This change requires the user to submit a preferred email address when signing up with a new account. This will allow us to:
Prevent outside users from registering given we have a list of expected emails (TODO #13)
Recover a user's account by using their account email instead of them giving their email which has security holes (DONE)
One TODO is that the account recovery email should generate a token which expires once the user changes their password and successfully logs in but, since we currently don't have a last_login field for the user, I chose to generate a token which expires after an hour.
This change requires the user to submit a preferred email address when signing up with a new account. This will allow us to:
TODO#13)DONE)One
TODOis that the account recovery email should generate a token which expires once the user changes their password and successfully logs in but, since we currently don't have alast_loginfield for the user, I chose to generate a token which expires after an hour.Fixes #12.