It's just so nice to be guaranteed to have a way to get in touch with users.
Seriously change the signup process: instead of "enter username/password; click Sign Up," we now have "go to the /signup page; enter email address; click link in verification email; enter username/password."
The link in the verification email has a path segment that's basically a cryptographically signed, base64-encoded message saying "I own my.email@example.com". Anybody who can produce such a message can register accounts tied to that email address. I'm not sure how I feel about that; I think the Right Way would be to just send a nonce that indexes into some database table to recover the email address. That's doable later, though.
Remove the SetEmail and VerifyEmail endpoints.
Remove all email-related settings (which is... essentially all settings). This enables the assumption that you can always ask Biatob to ask another user whether they trust you.
It's just so nice to be guaranteed to have a way to get in touch with users.
Seriously change the signup process: instead of "enter username/password; click Sign Up," we now have "go to the /signup page; enter email address; click link in verification email; enter username/password."
The link in the verification email has a path segment that's basically a cryptographically signed, base64-encoded message saying "I own my.email@example.com". Anybody who can produce such a message can register accounts tied to that email address. I'm not sure how I feel about that; I think the Right Way would be to just send a nonce that indexes into some database table to recover the email address. That's doable later, though.
Remove the SetEmail and VerifyEmail endpoints.
Remove all email-related settings (which is... essentially all settings). This enables the assumption that you can always ask Biatob to ask another user whether they trust you.
Simplify the UI on the ViewUser page.