On Apr 06, 2016, at 06:08 PM, Aurelien Bompard wrote:

>In that case, how should this address be validated? Should Postorius
>consider that the login system always validates addresses and set them as
>verified in Mailman? Should it ask mailman to verify the email addresses
>when it encounters a user's un-verified address? This does not seem
>possible in REST at the moment (unless I missed it), and should be
>protected against multiple checks.

This is why POST on members (i.e. create a subscription) has a pre_verified
flag, which defaults to False.  The core already has a subscription workflow
to send the address a confirmation email if the subscribing address is not
already verified, and pre_verified is False.

(It will send a similar confirmation email if pre_confirmed is False and the
mailing list is set to confirm or confirm_then_moderate.)

By default, confirmation can only effectively happen by email reply, but the
intent is that you could modify the confirm.txt template[1] to include the
appropriate link back into Postorius which would effect the same verification
step as a mail-back.  This link would POST to <api>/addresses/<email>/verify
to verify the user's email address.

Thinking about it the terms you describe above, I guess there's another
workflow that isn't directly covered.  When Postorius creates the user, an
address is also created and linked to the user, but it cannot be set as the
preferred address until it's verified.  I can see where you might want to send
the verification email at some point before a subscription event, so that the
linked address gets verified and thus could be set as their preferred
address.  If that's a use case you think we need, do file a bug.  I don't
think it would be too difficult to implement.

Cheers,
-Barry

[1] Or w.r.t. GL issue #112, set a 'confirm.txt' template URL.
_______________________________________________
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Reply via email to