[Enhacement] Validate email address on profile update

[GoogleCodeExporter]

What steps will reproduce the problem?
1.The user updates the profile with an incorrect email address
2.The user forgot its password
3.Using ForgottenPassword she answers the questions but never receives the token

What is the expected output? What do you see instead?
Even though the email address can be no longer valid when the user needs it to 
recover her password, it would be great to have all addresses validated during 
the update process in order to have less calls to the help desk.

What version of PWM are you using?
1.6.4 build 1192

What ldap directory and version are you using?
openldap 2.4.23

Detailed explanation:
We have configured pwm to force profile update during Activation. We don't have 
the user's email addresses so we expect that they fill it in.
If we use Token Validation during Activation, then an error is raised because 
the directory doesn't contain the email address for the user.
If we disable Token Validation during Activation then the user is forced to 
update the profile but the email address is not validated, leading to potential 
problems during Forgotten Password.

I would be great to have Token Validation optionally required to finish the 
Update Profile task (that way the Activation can't be completed until the email 
is correct).

Thanks!

Original issue reported on code.google.com by erapetti on 5 Nov 2012 at 10:36

[GoogleCodeExporter]

In current PWM builds, all form elements allow specify a regular expression to 
enforce formatting of the user entered value.

Original comment by jrivard on 4 Feb 2013 at 3:09

• Changed state: Fixed
• Added labels: Type-Enhancement
• Removed labels: Type-Help

[GoogleCodeExporter]

Jason, regular expressions can't be used to validate that the email address 
exists and that the user has access to it.

Token Validation functionality is already implemented but it reads the email 
address from LDAP. It would be great that it can be trigger during Profile 
Update to validate the address that the user just entered.

Thank you,
Ernesto.

Original comment by erapetti on 4 Feb 2013 at 11:47

[GoogleCodeExporter]

Hello PWM team,

I encounter the same problem with version 1.7.1 build 1232.
I have many users to import in mass in my directory, with just their login and 
password.

I don't have their email address, I hope that next time they connect they are 
forced to update their profile to fill their email.

I set up validation regexp address format in the "email" field form. But I also 
hope that the existence of the address is verified by e-mail / token for the 
update of the profile.

This ticket is closed and fixed, you definitely fixed the problem? If so, from 
what version?

I did not find the option in the Configuration Editor or in the advanced 
options.

For me the problem is not closed.

Thank you for your feedback,

Sincerely,

Original comment by yann.cam on 7 Nov 2014 at 1:25