Real Name is in from address in Email Notifications with "enable names" is disabled


(cpradio) #1

Per screenshot of forwarded email to me from another member at our instance.

Steps to Reproduce:

  1. Create two accounts and enter their real names either at signup, or with “enable names” enabled.
  2. Disable “enable names”
  3. Post a topic as User 1 and logout
  4. Reply to User 1’s topic, using User 2.
  5. User 1 should get an email notification FROM the “real name” of User 2.

Expected:
FROM should be generic or the User 2’s username

Actual:
User 2’s real name is being exposed to another member.


(Jeff Atwood) #2

Sure @techapj can you prioritize this fix please?


(Arpit Jalan) #3

I just tested this, and it’s working as expected for me.

To disable full name in emails, you have to disable enable email names setting under Email tab. Are you sure you disabled that setting?


(Jeff Atwood) #4

FYI @cpradio this is yet another reason it’s safer not to collect data you don’t want displayed.


(cpradio) #5

@techapj, I had no idea that setting existed, I’m asking our admin to verify how it is set. Stay tuned (we are in completely different time zones, so the response will likely be much later today).

I don’t necessarily disagree, but, I can easily point out numerous large sites that do this today. I do disagree with how easy you seem to think it is given the number of entry points that exist. Chances are, I’ve missed several more. I didn’t create this problem, just simply uncovered it.

However, I will say this much. Giving users the ability to remove data collected at signup (even through third party authenticators – ie, facebook, github, etc) still seems like a win to the users (think more of: if you enter a real name, we’ll use it, otherwise, we’ll use your username – then there is little need for the site settings to begin with and users control it). But I think we are getting off-topic.


(Jeff Atwood) #6

And you would remove that data by not collecting it in the first place. Less fields equals less complexity and a simpler user experience.


(cpradio) #7

@techAPJ, we definitely have the enable email names disabled on our instance (just got confirmation on that). Do you know what file specifically utilizes that setting when it determines what name to use so I can look for the bug and see if it was fixed in a later commit? I’d hate to waste too much of your time, if this was eventually fixed elsewhere.

Edit: I think I found it. user_notifications.rb

Explain that in our current predicament. We have two site settings to control the same thing - use full/real name, which if enabled can permit users to enter data and then have the ability to enter/update that data revoked by changing the settings.

I don’t agree with your statement (again, this is getting us off-topic).

Furthermore, my suggestion gave two options: If real name is entered, use it, otherwise, use username.
The existing implementation is already more complicated than that (just saying).


(cpradio) #8

@techAPJ, okay, seems to work on latest. I found the commit on Oct 21st that created the setting. Unfortunately, we are still in progress of upgrading to latest and are currently on a release that was created on Oct 23rd. Chances are your commit isn’t part of that release.

I could have sworn, I switched to latest and re-ran my test, but maybe I forgot to restart the application? Sorry about that.

I’ll let you know if this goes away once we’ve implemented the upgrade.

cc: @HAWK


#9

Which will be at the start of next week.


(Jeff Atwood) #10