happy-river
commented
4 years ago Don't merge this yet, because I'm going to add a check to make sure that login tokens from before the re-registration don't work afterwards.
Closed happy-river closed 4 years ago
happy-river
commented
4 years ago Don't merge this yet, because I'm going to add a check to make sure that login tokens from before the re-registration don't work afterwards.
happy-river
commented
4 years ago I realized in the course of adding the check to make sure that login tokens sent before reregistering don't work that it won't be an issue unless someone changes the time before login tokens expire to be longer than the time before reregistration is allowed, but, in service of defensive programming, here it is.
Polsaker
commented
4 years ago LGTM
With
require_valid_emailsturned on inconfig.yaml, users can't log in unless they click a link in an email sent to them. If they misspell their email address they won't get the email, and then there is no way to activate that account. Fix this problem by making it possible to re-register a never-confirmed account with a different email address after two days.Add a new
UserMetadatakey,previous_invitecode, for keeping track of the invite code used to originally register the account, so that in a future update to the invite code UI, admins can see which invite codes led to confirmed user accounts.