Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

It's not possible to update your email address #6

Open
Nautman opened this issue Nov 14, 2020 · 5 comments
Open

It's not possible to update your email address #6

Nautman opened this issue Nov 14, 2020 · 5 comments

Comments

@Nautman
Copy link
Member

Nautman commented Nov 14, 2020

There is no such field in updateUser.

digitalungdom-api/src/api/validators/user.ts

Lines 66 to 95 in 5725e49

const updateUser = [
body("username")
.optional({ nullable: false, checkFalsy: true })
.isString()
.isLength({ min: 3, max: 24 })
.matches(/^(\w+)$/)
.custom(async function (username: string, meta) {
const req = meta.req as Request;
const user = await req.services.User.getUserByUsername(username);
if (user) {
throw new Error();
}
return true;
}),
body("firstName").optional({ nullable: false, checkFalsy: true }).isString().isLength({ min: 1, max: 512 }),
body("lastName").optional({ nullable: false, checkFalsy: true }).isString().isLength({ min: 1, max: 512 }),
body("birthdate").optional({ nullable: false, checkFalsy: true }).isISO8601({ strict: true }).isBefore().toDate(),
body("gender").optional({ nullable: false, checkFalsy: true }).isString().isIn(["MALE", "FEMALE", "OTHER", "UNDISCLOSED"]),
body("profileColour").optional({ nullable: false, checkFalsy: true }).isString().isHexColor(),
body("profileStatus").optional({ nullable: false, checkFalsy: true }).isString().isLength({ min: 0, max: 32 }),
body("profileBio").optional({ nullable: false, checkFalsy: true }).isString().isLength({ min: 0, max: 1000 }),
body("profileURL")
.optional({ nullable: false, checkFalsy: true })
.isString()
.isURL({ protocols: ["http", "https"] }),
];

@kelszo
Copy link
Member

kelszo commented Nov 15, 2020

This is a problem since I don't know how to handle it. Should we just accept if they want to update their email or require some confirmation?

@Nautman
Copy link
Member Author

Nautman commented Nov 15, 2020

Hrm. I think it would be good to require them confirming through a token / link sent to their email.

@Nautman
Copy link
Member Author

Nautman commented Nov 15, 2020

Perhaps a similar functionality to confirm your email could be used when deleting your account? Although, it might be unnecessary since the user has logged in with that email. But it reduces the risk that someone deletes the account maliciously.

@Nautman
Copy link
Member Author

Nautman commented Nov 27, 2020

I believe this should be included in the minimum viable product. At the very least, there should be a confirmation front-end wise where you have to type in the email address twice and that you acknowledge that it is impossible to regain control of your account if you no longer have access to that email (unless you reach out to us).

@Nautman
Copy link
Member Author

Nautman commented Nov 28, 2020

The board decided this isn't necessary for MVP.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Nautman @kelszo