Closed shaunanoordin closed 1 week ago
By the way, 406: Not Acceptable is the response when content negotiation fails, so my first thought would be to look at the Accept headers.
However, when the 406 Not Acceptable response is returned, the message body will contain a list of available representations that the client can choose from.
If I go to https://pr-7117.pfe-preview.zooniverse.org/settings/email, then change my email address to a totally new email address, the page still says my email is verified. Is that a bug that I can exploit in order to get around spam blocks?
I tested this by switching between an address on a personal domain that I own (which is verified), and my work address on the ox.ac.uk
domain (which is not verified.)
EDIT: when I changed my email address, the old address didn't get an email to say 'hey, someone changed your email address to a new address.' That's possibly an exploitable security hole too. Or maybe the notification emails are being a bit slow today.
EDIT THE EDIT: I've now changed my email address a few times, swapping between personal and work domains. I haven't had any email notifications to say that someone else may have changed my email address, or that there's potentially suspicious activity on my account.
Here's a weird bug (particularly if I'm using a screen reader, or colour blind, so don't see the change in colour of the input label.) When I delete my email address completely, I'm told the empty box is both valid and verified. When you're using colour like this, it's good practice to test your component in a greyscale mode, to catch accessibility failures where colour is being used to convey important information.
There's also no button to submit changes. That's another potential accessibility failure. I guess that if I'm on a phone or tablet, I can discover by trial-and-error that tapping outside the box will save changes, but the UX is less than ideal.
https://github.com/zooniverse/Panoptes-Front-End/assets/59547/6937ecde-04a9-44ff-ba37-0b878517f350
Update: the resend confirmation email link should now be fully functional!
This PR is ready for review.
A follow up is required to address the accessibility feedback.
Great work, Shaun! I can confirm this solution works when tested for an unconfirmed user account.
I agree with Jim's comment regarding link vs. button. When "Resend Confirmation Email" appears as a clickable link -- as Sean and I recommend -- it is a bit odd to see https://pr-7117.pfe-preview.zooniverse.org/settings/email#
as the link destination. Now that I've used the feature, I'd prefer a button so I don't expect to navigate away to a different page.
Sorry for the indecision! @seanmiller26 -- are you OK with a button instead of a link?
Sure, that sounds good. Let's use this style of button design - #ffffff fill with #005d69 outline, 4pt rounded corners, 16pt font.
Thanks for the feedback, everyone!
<output>
Design note 1: button looks like this. Font size is kept consistent with rest of text, which is... uh... 13.3333px? PFE is weird like that.
Design note 2: hover & click has a different background.
Design note 3: status text
For further discussion, but won't be addressed in this PR:
@shaunanoordin -- I can answer this one:
- ❓ can an email be un-verified by changing it? Does changing an email mean it's still verified?
No. Once verified, the account is always considered verified, which is more about confirming the validity of the account rather than the email. See https://github.com/zooniverse/panoptes/pull/4268#issuecomment-1843531285.
Yep,once I've verified an account, I can change the email address to any valid email address at all, without the owner of that address being notified that their address is being used.
re: email notifications -- I've opened https://github.com/zooniverse/panoptes/issues/4351; that is out of scope for this PR and will be resolved separately.
PR Overview
Staging branch URL: https://pr-7117.pfe-preview.zooniverse.org/settings/email Follows #7083, towards #7032
This PR adds a link to the Email Settings page (under User -> Settings -> Email), which allows users to request a confirmation email from Panoptes.
New behaviour:
Testing
Status
⚠️ WIP - this PR is not yet functional.
As of commit aeaeca251b6e15242a2b3799eb80d33bd0bb944f, there's a problem where sending the request results in a 406 error, at least for staging.