View Issue Details

IDProjectCategoryView StatusLast Update
0021737mantisbtotherpublic2016-10-30 23:22
ReporteratrolAssigned Toatrol 
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version 
Target Version1.3.3Fixed in Version1.3.3 
Summary0021737: Users can't remove their real name from their account
Description

Real name can't be removed by using the My Account page.

TagsNo tags attached.

Activities

atrol

atrol

2016-10-03 12:08

developer   ~0054111

PR https://github.com/mantisbt/mantisbt/pull/911

dregad

dregad

2016-10-04 03:35

developer   ~0054120

I didn't look at the PR, but do we really want to allow users to remove their email address ? A lot of functionality relies on being able to send emails (e.g. password reset).

atrol

atrol

2016-10-04 13:42

developer   ~0054129

do we really want to allow users to remove their email address ?

not complete sure, but is it that bad?

  • changing to a wrong e-mail address (e.g. because of a typo) is even worse as it happens unintentional
  • removing the e-mail address is an easy way to (temporarely) deactivate all notifications.
  • removing the e-mail address is already possible for admins when using the manage user page.
dregad

dregad

2016-10-05 03:13

developer   ~0054131

changing to a wrong e-mail address (e.g. because of a typo) is even worse as it happens unintentional

That has always bothered me actually. IMO, we should ideally enforce a valid address, by only allowing the change after an activation e-mail has been actioned by the user (similar to new user account validation). But I guess that's outside the scope of this change.

I still feel it's conceptually wrong to set the email to blank (whether it's done by admin or user, makes no difference).

Using that as a trick to deactivate notifications, is also wrong. If this is a valid use case, then we should offer a "mute all notifications" option in the user profile, or something similar.

atrol

atrol

2016-10-05 05:15

developer   ~0054134

Changed description and updated PR to deal just with real name.

I still feel it's conceptually wrong to set the email to blank (whether it's done by admin or user, makes no difference).

Changing by admin is still possible and not changed in this PR as it's outside the scope of the change

vboctor

vboctor

2016-10-07 14:51

manager   ~0054175

I still feel it's conceptually wrong to set the email to blank (whether it's done by admin or user, makes no difference).

There are a couple of reasons where it makes sense for an admin to remove their email address:

  1. The emails are bouncing to such user affecting the reputation of the sending service or causing returned emails.

  2. System accounts that are used to report issues or add notes, but do not need email notifications.

The admin should have the power to do this for whatever reason. At the end of the day, if a user wants to reset their password and their email is blank, they will contact the admin to help them.

do we really want to allow users to remove their email address ?

I think that users should be able to change their email address, however, to handle this properly we need to have the concept of email vs. pending_email (or a token for storing pending email). When user modifies their email address, we have it as pending until the user verifies it, and then it gets set as email.

Related Changesets

MantisBT: master-1.3.x 224d0dee

2016-10-03 11:59:09

atrol

Details Diff
Allow users to remove real name from their account

Fixes 0021737
mod - account_update.php Diff File

Issue History

Date Modified Username Field Change
2016-10-03 11:51 atrol New Issue
2016-10-03 11:51 atrol Status new => assigned
2016-10-03 11:51 atrol Assigned To => atrol
2016-10-03 11:51 atrol Summary Users can't remove their real name and e-mail => Users can't remove their real name and e-mail address
2016-10-03 12:08 atrol Note Added: 0054111
2016-10-04 03:35 dregad Note Added: 0054120
2016-10-04 13:42 atrol Note Added: 0054129
2016-10-05 03:13 dregad Note Added: 0054131
2016-10-05 05:11 atrol Summary Users can't remove their real name and e-mail address => Users can't remove their real name from their account
2016-10-05 05:11 atrol Description Updated View Revisions
2016-10-05 05:15 atrol Note Added: 0054134
2016-10-07 14:51 vboctor Note Added: 0054175
2016-10-07 15:41 atrol Changeset attached => MantisBT master-1.3.x 224d0dee
2016-10-07 15:41 atrol Status assigned => resolved
2016-10-07 15:41 atrol Resolution open => fixed
2016-10-07 15:41 atrol Fixed in Version => 1.3.3
2016-10-30 23:22 vboctor Status resolved => closed