From 75632e70f0d49048f4ce72a0fa8bbcbcd7b2d312 Mon Sep 17 00:00:00 2001 From: Marien Fressinaud Date: Thu, 29 Aug 2019 12:02:05 +0200 Subject: Provide email address verification feature (#2481) * Add an email field to the profile page I reuse the `mail_login` from the configuration. I'm not sure if it's useful today (I would say it was used when Persona login was available). A good improvement would be to rename `mail_login` into `email` so it would be more intuitive to use. * Add boolean to the conf to force email validation This commit only adds a configuration item. * Add email during registration if email must be validated * Set email token to validate when email changes * Block access to FreshRSS if email is not validated * Send email when address is changed * Allow to resend the validation email * Allow the user to change its email while blocked * Document the email validation feature * fixup! Allow the user to change its email while blocked * tec: Autoload PHPMailer lib * Validate email address format * Add feedback on validation email resend action * Allow to logout when user is blocked * fix: Change default email "from" * Reorganize i18n keys * Complete all the locales with default english * Hide sidebar (profile page) if email is not validated * Check email requirements on registration * Allow admin to specify email when creating users * Don't check email format if value is empty * Remove trailing comma in userController Co-Authored-By: Alexandre Alapetite * Set PHPMailer validator to html5 before sending email * fixup! Remove trailing comma in userController --- config.default.php | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'config.default.php') diff --git a/config.default.php b/config.default.php index 4c2ffa849..9d74940c1 100644 --- a/config.default.php +++ b/config.default.php @@ -33,6 +33,13 @@ return array( # Name of the user that has administration rights. 'default_user' => '_', + # Force users to validate their email address. If `true`, an email with a + # validation URL is sent during registration, and users cannot access their + # feed if they didn't access this URL. + # Note: it is recommended to not enable it with PHP < 5.5 (emails cannot be + # sent). + 'force_email_validation' => false, + # Allow or not visitors without login to see the articles # of the default user. 'allow_anonymous' => false, @@ -159,7 +166,7 @@ return array( 'username' => '', 'password' => '', 'secure' => '', // '', 'ssl' or 'tls' - 'from' => 'noreply@localhost', + 'from' => 'root@localhost', ), # List of enabled FreshRSS extensions. -- cgit v1.2.3