kelszo
commented
4 years ago This is a problem since I don't know how to handle it. Should we just accept if they want to update their email or require some confirmation?
Open Nautman opened 4 years ago
kelszo
commented
4 years ago This is a problem since I don't know how to handle it. Should we just accept if they want to update their email or require some confirmation?
Nautman
commented
4 years ago Hrm. I think it would be good to require them confirming through a token / link sent to their email.
Nautman
commented
4 years ago Perhaps a similar functionality to confirm your email could be used when deleting your account? Although, it might be unnecessary since the user has logged in with that email. But it reduces the risk that someone deletes the account maliciously.
Nautman
commented
4 years ago I believe this should be included in the minimum viable product. At the very least, there should be a confirmation front-end wise where you have to type in the email address twice and that you acknowledge that it is impossible to regain control of your account if you no longer have access to that email (unless you reach out to us).
Nautman
commented
4 years ago The board decided this isn't necessary for MVP.
There is no such field in
updateUser.https://github.com/digitalungdom-se/digitalungdom-api/blob/5725e49f83298b65f9c9d19098cd7c95b3d6ee3c/src/api/validators/user.ts#L66-L95