Opened 2 years ago
Last modified 2 years ago
#57413 new defect (bug)
Updating a user email via rest api doesn't trigger confirmation email
Reported by: | dd32 | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | |
Component: | Users | Keywords: | has-patch has-unit-tests |
Focuses: | rest-api | Cc: |
Description
When a user changes their email address through wp-admin/profile.php
the email change is delayed until the user clicks a confirmation link in their email. This was implemented via #16470.
This doesn't happen when an administrator changes another users email address.
When a user updates their own email through the rest API (ie. POST /wp-json/wp/v2/users/1
) the confirmation email is also not triggered, and the email change occurs instantly.
This is because the code for the email confirmation is a UI-only method, it's not attached to the user update event, simply the profile.php page submission.
The PR that will be attached to this will re-work the existing code to more generalise it and call it from the REST API.
As part of that, the confirmation link being changed from wp-admin/profile.php
to /wp-login.php?action=confirm-email-change...
makes more sense to me.
This could have unintended effects, as those using the REST API might be expecting changes to occur without any further action from the user, such as when there is a custom front-end, which this will break. Implementations would need to be updated to use a filter to remove the email confirmation step.
Change History (3)
This ticket was mentioned in PR #3813 on WordPress/wordpress-develop by @dd32.
2 years ago
#1
- Keywords has-patch has-unit-tests added
2 years ago
#2
Some additional unit tests of send_user_email_change_confirmation_email()
and send_user_email_change_confirmation_process()
wouldn't go astray.
Strings, documentation, and function naming likely needs a second set of eyes.
#3
@
2 years ago
Something of note here, is that bbPress has it's own implementation of this functionality for it's user-edit page, to mimic the WordPress core behaviour.
https://github.com/bbpress/bbPress/blob/trunk/src/includes/users/functions.php#L215-L244
Trac ticket: https://core.trac.wordpress.org/ticket/57413