aarondl
commented
4 years ago Hi @Ashtonian.
It sounds like an interesting plan. I assume then that the confirm-email-update module as example would provide the ability to change a user's e-mail address (like a user edit) via various pages and html forms?
It's an interesting idea and I had pondered the notion for things we work on internally too, but decided to give it a pass mostly because of the handling of arbitrary forms is quite complex (as you can see from the register package) and I think that most user's edit pages will be quite complicated forms as well.
It's been expected that people write their own things for editing usernames/passwords/emails because these sorts of views are typically quite integrated with other pieces. There is utility to help people out in this endeavor: You can certainly use the same mailer interface to do confirmations, and there's a https://godoc.org/github.com/volatiletech/authboss#Authboss.UpdatePassword function to help maintain the same password functionality.
So currently updating is rather a bespoke thing, that's not to say that I think you shouldn't proceed, just wanted to give some background on how it was expected/designed originally.
I think one additional confirm workflow that I think is missing is requiring email/sms confirmation before a user updates their email/sms.
Example flow for user:
I would like to create a module(
confirm-email-update,confirm-sms-update) that addresses the above. Current plan is to start with a fork of the confirm module, but I wanted to check with you to see if there was anything I should know or advise you had?