Skip to content
  • Home
  • Categories
  • Recent
  • Popular
  • World
  • Top
  • Tags
  • Users
  • Groups
  • Documentation
    • Home
    • Read API
    • Write API
    • Plugin Development
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo
v3.10.3 Latest
Buy Hosting
  1. Home
  2. NodeBB Development
  3. Stricter behaviour for email address requirement config

Stricter behaviour for email address requirement config

Scheduled Pinned Locked Moved NodeBB Development
emailconfigadmin
3 Posts 2 Posters 432 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • julianJ Offline
    julianJ Offline
    julian NodeBB GNU/Linux
    wrote on last edited by julian
    #1

    tl;dr

    This blog post is about this GitHub pull request.

    • If you have requireEmailAddress enabled, anyone who does not have a confirmed email address will be prompted to do so. They will not have access to the forum.
    • This replaces the older behaviour wherein the option to require an email address only really enforced that an address was provided, not that it be confirmed; the option was essentially toothless.
    • The default is unchanged, email is not a required user attribute, and a new registrant can enter nothing at all, if they wish.

    Slated for v3.1.0 is a change to the requireEmailAddress config option.

    42cbc49b-0f7d-492d-9dfc-03ccd2d49b1d-image.png

    The following new behaviour has been added to this configuration option, if enabled:

    • If a new registrant or existing user does not have a confirmed email, then they will not have access to the forum. They will be redirected back to the email change form and given the option to resend their confirmation email.
    • Some users with an unconfirmed email address will be prompted to confirm their email address.

    This is a change from the previous behaviour, where the option only enforced that the user entered an email when registering, even if it was not theirs or was not a real email.

    I went into detail earlier about how we treat emails — if it's not validated, it's not added to the account.

    However, in this case, even with the requireEmailAddress option enabled, forum access was still allowed even if the email was not validated (which went against the expectation of the user option — "require email address"). It seemed to be a bit toothless to only require that an email be entered, so we have extended the scope of this option so that it completely restricts access to the forum for logged-in users if their email is not validated.

    What if I want guest access to my forum?

    Guest access is unchanged; the expanded scope only applies to registered accounts, and even then only if the requireEmailAddress option is explicitly enabled.

    What if I only want to show some content to verified users, but don't want to force users to enter an email?

    No change — you'll leave the requireEmailAddress option unchecked, and hide your privileged content via category privileges. The verified-users and unverified-users groups will allow you to show and/or hide content to those groups just as before.

    1 Reply Last reply
    1
    • R Offline
      R Offline
      Redbeanw44602
      wrote on last edited by
      #2

      Hello.
      I think it's inappropriate to prohibit users with unverified email addresses from accessing the forum. Registered users should not have fewer rights than guests. I suggest allowing users with unverified email addresses to post, or preferably creating a separate user group for them.

      1 Reply Last reply
      0
      • julianJ Offline
        julianJ Offline
        julian NodeBB GNU/Linux
        wrote on last edited by julian
        #3

        Hi @Redbeanw44602! Thanks for voicing your concerns.

        In this particular change, the behaviour is only applied if explicitly enabled by the site admin. The default behaviour is unchanged: guests and regular users without email confirmed are able to browse the forum equally.

        In the case where an admin wants to gate content behind email verification, they can also opt to use the verified-users privilege group.

        1 Reply Last reply
        1

        Copyright © 2024 NodeBB | Contributors
        • Login
        • Don't have an account? Register
        • Login or register to search.
        Powered by NodeBB Contributors
        • First post
          Last post
        0
        • Home
        • Categories
        • Recent
        • Popular
        • World
        • Top
        • Tags
        • Users
        • Groups
        • Documentation
          • Home
          • Read API
          • Write API
          • Plugin Development