-
-
Notifications
You must be signed in to change notification settings - Fork 166
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Proposal: allow sending invitations to the same email address multiple times #253
Comments
I think there needs to be a choice here because it may depend on the site specific rules. For example, an application might allow any existing user to invite new ones. However, the site administration may not want to see the user again if they was blocked. On the other hand, this is an unreliable way to block someone. Anyone can use mail aliases, plus-addresses and other email accounts. They won't have any problem if someone wants to invite them using another address. Therefore, this is more of an administrative problem than a technical one. This may prevent from unintentional mistakes, but on the other hand, this should only be applied to locked accounts and not to others. I'm not sure if this package is supposed to provide such a feature. |
Website administrators might want to block a person from being invited again, that does sound like a valid feature request. |
I would assume that the user who has the right to send out invitations has higher privileges and would not abuse the functionality to work out other users' emails.
|
I wanted to see what you thought about this, before I attempted to implement it.
If a user tries to create an invitation to an email address, they may receive this error, if another invitation exists with the same email address:
or:
They may also see this error, if there is a user account with that email address:
The problem with these errors is that they are potential security vulnerabilities. If I invite a user at a certain email address, I may not want that information leaked to other users as they send invitations. Likewise, if I sign up to a website using a certain email address, I may not want other users to work out that my email address was used to register an account on the website.
Here is another problematic scenario: a user may accept an invitation, and then subsequently, delete their account. They cannot be invited again to the website on the same email address, because of the error
AlreadyAccepted
.There is also a usability problem. Users may want to send an invitation email more than once. Maybe the last email was sent two years ago, and the invitee cannot be expected to root through their email archives to find it. These errors prevent invitation emails from being sent multiple times.
The text was updated successfully, but these errors were encountered: