User emails are required

[rjkerrison]

We have two user stories that share a solution:

As a stakeholder in this business, I want to distinguish verified human users, So that I can ignore or exclude bots

As a forgetful member, I want to receive a password reset link So that I can access my account

Design

As-is

When users sign up, they do so without providing an email.

To-be

Flow for new users:

• All users when signing up will provide an email

Flow for existing users:

• When signing in, users without an email address are prompted to provide one

Once we have an email associated with an account, verification works as following:

• We send the user an email with a verification link
• Users' emails are marked as verified when the link has been used

Development

We will add an email field to the User model.

We will add email to the fields sent at signup.

We will add an additional route for updating a user. It will authenticate the user based on a user token, and it will allow for changing the email.

Any action which sets a user email address should trigger the sending of a verification link to that email address.

Future related development

We can use verified emails to facilitate account management, including password recovery and delete requests.

We can also use email to notify users of upcoming saved events, new showings for saved movies, or new upcoming showings at their saved cinemas.