Skip to content

Add support for secure email change with conflict resolution and verification flow #106

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Add support for secure email change with conflict resolution and verification flow #106

wants to merge 4 commits into from

Conversation

astratyandmitry
Copy link

This PR introduces support for safe email changes by allowing users to set a unverified_email and confirming it through the standard email verification process.

What's included:

  • unverified_email field added to users table
  • Logic to safely switch verified email after confirmation
  • Automatic cleanup of:
    • Unverified users who reserved the same email
    • Conflicting unverified_email reservations
  • Updates to VerifyEmailController and a new VerifyUserEmail service class
  • Adjustments to the profile view to support pending email changes
  • Event Verified is dispatched after a successful commit
  • Full test coverage for both conflict scenarios

Why?

Previously, a user could set email directly, bypassing email verification and blocking others from using that address. This PR resolves the issue by decoupling pending email updates from the actual verified email and confirming them via a secure flow.

@astratyandmitry
feat(auth): add support for email change verification with conflict c…
016b7f7 
…leanup.

- Introduced unverified_email support for Users wishing to change email
- Added VerifyUserEmail job to handle safe transition and remove conflicts
- Modified VerifyEmailController to use new logic during verification
- Updated migration to include unverified_email column
- Adjusted settings UI to support pending email change
@astratyandmitry
feat(auth): dispatch Verified event after successful email verification
6f208d6
@astratyandmitry
fix(profile): skip saving unverified_email if it matches the current …
4071a19 
…verified one.
@astratyandmitry
test(auth): add tests for purging unverified users on email verification
7640ae6
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@astratyandmitry