cross-solution / YAWIK

YAWIK is a web application. It can be used as an ATS applicant tracking system or as a jobboard.
https://yawik.org
MIT License
125 stars 67 forks source link

Social profile may have no email #201

Open fedys opened 8 years ago

fedys commented 8 years ago

Under certain circumstances social profile may return empty email. This should be checked and disallow such profile to login.

TiSiE commented 8 years ago

I'm not sure if such profiles shouldn't be able to log in.. after all, they have authenticated.

An user can still enter an email address in his profile.

fedys commented 8 years ago

Ok, an social profile without email should be able to log in. This causes another two issues for such profiles:

  1. duplicate key exception for empty user.login may occur in https://github.com/cross-solution/YAWIK/blob/develop/module/Auth/src/Auth/Adapter/HybridAuth.php#L121 I have already commented out this line in "multiple-socials" branch because user.login is actually modified in Auth\Controller\IndexController::loginAction() method
  2. an empty recipient is added to social welcome mail in https://github.com/cross-solution/YAWIK/blob/develop/module/Auth/src/Auth/Controller/IndexController.php#L227
TiSiE commented 8 years ago

\2. It's quite easy to check for an empty email address, isn't it? ;)

But I do get the point. The real question is, if we want to insist sending a welcome email and if so, we must indeed ensure that an email address is available. Or to make it just a bit more complicated, defer the sending of the welcome mail until a valid email address is entered...

cbleek commented 7 years ago

In case of an empty email address or in case the email address is already in use by another account we should offer a form, so the user can adjust the values.

we should do this in 0.30