search

boostorg / website-v2

New Boost website
https://preview.boost.org
Boost Software License 1.0
8 stars 8 forks source link

Hardening of registering process #1128

Open joaquintides opened 1 week ago

joaquintides commented 1 week ago

There are two problems with the current registration problem:

  1. (Major) The process does not go through to an email validation phase (typically implemented via some callback sent to the provided address that the user needs to go through in order to enable the account).
  2. (Minor) The email textbox has both client-side and server-side validation with unclear (to me) rules:
    • Typing "john" or "john@" triggers the client side validation ("Enter an email address" right at the bottom of the editbox).
    • Typing "john@x" triggers the server-side validation (A message in read appears with "Enter a valid email address" above the editbox).

To write: a more precise spec of how we want to implement this hardening.

vinniefalco commented 1 week ago

If the user signs up with GitHub, then we don't need this additional stuff. We decided early on that we would trust external OAuth providers, as doing so is no less secure than the provider.

joaquintides commented 1 week ago

Yes, this only applies to the email-based registration process.