- Status Closed
-
Assigned To
cbay - Private
Opened by waloodi_109 - 07.06.2025
Last edited by cbay - 09.06.2025
FS#178 - No email verification required when we change email from settings
#No email verification required when we change email from settings
Hello Team,
Issue:
When we try to signup with an email, it asks us for clicking a email validation link which is sent to our email, then we have to login, without clicking that link, we cannot login, but when we change email from user settings page/edit settings page, it doesn't asks us for validation..
Impact:
For example, a user creates an account with his email (user@example.com) and verifies it using the link which has been sent to his email, as he/she have access to user@example.com, but next he goes to settings and in email change mechanism, he can put any email like (president@whitehouse.gov) and no verification is required, and the user can login with that email and access his account with the email president@whitehouse.gov, and do some abusive or not good activities and the company will be blamed!
New steps to reproduce:
Go to profile settings
Enter any email
Submit settings → Account will be accessible without verification!
How to fix?
Email verification/validation should be required when a user changed email from user settings page..
I hope you'll fix it soon. 
Thank You,
Waleed Anwar
Loading...
Available keyboard shortcuts
- Alt + ⇧ Shift + l Login Dialog / Logout
- Alt + ⇧ Shift + a Add new task
- Alt + ⇧ Shift + m My searches
- Alt + ⇧ Shift + t focus taskid search
Tasklist
- o open selected task
- j move cursor down
- k move cursor up
Task Details
- n Next task
- p Previous task
- Alt + ⇧ Shift + e ↵ Enter Edit this task
- Alt + ⇧ Shift + w watch task
- Alt + ⇧ Shift + y Close Task
Task Editing
- Alt + ⇧ Shift + s save task
Hello,
The only purpose of email validation is to reduce the number of "bad" actors (e.g. hackers, phishers…) signin up. We used to not even have any email validation at all.
Kind regards,
Cyril