Major confusion for subscriptions during user registration

Created on 21 September 2021, over 3 years ago
Updated 22 July 2023, over 1 year ago

Problem/Motivation

Users who subscribe during registration receive two emails, sent in this order:

  1. Register email address confirmation. This allows the user to login, but doesn't confirm the subscriptions.
  2. Subscription confirmation (even for silent subscription which would be particularly baffling!). This confirms the subscriptions but doesn't allow the user to login.

Introduced to fix a security bug in #3049356: Anon user can alter any anonymous subscription .

Steps to reproduce

  1. Configure a newsletter with the setting "Subscribe new account" anything except none.
  2. A new user registers, and selects to subscribe to the newsletter.

Proposed resolution

Depends on 🐛 Model for confirmations is flawed Fixed

  1. In simplenews_user_profile_form_submit(), if there are subscriptions then call Subscriber::loadByMail($checkTrust = TRUE) and save the subscriptions in the resulting subscriber.
  2. In simplenews_user_login(), simplenews_user_view(), SubscriptionsAccountForm::buildForm() pass call Subscriber::loadByUid($unconfirmed = TRUE). For the latter two, if the subscriber is unconfirmed then output form text indicating that.
  3. Fill in the missing code in simplenews_user_login() by setting the subscriber to confirmed and saving.

Remaining tasks

User interface changes

API changes

Data model changes

🐛 Bug report
Status

Fixed

Version

4.0

Component

Code

Created by

🇬🇧United Kingdom adamps

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.71.5 2024