My app allows for inviting users to join their team. My goal is to allow the email AND the accept_invite page to display that organization’s name and the user’s email address. It all works well currently - I’ve built it so that, when a member admin invites a new user it creates a new user account for them and sends them an email with a password reset link that brings them to invite_accept.
In that email I include an ‘accept’ link that includes params for bubble’s built-in unique ID for the user (?u=xxxxxx) and bubble’s built-in unique ID for the organization (&c=xxxxxx). I use those IDs to pull the user’s email and org’s info into the welcome page like so:
The problem I’m facing is that, until the user finalizes their account creation the user isn’t logged in, so I’m essentially having expose the user’s email to the ‘everybody’ rule in the privacy settings. I made sure to deny API access to any of these fields, but I don’t want to build a giant security/privacy hole into this interface.
so…
Question 1 - Is this a security hole that I need to be concerned with?
Question 2 - If so, is there any way to lock down this page specifically to avoid exposing too much data publicly?
Question 3 - Has anyone else built something similar that has any insight into making sure that this is as secure as possible?