Right now if I change the email address, and use $authenticator->hasAction() to make sure the auth_action gets set, the user will be logged out. Normally what should happen, is log out every device, except the initiator.
Reason being, if I accidentally mistype the email address, there's no way for me to get back, and I don't see any reason why the user should be logged out.
This is what the code looks like:
// Email address confirmation upon change
if($email !== user()->email || $this->request->getPost('resend_activation')) {
$authenticator = auth('session')->getAuthenticator();
$result = $authenticator->check(['email' => user()->email, 'password' => $password]);
if($result->isOK()) {
$user = $userModel->getEntityBy('id', user()->id);
$user->fill(['active' => 0, 'email' => $email]);
(new \CodeIgniter\Shield\Models\UserModel())->save($user);
$userModel->updateUser(user()->id, ['email' => $email]);
(new EmailActivator())->createEmailActivateIdentity($user);
if($authenticator->hasAction()) {
return $authenticator->getAction()->show();
}
} else {
validation_message('error', "Can't change email. Wrong password.");
}
}
Right now if I change the email address, and use
$authenticator->hasAction()to make sure the auth_action gets set, the user will be logged out. Normally what should happen, is log out every device, except the initiator.Reason being, if I accidentally mistype the email address, there's no way for me to get back, and I don't see any reason why the user should be logged out.
This is what the code looks like: