-
-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Modify any subscription #2047
Comments
I know it's not great, but a subscriber can click on the link included in the email to manage their subscription. |
Right. I think the subscriber should have to follow a link from their email in order to modify the subscriptions. They should not be able to modify the subscription by "re-subscribing" with a previously registered email address on the status page. You should just receive the 'Cannot subscribe [email protected] because they're already subscribed.' and not the component list. Perhaps kick off an email to that person that prompts them to modify their subscriptions by following a link. |
Oh, sorry:
Yes, I agree that this is incorrect behaviour. |
Not anymore you can't! :) |
I've got a regression on this bug.... What version of Cachet? 2.3.13 |
Before submitting your issue, please make sure that you've checked the checkboxes below.
php -v
.rm -rf bootstrap/cache/*
.What version of Cachet? 2.3.9
What database driver? MySQL? Postgres? SQLite? MySQL
What version of PHP? 7.0.3
Expected behaviour
Please describe what you're expecting to see happen.
Subscriptions should not be modified by anybody besides the subscriber.
Actual behaviour
Please describe what you're actually seeing happen.
Subscriptions can be modified by anybody that provides the email address. For an organization using Cachet, those email addresses may be predictable.
Steps to reproduce
If your issue requires any specific steps to reproduce, please outline them here.
Subscriptions will be updated accordingly.
The text was updated successfully, but these errors were encountered: