Validate users before confirming new accounts #2916
Labels
good first issue
Issues that are a great place to get started with Lightning
ux/ui improvement
Improvements to the look, feel and usability of the system
Comments
christad92
added
good first issue
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
For security reasons, we enforce that new users should confirm their account by sending an email with a confirmation URL. When users click the link, we don't check their identity before confirming the account. (they just say click on the confirm account button)
The proposal is that when a user clicks a valid confirmation link, we should confirm their identity by asking them to sign in or checking if a stored user token validates their identity.
The text was updated successfully, but these errors were encountered: