mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-22 13:30:55 +01:00
87207b2f4e
Summary: - Move email to a separate table. - Migrate existing email to new storage. - Allow users to add and remove email addresses. - Allow users to verify email addresses. - Allow users to change their primary email address. - Convert all the registration/reset/login code to understand these changes. - There are a few security considerations here but I think I've addressed them. Principally, it is important to never let a user acquire a verified email address they don't actually own. We ensure this by tightening the scoping of token generation rules to be (user, email) specific. - This should have essentially zero impact on Facebook, but may require some minor changes in the registration code -- I don't exactly remember how it is set up. Not included here (next steps): - Allow configuration to restrict email to certain domains. - Allow configuration to require validated email. Test Plan: This is a fairly extensive, difficult-to-test change. - From "Email Addresses" interface: - Added new email (verified email verifications sent). - Changed primary email (verified old/new notificactions sent). - Resent verification emails (verified they sent). - Removed email. - Tried to add already-owned email. - Created new users with "accountadmin". Edited existing users with "accountadmin". - Created new users with "add_user.php". - Created new users with web interface. - Clicked welcome email link, verified it verified email. - Reset password. - Linked/unlinked oauth accounts. - Logged in with oauth account. - Logged in with email. - Registered with Oauth account. - Tried to register with OAuth account with duplicate email. - Verified errors for email verification with bad tokens, etc. Reviewers: btrahan, vrana, jungejason Reviewed By: btrahan CC: aran Maniphest Tasks: T1184 Differential Revision: https://secure.phabricator.com/D2393
12 lines
497 B
SQL
12 lines
497 B
SQL
CREATE TABLE {$NAMESPACE}_user.user_email (
|
|
`id` int unsigned NOT NULL AUTO_INCREMENT PRIMARY KEY,
|
|
userPHID varchar(64) collate utf8_bin NOT NULL,
|
|
address varchar(128) collate utf8_general_ci NOT NULL,
|
|
isVerified bool not null default 0,
|
|
isPrimary bool not null default 0,
|
|
verificationCode varchar(64) collate utf8_bin,
|
|
dateCreated int unsigned not null,
|
|
dateModified int unsigned not null,
|
|
KEY (userPHID, isPrimary),
|
|
UNIQUE KEY (address)
|
|
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|