Mastodon: Broken email validation in instances.
A user tried to create an account with "username@domain" missing the ".tld" part and surprisingly their account was created on my instance.
They of course now cannot create a valid account as their desired handle has been taken, suggesting that the basic email validation is broken.
On that note, any guidance on helping me edit the db at backend would be a sure help.
Thanks a lot.
- [x] I searched or browsed the repo’s other issues to ensure this is not a duplicate.
raisedadead
All 5 comments
Email validation would be a pretty good thing to do. Meanwhile, you can do a DELETE FROM accounts WHERE username='USERNAME'; and DELETE FROM users WHERE email='EMAIL@DOMAIN'; in Postgres to delete their account, and they can then re-create it. Like always when you deal with a database, do a backup beforehand (pg_dump mastodon_production or something).
wxcafe
on 9 Apr 2017
in #1131, @goingtomaine raises the point that there could be a timeout : if after some time the user hasn't confirmed their email, the username could be freed.
wxcafe
on 10 Apr 2017
if after some time the user hasn't confirmed their email, the username could be freed.
Agree, this could be very useful. Alternatively, can we add this as a feature in the admin UI, for releasing users for unconfirmed emails?
Of course, this may be taken up as a separate issue, because the current is scoped only to email validation in the form itself.
raisedadead
on 10 Apr 2017
I created #1418 about this
wxcafe
on 10 Apr 2017
There are times when domains without TLDs are valid, such as on a private network. This is working as intended.
Gargron
on 20 Apr 2017
Related issues
lauramichet
·
3Comments
KellerFuchs
·
3Comments
selfagency
·
3Comments
hidrarga
·
3Comments
thomaskuntzz
·
3Comments