Rocket.chat: E-Mail verification settings do not work

Created on 1 Sep 2017  路  8Comments  路  Source: RocketChat/Rocket.Chat

Description:

Rocket.Chat is able to sent an email to a new user in order to verify the email address. The admin can switch this option on and off via the setting "Accounts_EmailVerification".

Expected behavior:

When setting "Accounts_EmailVerification" to false in the admin panel, no email verification is in place (meaning: sending no email to an user, asking for a click on the provided link).

Actual behavior:

If "Accounts_EmailVerification" is false, an verification email is sent anyway.

Server Setup Information:

  • Version of Rocket.Chat Server: 0.58.1
  • Operating System: Linux
  • Deployment Method(snap/docker/tar/etc): AWS
  • Number of Running Instances: 2
  • Node Version: v4.5.0

Steps to Reproduce:

  1. Configure SMTP
  2. Set "Accounts_EmailVerification" = false
  3. Register a new user with a valid email adress
  4. The user will receive a verification link

You can set in (1) the value "true", try it, and make another iteration with "Accounts_EmailVerification" = false. Every time, an email will be sent.

accounts email bug
Source
picture janrudolph

Most helpful comment

@SeanPackham okay, but how will you ensure that is issue is handled if you close it?

picture janrudolph on 13 Mar 2018
1 👍1

All 8 comments

try updating the version to the most recent version i.e 0.59.0 @janrudolph

madguy02 picture madguy02 on 4 Sep 2017

@janrudolph Take a look at my comment here https://github.com/RocketChat/Rocket.Chat/pull/8110#issuecomment-330199295

Currently we don't have an option to not send the confirmation email, that option define if users will be allowed to login without verified emails. We need to improve the label description.

Please open a new issue if you want a new setting to control if we should send the confirmation email, that will affect some internal logics like the sending of offline messages that we only send to verified emails.

Thanks

rodrigok picture rodrigok on 5 Dec 2017

@rodrigok Oh okay, then updating the label is fine for me. Thanks for your reply. Do you open a new issue for that?

janrudolph picture janrudolph on 14 Dec 2017

Is there a way to have obligatory e-mail verification while using OAuth?
ie. I'd like to have OAuth as required but not sufficient (forcing people to verify e-mail, that they - independently from OAuth provide)

Gandalf-the-Grey picture Gandalf-the-Grey on 9 Feb 2018

Closing as this feature is not on our short term roadmap, we will revisit once other priorities have been addressed.

seanpackham picture seanpackham on 12 Mar 2018

@SeanPackham okay, but how will you ensure that is issue is handled if you close it?

janrudolph picture janrudolph on 13 Mar 2018
1 👍1

@jangmarker sorry if I misunderstood but it sounded like you were saying that no verification emails are sent went the configuration is disabled in the admin. Is this correct?

seanpackham picture seanpackham on 14 Mar 2018

Yes we really need a way to turn off e-mail verification entirely!

1. We do NOT want to send offline messages to our users' email!!!

2. In the case of invitation by e-mail, they are already verifying the e-mail that they've provided to us so that we could send them an invitation!

3. We require that new users be approved. When they receive the verification e-mail before the account is approved, the verification login won't work because they haven't been approved. This is confusing for the users!

ci5ic picture ci5ic on 16 Apr 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

royalaid picture royalaid  路  3Comments
Buzzele picture Buzzele  路  3Comments
karlprieb picture karlprieb  路  3Comments
sta-szek picture sta-szek  路  3Comments
Buzzele picture Buzzele  路  3Comments