Unable to modify login e-mail address of account.
RokeJulianLockhart opened this issue · comments
LinkStack version
Description
https://github.com/orgs/LinkStackOrg/discussions/683
I am unable to modify/replace the e-mail address which I use to log in.
Details about your system
https://download.opensuse.org/repositories/openSUSE:/Factory/standard/x86_64/MozillaFirefox-121.0-1.1.x86_64.rpm on cpe:/o:opensuse:tumbleweed:20240106.
How to reproduce
Access https://linksta.cc/studio/profile or https://linksta.cc/studio/page.
Possible Solution
No response
Additional Context
No response
This is a feature since version 0.1.
Admins can choose to disable this field, so only admins can change the email.
@JulianPrieber, does that mean that https://linksta.cc/ has disabled that option? If so, considering it's the official instance of the project, how does one request that their e-mail address be modified? (Post a https://github.com/orgs/LinkStackOrg/discussions/new?category=general?)
@JulianPrieber, does that mean that https://linksta.cc/ has disabled that option? If so, considering it's the official instance of the project, how does one request that their e-mail address be modified? (Post a https://github.com/orgs/LinkStackOrg/discussions/new?category=general?)
That is correct, it is disabled on linksta.cc on purpose.
We normally expect you to create a new account and simply migrate your links.
If that is not an option for you, you can reach support on our contact page.
I'll do so. Thanks. However, @JulianPrieber, what's the benefit to disabling it?
There is no built-in logic for verifying an email after a change. The idea was always that if verification is enabled, an email is permanently bound to an account. Also, this would mess with social accounts a bit.
I've sent a message from mailTo:s1hvpv+info=linkstack.org@rokejulianlockhart.anonaddy.com to mailTo:info@linkstack.org.
@JulianPrieber, could I make an issue about that, then? Seems like having half-baked functionality for such an important aspect of account management might be a problem, especially since malicious actors on servers with this functionality enabled could register for an account with a trusted e-mail address and then change it to a non-trusted one.
could I make an issue about that, then? Seems like having half-baked functionality for such an important aspect of account management might be a problem, especially since malicious actors on servers with this functionality enabled could register for an account with a trusted e-mail address and then change it to a non-trusted one.
I'm a bit confused... we do not allow changing the email to combat exactly this "account with a trusted e-mail address and then change it to a non-trusted one".
What you're describing is what is already implemented, so where is the issue?
@JulianPrieber, I'm talking about https://github.com/LinkStackOrg/LinkStack/.git, not https://linksta.cc, and referring to how you explained in #684 (comment) that the LinkStack software provides the functionality I suggested in #684 (comment) but that it doesn't yet provide verification on changes (per #684 (comment)). I'd like to suggest that that be remediated so that you could re-enable user e-mail account changes on https://linksta.cc.
Sounds reasonable. I may be able to address this after v5.0. Our normal approach here is to create a feature request in https://github.com/orgs/LinkStackOrg/discussions/688