Open shea256 opened 10 years ago
jamesonjlee
commented
10 years ago You can always change a user's email address, you just need to give a user a way to alter their User.email (say via a form). I don't think there is a built-in method nor is there anything preventing you from doing it.
@rxl you can always gittip matt (https://www.gittip.com/mattupstate/) :money_with_wings:
shea256
commented
10 years ago Yes, you're right, I would also like to resend the confirmation email, though, which I could trigger. However, I just thought it'd be interesting to have a standard view, just like there is one for password reset, etc.
mattupstate
commented
10 years ago This type of view is often very specific to the application's "profile" view. I don't believe it should be baked into Flask-Security.
shea256
commented
10 years ago What do you mean by specific? I see it as working just like the change password feature when the user is logged in.
And I should clarify why I think there should be a separate method for this. If you want to allow the user to change his/her email, you really need to do a few things:
As far as what I have observed, this is the best practice. Because this requires several steps and isn't as simple as just providing a form to change the email (which would be highly insecure), it'd be much easier for developers to have a specific endpoint for this functionality.
mattupstate
commented
10 years ago @rxl I see your point. That certainly is a good practice, especially if you've got the SECURITY_CONFIRMABLE flag set.
shea256
commented
10 years ago Yes, exactly. And if SECURITY_CONFIRMABLE isn't set, then this method could just be deactivated, like other methods are based on other settings.
jirikuncar
commented
7 years ago Possible implementation is shown in #656 by @Jaza.
Would be a cool feature. Sorry if this was covered in another issue but I searched for it and nothing came up.
Also, separate but is there a way I can pay for this? I feel like I'm opening more issues than I'm helping with (which is like 1) and would love to contribute but just don't have as much time as I would like. I really like this project and appreciate what you're doing.