Disable My Profile functionality?

user3

Hi,

Is it even possible to disable the "My Profile" functionality on Enhance?

I find that if you use a billing platform like WHMCS, ClientExec or Blesta, the plugin will create a user (organization) on Enhance with the email that was on the billing platform.

Now, a user can go to Enhance and change their email to anything they want (even without verification!). So if they set up an email address that doesn't exist on the billing platform, and then a client registers a new account on the billing platform with that email address, Enhance will throw a 409 Conflict because that email already exists.

In addition to this, it's extremely confusing to the end user when they have 2 platforms they can update their email address and password and they're not atomic. In my opinion, Enhance should have an option to disable My profile management entirely so that we can manage it via the API on billing entirely.

I find it ludicrous that this hasn't occurred to the team until this point? Is there a solution to this? I can probably set up some web server rules to block the endpoints to manage profile, but IMHO this should be a functionality.

Adam

We can certainly consider this as a feature request, we could add a feature toggle to disable profile changes. It would also need to disable user invites.

I think the scenario you describe is rather an extreme edge case. There is no danger to this because the source of truth is always the orgId rather than any of the invited users.

Nickske00

Hey @Adam , not so sure the scenario is an extreme case.

I sign up via billing platform with the email nick@domain.com, the account gets created and then the system uses the api to create my enhance account.

I go to the enhance panel and change my email to adam@domain.com

Now you register on the billing platform (with adam@domain.com, I'm still using nick@domain.com in the billing platform, so no problem for the billing platform), the system wants to create your account on the enhance platform and errors because I changed my email to adam@domain.com. No enhance account for you.. 😉

You could mitigate this at the moment by having the billing platform check the data in enhance at set intervals (for example once a day). The billing platform would have to fetch the email and if it's different from it's own data change it back. I'm not so sure if this will be a heavy task once you get a lot of customers...

twest

Nickske00 you propose it's perfectly normal that a regular customer should login to their hosting account and randomly change their email address to something that's NOT their email? And then you expect that someone that DOES own that random email address will just happen to try signing up for service from you and run into this issue?

To what end would a customer even do that? Because they're daft or something? They want to lose access to their account or stop getting important notifications, etc?

I think the odds of that happening is probably something like 1 in 1,000,000,000. When that one in a billion situation comes up, then it's a 3 minute support ticket.

What's ludicrous is you guys pearl clutching at such a non issue. It's funny tho 😆

Nickske00

twest Must be a nice world where people can't make typos. 😉 I'm sure something like a gmail, hotmail, outlook, ... can cause a problem. And as a developer you should never trust the user. 😉

user3

twest @Adam

Whilst most of the things you described are true here, the issue arises when you have a huge web hosting company with thousands of users.

At some point, you should expect that some of the users are not there for the service (especially if you offer free/discounted services) and may attempt to compromise/attack your system for financial gain.

Imagine an attacker gains access to one customer's Enhance account, either through social engineering or a weak password. Since profile management is non-atomic, the attacker can change the email address to one they control. Now, they can receive password resets, manage the websites or see notifications meant for the legitimate user.

Additionally, imagine you have thousands of users and they all started mixing up emails. A non-atomic system can't be good no matter how you put it, especially when tons of custom integrations may depend on the accounts being consistent and in sync.

Your response clearly shows that you've never dealt with active clients. Are you aware that things that may seem obvious to you are not to them?

If billing handles authentication, profile management, there's even no need to have a password authentication feature, as well as password resets at all because logins are always SSO. What's the point of implementing SSO if you can't even disable normal logins?

Principle of least privilege, please!

josedieguez

twest until they ask you for support, and you confirm their email to help them, and boom, "i cant find a client with that email"... "oh you changed it in enhance panel, but is different on our billing panel, thats why we couldnt find it".

That would be an Amateur reply from a hosting company pov.

Same happens with DA ability to change the main domain, and your whmcs clientexec or wathever, wont know that change.

adil

The best solution will be not be able to change the email of the customer AT ALL from their side, only the Admin can do it or enable an option for this feature to let users edit their email or not, and would be great if there will be some kind of sync, between WHMCS & Enhance, for the user Full Name, Email, Company Name.