consuldemocracy icon indicating copy to clipboard operation
consuldemocracy copied to clipboard
verified publisher icon consuldemocracy

Add e-mail verification when creating an account

Open PierreMesure opened this issue 6 years ago • 1 comments

User Story

  • As an administrator, I want to make sure that as many e-mail addresses as possible are correct in my database.
  • As a user, I want to get an error message if there is a typo in my e-mail address.

Why is this Needed?

I just discovered that Consul doesn't check the e-mail address at all when creating an account!

There are some verifications when creating an account with the management interface but not through the usual method.

It is a big problem as many people do mistype their e-mail address. On our Consul installations, you can see a lot of user@gmail or [email protected].

Description

Type: Feature

I suggest that we add at least a regex validation on the form and the model.

It seems that there is no perfect solution with regex so we could also add a more advanced verification that MX records exist with the gem valid_email2.

Current Behavior

You can enter test@test as an e-mail address when creating an account.

Expected Behavior

You shouldn't be able to...

Steps to reproduce

  • Create an account with test@test as the e-mail address.

Definition of Done

  • Add Regex validation on the form and the model.
  • (optional) Add validation with the valid_email2 gem.

PierreMesure avatar Nov 09 '19 12:11 PierreMesure

Indeed there seems to be no perfect solution. Here's a summary of the current situation:

When registering users, we aren't checking anything on the server level but letting the browser validate the email. We are using a server-side validation for the email format when managers verify emails.

The regular expressions used both in the server side and the client side mark emails like test@test as valid. It looks like the RFC is quite lax and allows email addresses that are most likely invalid.

AFAIK Ruby doesn't come with stricter regular expressions, although there are gems providing them. Adding a stricter regular expression in CONSUL is possible by changing config.email_regexp in config/initializers/devise.rb.

When signing up with CONSUL, people might realize they entered the wrong email address because they didn't get a confirmation email. Checking for valid MX records can give them faster feedback. On the minus side, we might also get false positives. We'd also be sending email addresses to external services, making the process slightly slower and, who knows, there might be other side effects.

javierm avatar Dec 05 '21 01:12 javierm