hemangandhi
commented
6 years ago It does not.
We'll make it do so soon.
Closed TresTres closed 5 years ago
hemangandhi
commented
6 years ago It does not.
We'll make it do so soon.
hemangandhi
commented
6 years ago I recently realized that promotion consumptions don't assume that the frontend knows the user, so not verifying emails is a feature.
This is to let a judge's link be consumed quietly and update the user. Also because that user may not exist when the link is created, so they may go ahead and make their LCS account through an alternate email (ie. not the one day-of or whoever contacted them through).
So we'd have to talk about this flow and potentially make it more universal before a decision is made.
hemangandhi
commented
5 years ago See #60
When asking for a password change with a magic link, does lcs check if the email used is the one that originally generated the magic link?
Could someone potentially apply for a magic link on their own email and then manipulate the password of someone else's email? I was able to do it with my own email and a test user.