Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor Subscriber Flow #3102

Closed
jbrooksuk opened this issue Jun 17, 2018 · 1 comment · Fixed by #3705
Closed

Refactor Subscriber Flow #3102

jbrooksuk opened this issue Jun 17, 2018 · 1 comment · Fixed by #3705
Labels
GDPR Refactor Security Issues with security in Cachet
Milestone
v2.4

Comments

@jbrooksuk
Copy link
Member

jbrooksuk commented Jun 17, 2018
edited
Loading

The subscriber flow is currently completely wrong and actually a security vulnerability.

All emails should be sent with the List-Unsubscribe header.

A decent flow looks like this for new users:

  1. A user enters their email address to subscribe.
  2. Fire a "Confirm your subscription" email.
  3. Redirect the user back to the status page, notifying them that they'll receive an email shortly.
  4. The user clicks the link and is taken to the "Manage your subscription" page, importantly with a verified URL.
  5. Any subsequent emails to this user should include Unsubscribe and Manage your subscription links as per Refactor all emails to use Markdown views #3101

The flow for people who are already subscribed:

  1. A user enters their email address to subscribe.
  2. Fire a "Manage your subscription" email.
  3. Redirect the user back to the status page, notifying them that an email has been sent to their inbox to manage their subscription.
  4. The user clicks the link and is taken to the "Manage your subscription" page, importantly with a verified URL.

If anyone has any thoughts/ideas on how we can improve these workflows, please let me know.
@jbrooksuk jbrooksuk added Refactor Security Issues with security in Cachet GDPR labels Jun 17, 2018
@jbrooksuk jbrooksuk added this to the V2.4.0 milestone Jun 17, 2018
This was referenced Jun 17, 2018
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
@jbrooksuk jbrooksuk mentioned this issue Jun 27, 2018
Closed
@ghost
Copy link

ghost commented Jun 27, 2018

Let's do it!

It would also be nice if users can subscribe to component groups rather than selecting each component alone. If there are a lot of components it uncomfortable for users to do this and hence they might not do it at all (bad user experience). :)

@jbrooksuk jbrooksuk mentioned this issue Jun 29, 2018
Closed
Naugrimm added a commit to Naugrimm/Cachet that referenced this issue Jan 24, 2019
@Naugrimm
cachethq#3102 fix redirects when adding subscribers/verifying them
e8dda75
Naugrimm added a commit to Naugrimm/Cachet that referenced this issue Jan 24, 2019
@Naugrimm
CachetHQ/Cachet/cachethq#3102 add List-Unsubscribe header
e7f1cd9
Naugrimm added a commit to Naugrimm/Cachet that referenced this issue Jan 25, 2019
@Naugrimm
cachethq#3102 fix redirects when adding subscribers/verifying them
2f49657
Naugrimm added a commit to Naugrimm/Cachet that referenced this issue Jan 25, 2019
@Naugrimm
CachetHQ/Cachet/cachethq#3102 add List-Unsubscribe header
eba7e80
@Naugrimm Naugrimm mentioned this issue Jan 25, 2019
Closed
@tejaswivinod tejaswivinod mentioned this issue Feb 9, 2019
Closed
@jbrooksuk jbrooksuk mentioned this issue Jul 12, 2019
Merged
Naugrimm added a commit to Naugrimm/Cachet that referenced this issue Jan 26, 2020
@Naugrimm
cachethq#3102 fix redirects when adding subscribers/verifying them
cb14f44
Naugrimm added a commit to Naugrimm/Cachet that referenced this issue Jan 26, 2020
@Naugrimm
CachetHQ/Cachet/cachethq#3102 add List-Unsubscribe header
f9366c7
@Naugrimm Naugrimm mentioned this issue Jan 26, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
GDPR Refactor Security Issues with security in Cachet
Projects
None yet
Milestone
v2.4
Development

Successfully merging a pull request may close this issue.

Improved subscriber handling cachethq/cachet
1 participant
@jbrooksuk