[wp-trac] [WordPress Trac] #57413: Updating a user email via rest api doesn't trigger confirmation email
WordPress Trac
noreply at wordpress.org
Tue Jan 3 07:08:17 UTC 2023
#57413: Updating a user email via rest api doesn't trigger confirmation email
--------------------------+-----------------------------
Reporter: dd32 | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Users | Version:
Severity: normal | Keywords:
Focuses: rest-api |
--------------------------+-----------------------------
When a user changes their email address through `wp-admin/profile.php` the
email change is delayed until the user clicks a confirmation link in their
email. This was implemented via #16470.
This doesn't happen when an administrator changes another users email
address.
When a user updates their own email through the rest API (ie. `POST /wp-
json/wp/v2/users/1`) the confirmation email is also not triggered, and the
email change occurs instantly.
This is because the code for the email confirmation is a UI-only method,
it's not attached to the user update event, simply the profile.php page
submission.
The PR that will be attached to this will re-work the existing code to
more generalise it and call it from the REST API.[[BR]]
As part of that, the confirmation link being changed from `wp-
admin/profile.php` to `/wp-login.php?action=confirm-email-change...`
makes more sense to me.
This could have unintended effects, as those using the REST API might be
expecting changes to occur without any further action from the user, such
as when there is a custom front-end, which this will break.
Implementations would need to be updated to use a filter to remove the
email confirmation step.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/57413>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list