fin
commented
8 years ago this is probably because you're logged in as admin @benfreu maybe the auth middleware overwrites the user variable? maybe pick another name?
Closed hutershvili closed 8 years ago
fin
commented
8 years ago this is probably because you're logged in as admin @benfreu maybe the auth middleware overwrites the user variable? maybe pick another name?
lyrixderaven
commented
8 years ago Hm, seeing that I just could click the above link and that I got Mathias' email address it seems to work for me? It could be a caching issue in the browser...
Besides that, I do think we need to put a captcha solution on that page. Misuse is totally obvious otherwise...
fin
commented
8 years ago ooh, rabbit hole!
additional issue: i don't think we should send emails based on GET requests
benfreu
commented
8 years ago true true true...
is everybody comfortable with using Google reCAPTCHA?
themistress
commented
8 years ago Fine for me!
benfreu
commented
8 years ago I've implemented a simple honeytrap thing for the email form.
Would we be able to spot abuse should it happen at some point?
fin
commented
8 years ago depends on your logging (:
When managing your email subscriptions, the page always refers to fin@fin.io
Replicate: http://offenesparlament.at/abos/mathias.huter@informationsfreiheit.at
"Benachrichtigungen für fin@fin.io Ein Login-Link wurde soeben an 'mathias.huter@informationsfreiheit.at' gesendet (falls wir ein Abo unter dieser Adresse in unserer Datenbank gefunden haben)."