Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1155361

Summary: RFE: Allow unverified users to create and translate their own projects
Product: [Retired] Zanata Reporter: David Mason <damason>
Component: Authentication-OpenID, UsabilityAssignee: Damian Jansen <djansen>
Status: CLOSED UPSTREAM QA Contact: Zanata-QA Mailling List <zanata-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: lbrooker, zanata-bugs
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-07-28 23:14:58 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1082840    
Bug Blocks:    

Description David Mason 2014-10-22 02:24:28 UTC 
Description of problem:

Users must verify their email address before performing any operations in the system. Users with unverified email addresses should be able to perform non-destructive reversible operations that do not have the capacity to harass other users.

 - allow signup process to complete without verifying email address
 - show a message at the top of the page warning that email is not verified. The message is shown until email is verified.
 - If user clicks "re-send activation email" several times (3 times), detect this and either offer to contact the admins, or automatically contact admins in the background.
 - show "(unverified)" next to username so that language coordinators can tell if someone is verified when they are adding a user to their team.

Security
 - block funcitons that send emails such as contact admin, request to join language team, contact language team coordinators. This could be done by adding a role such as "email_verified" that is required to perform operations that send emails.
 - to allow data into the system from unverified users, we need a way to identify and remove data from a user who turns out to be malicious.
Comment 1 Luke Brooker 2015-04-23 05:53:35 UTC 
Rather than:

"detect this and either offer to contact the admins or automatically contact admins in the background."

We should show something like:

Please verify your email address
A verification email has been sent to email, follow the instructions included in the email to verify your account.
Resend email | Update email address
Comment 2 Zanata Migrator 2015-07-28 23:14:58 UTC 
Migrated; check JIRA for bug status: http://zanata.atlassian.net/browse/ZNTA-79