Gitea: Option to hide users' email address

There is a PR https://github.com/go-gitea/gitea/pull/336 to resolve this, please discuss there.

I am ok with continuing the discussion over there, but I think it is the wrong way around. A newcomer will normally search the issues and not the pull requests. (That was exactly what I did and I did not find that someone was already working on my issue. The discussion on Gitter helped me a lot, so I decided to open this issue)
The issue should be discussed as an issue and the discussion on the pull request should be about the proposed solution.
This issue should stay open until there is a solution (like PR #336 has been merged). This would also be the right way according to the Contribution Guidelines.

@lunny this extends on #336, I'd like to keep this one open until it's all resolved :)

@derSuessmann My proposal is this:

• Have user-setting for displaying ones email. Migration should set this to true for backwards compatability.
• Have a site-wide option DEFAULT_SHOW_EMAIL=boolean which sets the default for newly created users, should also be set to true by default for the same reason

Thoughts?

DEFAULT_SHOW_EMAIL should be configurable from /install just like Offline-Mode etc...

I agree, but would prefer DEFAULT_KEEP_EMAIL_PRIVATE as it has a positive logic and includes the hiding of the real email address in git log. My proposal for a change is:

User requirement
The user of Gitea may want to keep his email address private from other users to prevent email harvesting for UCE or stalking.

Change requirements

• The change _must not_ change the behavior of an updated installation (REQ1). If an existing installation is updated with the changed version, the email address of all users will still be visible until they change their settings.
• The change _must_ enable a user of Gitea to decide whether his email address will be shown (REQ2). This _should_ be implemented as a user setting in the Profile section below the Email address. The option _should_ be called "Keep Email Private" in the dialog and KeepEmailPrivate as a field in the user struct.
• The change _must_ introduce a new site-wide option DEFAULT_KEEP_EMAIL_PRIVATE (REQ3). If the option is true all new user will get KeepEmailPrivate set to true, otherwise false.
• The email address _must not_ be shown to other users on the explore/users and users profile pages if KeepEmailPrivate is true (REQ4).
• The email address _should_ be replaced with a concatenation of the user name in lower case, "@noreply" and the domain name from the settings (<LowerName>@noreply.<DOMAIN>) in the git log, if KeepEmailPrivate is true (REQ5).
• An ApiFormat() call _should_ return the same email address as shown in the git log (REQ6). This requirement is linked to (REQ5).
• The value of DEFAULT_KEEP_EMAIL_PRIVATE _should_ be set on the install page (REQ6).
• The change _does not_ differentiate between what is visible to an administrator and a normal user on the explore/users and users' profile pages.

All requirements can be fulfilled. I have just pushed the code to the keep-email-private branch in my fork. First tests were successful.

@derSuessmann I like it, please make a PR 😉 Only think I can say up front is WRT REQ5, that would be <LowerName>-noreply@<Domain> otherwise you'll end up in someones spam-filter 😄

I think the email address should be a special domain like noreply.<domain>. The reason is simply I do want my email server get all the mail for invalid users. Perhaps it should even be users.noreply.<domain> to keep it more Github-like. This will help users already using Github. As nobody should use this email address for sending an email I think it is quite OK if it may end up in a spam filter.

Finally, I came to the conclusion that it would be best, if the site administrator could configure the domain of the email address for the "Keep Email Private" users in git log.

• The email address should be replaced with a concatenation of the user name in lower case, "@" and a domain name from the settings (<LowerName>@<NO_REPLY_ADDRESS>) in the git log, if KeepEmailPrivate is true (REQ5-NEW).
• There _should_ be a site-wide setting for the NO_REPLY_ADDRESS (REQ7).

right, that makes even more sense. Now for git-log... we can't do that without rewriting the git history, which is completely out of the question for a ton of reasons 😒

Perhaps, I should be clearer:

• The email address should be replaced with a concatenation of the user name in lower case, "@" and a domain name from the settings (<LowerName>@<NO_REPLY_ADDRESS>) in the git log for _new commits by the user_, if KeepEmailPrivate is true (REQ5-NEW).