Open lautarodragan opened 5 years ago
It's possible to lock oneself out of the account by changing the email address to an address we don't own.
https://github.com/poetapp/frost-api/issues/875, while necessary, doesn't mitigate this.
The whole change email address system should be more complex — account should keep the same email address, but add new one as newUnconfirmedEmail to the database, and only switch upon confirmation.
newUnconfirmedEmail
It's possible to lock oneself out of the account by changing the email address to an address we don't own.
https://github.com/poetapp/frost-api/issues/875, while necessary, doesn't mitigate this.
The whole change email address system should be more complex — account should keep the same email address, but add new one as
newUnconfirmedEmail
to the database, and only switch upon confirmation.