namespace support 2012-04-30 07:54:00 -07:00
conf Document configuration of file upload limits 2012-05-03 17:30:17 -07:00
externals Enforce upload size limits and transport exceptions with appropriate response encoding 2012-05-07 06:17:00 -07:00
resources Allow users to have multiple email addresses, and verify emails 2012-05-07 10:29:33 -07:00
scripts Allow users to have multiple email addresses, and verify emails 2012-05-07 10:29:33 -07:00
src Allow users to have multiple email addresses, and verify emails 2012-05-07 10:29:33 -07:00
support/aphlict Make Aphlict client somewhat more approachable 2012-03-06 20:14:03 -08:00
webroot Revert cd63d9b2ce / D2403, see diff. This broke inline comments by making them not span enough columns. 2012-05-07 06:01:56 -07:00
.arcconfig Add a custom lint name hook to Phabricator 2011-08-31 13:49:30 -07:00
.divinerconfig Fix line links to source codes of generated documentation 2012-04-10 11:31:52 -07:00
.gitignore Fix whitespace 2012-04-06 01:00:32 -07:00
.gitmodules Just change the location. 2011-05-28 15:14:54 -07:00
README Add a roadmap document and update the README. 2011-06-29 09:38:03 -07:00

README 

Phabricator is a open source collection of web applications which make it easier
to write, review, and share source code. Phabricator was developed at Facebook.

This is an early release. It's pretty high-quality and usable, but under
active development so things may change quickly.

You can learn more about the project and find links to documentation and
resources at: http://phabricator.org/

LICENSE

Phabricator is released under the Apache 2.0 license except as otherwise noted.
http://www.apache.org/licenses/LICENSE-2.0