Existing authenticated users must re-enter their information, even if it is in CiviCRM, including their email address. This allows an authenticated user to change their email address without having any opt-in confirmation. Thus a user could put in someone elses email address other than theirs, causing a site to spam someone. Also, a user could mistype their email address thus changing it from good, to bad and not receiving a confirmation.

Fields should be prepopulated for existing users.
Changing email address should trigger email confirmation to old and new address, not until change is confirmed should old email address be eliminated.

Comments

morbus iff’s picture

morbus iff
they/them
commented
Assigned: Unassigned » morbus iff

I can see this becoming a preference, disabled by default. There are particular instances and scenarios where existing records in the CiviCRM database need to be "read-only" and unmodifiable by anyone but the admin. Note that there already is preliminary support for existing users within the code - if the submitted email address of a petition matches anything in CiviCRM, we use that as reference. Unfortunately, we use that only as a reference for activity history -- we don't actually update any data they've submitted. So, I'd be willing to support two new administrative options: a) prefill logged in users contact information and b) allow contact information to be modified (though, here, I'd probably hook into the CiviCRM access permissions defined in administer > access). Would this approach solve your problem?

GregoryHeller’s picture

GregoryHeller commented

Morbus, i think that the options you list (a and b) would satisfy my reqs.
The UI will be important (ie what messages a user, or petition signer sees when they run up against civicrm permissions not letting them modify their data).