Closed rhythnic closed 4 years ago
Use an EmailAddress model to track user emails. It has a relationship to user, and stores the email address, a verified boolean, and a unique token for rejecting a new email address. When an email is updated, send an email to the current primary email address, create a new EmailAddress, and update the user record. If the old email rejects the change, replace user's email with old email.
Decision made in meeting to remove email feature, and use email field on user only as a contact reference.
The email verification system in place is supposed to be setup to allow the current email to reject a changed-to email, but the DB record that would allow the current email to reject it is deleted once the new email accepts the change.