Today I faced the following problem:
I registered a new user on my Joobla 1.6 site
activated the account by link from an activation email
After login as the new user I've changed my email to a made up one ( foo#bar.bar )
Joomla's reaction was: 'ok no problem, e-mail seems to be fine, lets save it then'
The only two things Joomla checked was whether the e-mail was written correctly and whether it was in use by a different user.
Why isn't Joomla sanding the same activation e-mail to the new e-mail in order to change it in an user's profile? Is there something I should know?
This looks as if that very important functionality was missing in the profile editing component.
How do I make it working without editing core files?
EDIT:
I've writed a plugin which sorts this out: http://extensions.joomla.org/extensions/access-a-security/site-security/site-protection/18139
Well if you want a way to sort this out then try this:
Write your own authentication plugin that uses the onBeforeStoreUser event. Here you check the user email validates correctly whenever they change their email address.
Should you want to you can deactivate the user's account, and then send them a new activation email with link. Have a look the com_users code to see how the registration is dealt with in terms of new users registering and the sending of the activation email. You can pretty much copy the code from there.
Example code for you plugin:
onBeforeStoreUser($user, $isnew) {
if (!$isnew) {
// grab code from com_users to generate activation email
// part of the code makes an activation sequence
// sql to inject this seq into the users account
$db = JFactory::getDBO();
$db->setQuery('
UPDATE #__users
SET activation = '.$db->quote($activation_code)).'
WHERE id='.$user->id.'
);
$db->query();
// send activation email
}
}
Maybe it would be a good thing to also validate old mail account before caring for the new one.
Explanation:
I get a user and password, I log in , I change mail from real owner to mine, I have stolen the account and now can activate it with my mail.
If we validate both old and new mails , we are assuring the new mail is valid and also the change was requested by the original owner.
The activation email is just that - an activation method. This is intended to satisfy user information collection laws for countries like the States, where it is necessary to have users confirm they own "this" email address when they signup. This ensures they themselves are the ones signing them up. This is the purpose of the activation emails.
Related
Until now I was using MailSlurp for this task but it has limits when using the basic plan.
Is there any other way that would solve the problem?
Test Case Steps:
Register user with random email
Go to the created email address and click the activation link sent by the app
I found the solution.
I used a small library called gmail-tester https://www.npmjs.com/package/gmail-tester, and it does its job perfectly.
I've had a problem with configuring it but in the end, it's working.
I can check now has user received an email, and assert the content of the emails.
You can use faker to generate a random word and then just add that word to the end of your email with a + it would look something like this
cy.get('someElement').type(`something+${faker.random.words(1)}#example.com`);
Then you can just navigate to your own email address and click the link from there. The only issue you are going to have is that you wont be able to do this all is the same test case as cypress does not support cross browser testing.
Also Im not sure if the activation link redirects you or not, but if it does you wont be able to navigate to that link either.
Here is an awesome article showing how you can use MailTrap to do this:
https://humble.dev/testing-an-email-workflow-from-end-to-end-with-cypress
looking for a little advice on HTML emails and GDPR re-permission.
With the new GDPR regulations I have to create an email to send out to an existing list requesting their consent to continue contacting them.
My intention is to have an 'I'm in' button in the email, which when clicked takes the user to another page/url which has a simple form on it requesting the users email address and checkbox for them to tick to opt in.
My question is can I achieve this another more simple way. For example in the email itself when the user clicks the 'I'm in' button, can a post submission be made automatically with their email address, that gets sent to clients email, and they then just get re-directed to a standard success message. Is something like this possible? It would save having to create a form somewhere and make the process easier for the user.
I don't normally do HTML emails so I'm a little unsure - any help on this would be greatly appreciated, thanks in advance
Yes, you could embed their email in the query string of the URL and then have a webapp at that URL pick up their email from the querystring and process it. Obviously you'd need to code the webapp side accordingly.
E.g:
I'm in!
If you can still send an email to the user, the collection of consent can be quite simple. It will be sufficient to send each user an email containing a link to accept the newsletter (e.g. "Yes, I want to receive the newsletter"). The email should also contain the terms and conditions of the service, and the privacy policy. What come next can be either automated, or handled manually.
The best option would be to automate the process. This can be done in multiple way, the simplest being with a customized link for each user pointing to a website capable of interpreting the data transmitted by the link itself. To achieve this result, the link contained in each email should contain an identification code - which should be anonymized where possible - so that it will be possible to link the new consent to each user. In this way, when the user clicks the link, he or she will be taken to the website. At that point, the backend will be able to collect the code passed by the link, identify the user and, finally, re-subscribe the user to the newsletter.
In practical terms, in the email there could be a link with a value to be passed as a `GET« parameter:
Yes, I want to receive the newsletter
The server-side logic could be as follows (in PHP synthax):
// re-subscribe.php
$uuid = $_GET['uuid'];
$user = getUserByUUID($uuid); // assumed function that gets the user infos by a UUID
subscribeUser($user); // assumed function that re-subscribes user to the newsletter
echo 'Thank you!'
This could even be accomplished manually, provided that a link tracker service/tool is used.
In this – less ideal – case, in the email there should only be a single clickable link, the one required to express consent (e.g. "Yes, I want to receive the newsletter"). This link could take the user wherever deemed most appropriate. What matters, in this case, is the ability, through the tracker service/tool, to know which users have clicked the link. As long as there is only one link in the email, this would inform us that the user has expressed his or her consent, and thus we could manually re-subscribe them to the newsletter. In this case, the link to the terms and conditions and to the privacy policy should be included as static text, and not as an actual clickable link.
For more info, check out our blog post, inspired by this question, at blog.autoprivacy.eu/2018/05/newsletters-after-gdpr-existing-and-new.html
I have generated the codes with app script in order to send emails automatically if users changed some values in google spreadsheet, which is working fine.
Now I am sharing my google spreadsheet with the app script to two more person (e.g: PersonA, PersonB). Thus, I want whoever changes anything on google spreadsheet will be sending an email under his/her own account. E.g: [All of us needs to edit within the google spreadsheet itself, without going to the "current web app url", (thanks Cameron Roberts for the clarification] if PersonA changes anything, then an email will be sent out under PersonA's account, and an email will be sent out under PersonB's account if PersonB changes anything.
I did something based on the advice from user2970721 and Cameron Roberts. I adjusted "Deploy web App" as "User accessing the web app". e.g:
I also asked PersonA & PersonB to do the same under their accounts and made sure they have triggered the script at least once. e.g:
My issue is that after I have done all these mentioned above, no matter who changes anything on google spreadsheet, emails were always sent out from PersonB's account (my best guess is that I messed up something and PersonB was the last one who triggered the script).
Does the "Project version" need to be different for me, PersonA, and PersonB, or anything else I need to change? Any help would be greatly appreciated!
First, Your project versions do not need to be different for each user.
I'm assuming you are using the On Change event, rather than a web-app. If that's the case, you should disable the WebApp entirely, as it's not needed.
When PersonA creates an On Change trigger, that will be triggered anytime any user (eg PersonA or PersonB) edits the spreadsheet. When it is triggered the code will execute as PersonA , because PersonA created the trigger. As a result, the email will be sent from PersonA's account.
For the scenario you describe, where both PersonA and PersonB have created OnChange triggers and authorised the script. I would expect emails to be sent from both accounts that have created triggers.
To send only one email, from the account that did the edit, I think you would need to do a check to determine if the user who did the edit matches the user under who's authority the script is running. I've never done this before and the docs don't really make it clear if it's possible.
Try checking the User object (Eg e.user) included with the Change event, and see if that email address is reflecting the different users making the edits.
If it is, you can compare it with the effective user and send the email if they match.
https://developers.google.com/apps-script/reference/base/user
https://developers.google.com/apps-script/reference/base/session#getEffectiveUser()
Finally, it might be simpler to just include the address of the person making the edit in your email subject, and just have all the emails send from one account. That way you know who made the edit, but don't need to have every user create a trigger and do all the extra checking.
I have a project where I am using Selenium to test the Facebook auth. I created a Facebook app, created a test user inside this app and created some tests using Facebook login. Until now, it was working. But during the last two weeks something changed in Facebook and my tests are failing. It is due to interface changes in permissions dialog (I am targeting the button by his id). The second problem is that I don't get the email address from Facebook test user but a proxy email which is longer than 75 characters (my db field length is hardcoded in framework I am using).
If I log in as a regular user, it is working correctly and I get this permission box:
But when I log in as the test user I created (via 'switch to' in app's developer roles), I get this box:
I tested it ~2 weeks ago and this was yet working. Today it is changed. So my questions:
How to get back the old permissions box for test users?
How can I get the real email address and not the proxy?
Thanks!
I experienced the same problem with the Auth Dialog. I tried it with some old and new apps with various settings including March/Apr. 2013 Breaking Changes enabled/disabled, but it didn't help.
However, I guess I can help you with the email problem. When you login as a test user and go to account settings page, you will see the test user's primary email addres. By default this should be a really long one like the image I attached.
Facebook Platform returns this primary email address. If you pass the Auth Dialog with your test user account and see the privacy setting page, you will find the default primary email address is shared with the app. You have to provide a new email address for the test user and set the new one as primary email address via account setting page.
Why is the Login Dialog different with a test user?
With your test user, you can see the future of login dialogs. In fact, this isn't "not working" but this is an update which was unveiled on December 2012. Let me quote:
Our Login dialogs have undergone a redesign to make it easier to
understand permissions that apps request. We've simplified
presentation and have also updated our language for greater clarity.
“Basic info” has been renamed to “public profile and friend list,” to
reflect what what is being shared. Apps accessing your public profile
get your name, profile picture, age range, gender, language, country
and other public information.
Source: Providing People Greater Clarity and Control, developers.facebook.com/blog
The reason why you don't meet this update with a regular user, is that Facebook doesn't use to update everyone at the same time. They partially launch updates depending on the country, the type of account or some other parameters I ignore.
Example of a partial update (unified_message FQL table) dedicated to developer accounts:
We are providing early access to this API for registered developer
accounts only until the new messaging system is broadly available. You
should use the message table for production applications at the
current time.
In our case, we now know that test users can access to the update, but it is also said:
We have already launched many of these improvements as part of our
iOS6 integration and are now rolling them out more broadly.
About proxy emails
In fact, proxy emails are a way for any users to keep their real email anonymous. You have to consider proxy emails.
When joining an app, the user can choose between a real email and a proxy email:
Other thing you need to expect are users who didn't validate their account when connecting to your app, a case which is possible as described here and here.
Then, why do test users give back a proxy email? Because test users (being bots and having fake emails) didn't validate their emails.
You see that in at least 3 cases (and finally, test users are a good example), you need to handle these proxy emails. They are incidentally or accidentally met by developers and they can't be neglected. For your case, you can still try to disallow tests users who have a proxy email from accessing your app. But you should accept them and shouldn't force them to share their original e-mail addresses. A better solution is that you validate the test users emails:
Connect to the test user account that gives a proxy email
Add an email address (password needed here),
Go to the email mailbox and click on the validation link,
Set the new email address as primary,
The test user should now give his original email and not a proxy anymore!
I am pretty new to joomla. I have been working on the maintenance of our company's website.
Coming to the issue, the website has a 2-step user registration process where users will fill up the registration form, once they submit, a verification mail will be sent to them with the activation link. Once they click on the activation link in their mail, they will be activated.
Now, since this is getting us a lot of junk users we want to change this process.
What we want to do is :
When a user wants to register, he will be asked for his email-id.
Once the email is provided and submitted, a mail will be sent to him along with the activation link.
After the activation link is clicked he is brought to the website for further registration.
Only after this, the user will be put in our database as a valid user.
So basically, first I want to check if the email is a valid one and only then proceed with registration because email-ids are very important for our business
Please help.
Thanks in advance,
Akshay
In the Database table where he will provide his email ID create a field namely "Status" that will only take Active and Inactive only. And you can use that to determine if user is active or not.