Skip to content

feat: add domain verification #17832

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Apr 8, 2025
Merged

feat: add domain verification #17832

merged 7 commits into from
Apr 8, 2025

Conversation

miketheman
Copy link
Member

@miketheman miketheman commented Mar 21, 2025
edited
Loading

To minimize the potential for an account takeover via an expired email domain, lay the groundwork for periodically checking a domain's status.

  • Add two columns to Email to track the latest status and when it was checked
  • Add a new domain status interface and service implementations
  • Add Admin UI elements to display and manually run a check
  • Config and tests for the functionality

After this is place and confirmed working, I'll add a periodic task to check records periodically, and start to think about what we'd want to do if it's no longer active.
@miketheman miketheman added feature request admin Features needed for the Admin UI (people running the site) email Related to emails labels Mar 21, 2025
@miketheman miketheman requested a review from a team as a code owner March 21, 2025 20:15
@miketheman miketheman marked this pull request as draft March 21, 2025 20:15
@miketheman miketheman force-pushed the miketheman/domain-verification branch from 3e07a63 to dc30b12 Compare March 21, 2025 20:17
@miketheman miketheman force-pushed the miketheman/domain-verification branch 3 times, most recently from 8851c37 to da27834 Compare April 3, 2025 19:14
@miketheman miketheman marked this pull request as ready for review April 3, 2025 19:23
@miketheman miketheman added the security Security-related issues and pull requests label Apr 3, 2025
@miketheman
feat: add domain verification columns to Email
2b611f3 
Signed-off-by: Mike Fiedler <miketheman@gmail.com>
@miketheman
feat(admin): surface domain status in UI
24d3f76 
Not the most beautiful, but good enough to start with. It was interesting to learn about the ability to reflect back some data from the underlying object through the form, thanks `unverify_reason`! Signed-off-by: Mike Fiedler <miketheman@gmail.com>
@miketheman
feat(admin): manually execute domain check
048e161 
Signed-off-by: Mike Fiedler <miketheman@gmail.com>
@miketheman
chore: add missing comment to migrations
a976fb7 
Signed-off-by: Mike Fiedler <miketheman@gmail.com>
@miketheman miketheman force-pushed the miketheman/domain-verification branch from 717f037 to a976fb7 Compare April 4, 2025 18:33
@miketheman miketheman merged commit aaa7a72 into pypi:main Apr 8, 2025
20 checks passed
@miketheman miketheman deleted the miketheman/domain-verification branch April 8, 2025 14:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

admin Features needed for the Admin UI (people running the site) email Related to emails feature request security Security-related issues and pull requests

2 participants

@miketheman @ewdurbin