Closed happy-river closed 4 years ago
Don't merge this yet, because I'm going to add a check to make sure that login tokens from before the re-registration don't work afterwards.
I realized in the course of adding the check to make sure that login tokens sent before reregistering don't work that it won't be an issue unless someone changes the time before login tokens expire to be longer than the time before reregistration is allowed, but, in service of defensive programming, here it is.
LGTM
With
require_valid_emails
turned on inconfig.yaml
, users can't log in unless they click a link in an email sent to them. If they misspell their email address they won't get the email, and then there is no way to activate that account. Fix this problem by making it possible to re-register a never-confirmed account with a different email address after two days.Add a new
UserMetadata
key,previous_invitecode
, for keeping track of the invite code used to originally register the account, so that in a future update to the invite code UI, admins can see which invite codes led to confirmed user accounts.