change email workflow should not allow a user to lock themselves out of the account

adsabs / adsws

ADS web services

Other

2 stars 15 forks source link

change email workflow should not allow a user to lock themselves out of the account #49

Closed vsudilov closed 9 years ago

vsudilov commented 9 years ago

In the current implementation, a user can change their email to one to which they do not have access, thus locking themselves out of their account.

The most straightforward fix is to not perform the user.update(email=new_email) procedure until the new email has been verified. In this way, the change email workflow is a no-op until they visit the new email's verification link

vsudilov commented 9 years ago

clarification: POST to the change email endpoint is a no-op (except to send the verification email). visitng GET with a correctly de-coded link will result:

u = db.session.query(Users).filter(uid=uid) #uid should be decoded from the payload`
u.update(email=new_email)`

vsudilov commented 9 years ago

Consensus is to implement the above, and additionally send a courtesy notification to the current email