This should handle the case when user changes the email. Before it was updated with no confirmation, now the update is pending untill user confirms the new email.
Add email confirmation when it is changed by a user
Merge commit 'upstream/master'
renamed confirmation_on_email_change property to reconfirmable and ad…
…ded reconfirmable explanations
reconfirmable uniqueness validations
Merge remote-tracking branch 'upstream/master'
In this line:
... +reconfirmable+: requires any email changes to be confirmed (exctly the same way as
'exctly' should be 'exactly'
But I really have a bigger question:
If I understand the code correctly this will not allow me to change an unconfirmed_email until it is confirmed. That seems a bit undesirable to me: If I want to change my email and I made a simple typo, why would I not be allowed to fix the typo? I would assume that just a new confirmation email be sent out to the revised (unconfirmed) email address and I can confirm that one.
I can see that my suggestion could be used to spam, but I am checking password when I allow the user to change the email.
Would it be possible to make the 'prevent_email_change' logic optional? Or am I missing another security hole that would get introduced by this?
Sorry. I just got confused by the naming 'prevent_email_change'. Now I stepped through the code and it is working just how I need it.
Perhaps a better name would be 'postpone_email_change_until_confirmation'?
prevent_email_change sounds so prohibiting...
Hmmm, but the way the code is currently it sends confirmation emails to the old email address. For me at least the confirmations serve the purpose that I know that an email address is valid, so I would expect them to go to the new address. Perhaps also a notification to the old one, but the main concern is to confirm the new one.
Also if I change the email twice (without confirming the first change) then record.email (not unconfirmed_email) is overwritten even without an accepted confirmation email.
Shame on me, now I really wonder how the hell did I screw this so much... It's really embarrassing, will try fixing ASAP
Not at all! Your code was extremely helpful to me!
I had to hack a bit because the project I am working on was using devise 1.2.1, but you can look at my patch file for that slightly older devise version and how I got it to do what I needed. I am very busy atm so not sure that I can clean it up for a pull request myself but in case it might help I put my patch in git://gist.github.com/1083882.git
Thanks for your code!
Hey Mandaryn, did you get a chance to update this code at all? I'd love to see this feature implemented.
I've created a new pull request with updated code located here: #1266
I had a problem with reconfirmable, I have set up everything to go with reconfirmable and when I change email address it tries to send email i.e I could see on rails console that devise send email to changed email , but the problem is I am not getting email at all , this is only in the case of reconfirmable , in all remaining cases (signup,password recover) I am getting the email .
I am not sure what is the (since its not raising any errors) , how to fix this ?
and I checked my db , devise is setting the unconfirmed_email value too !!!