Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Sending email change request activates user without password #4226
If an email is changed on a pending user and the user clicks the confirmation link, their accound is activated without them having set a password.
Idealy the confirmation link would either keep the users status and simply change their email, or act as an activation email and redirect the user to the set password page.
Steps to reproduce