Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 417709

Summary: When email confirmation could not be send there is not way to re-send it.
Product: [ECD] Orion Reporter: Malgorzata Janczarska <malgorzata.tomczyk>
Component: ServerAssignee: Anthony Hunter <ahunter.eclipse>
Status: CLOSED WONTFIX QA Contact:
Severity: normal    
Priority: P3 CC: ahunter.eclipse, chrisconley15, eclipse, ken_walker, malgorzata.tomczyk, mayra.fernandez.813
Version: 4.0Keywords: helpwanted
Target Milestone: ---Flags: ken_walker: review? (malgorzata.tomczyk)
Hardware: PC   
OS: Windows 7   
Whiteboard:
Attachments:
Description Flags
confrmation email re-send if not account not activated none

Description Malgorzata Janczarska CLA 2013-09-20 11:28:04 EDT 
There should be a way to resend email confirmation if it could not be send or if user lost it.
Right now the walkaround for it is to remove your email and add it again.
Comment 1 Ken Walker CLA 2013-11-01 17:00:13 EDT 
*** Bug 420916 has been marked as a duplicate of this bug. ***
Comment 2 Chris Conley CLA 2013-12-19 23:10:01 EST 
I've started too poke around on this a bit and see how the email confirmation works. If I'm correct in what I've grepped together, when you attempt to login, that gets handled by FormOpenIdLoginServlet.java. This weekend, I'm going to try to get UserEmailUtil.java to send a new confirmation out automatically when you try to sign in and FormOpenIdLoginServlet tosses back the "Your account is not active. Please confirm your email before logging in" error. I'll see where it goes then I can improve on it as I go.
Comment 3 Chris Conley CLA 2014-01-14 00:24:23 EST 
Created attachment 238948 [details]
confrmation email re-send if not account not activated
Comment 4 Chris Conley CLA 2014-01-14 00:27:25 EST 
Added an initial patch, re-sends another confirmation email if the user tries to log in with an account that is hasn't been activated.
Comment 5 Malgorzata Janczarska CLA 2014-01-17 11:19:02 EST 
This patch generally works, but my concern is that we allow to resend the email confirmation on and on. If somebody keeps trying to log in he may send dozens of emails to the same email account and this is before we confirmed if this is his account.
The other thing that this will be a perfect place to do DoS attack if left this way. I think there should be some kind of limitation for sending this email and I'm not sure if it should be send without user's explicit request, for instance "Your account is not active. Please confirm your email before logging in. Click _here_ to resend the confirmation email"
Comment 6 Michael Rennie CLA 2017-01-10 15:43:28 EST 
Closing as part of a mass clean up of inactive bugs. Please reopen if this problem still occurs or is relevant to you. For more details see:

https://dev.eclipse.org/mhonarc/lists/orion-dev/msg04002.html