Allowing users to change emails is surprisingly tricky:
- if they verified their email, are they allowed to change it?
- if so, can they use the new email for anything as long as it’s not verified, or does it stay in pending state? for how long?
- if it’s in a pending state, can someone signup with a "pending state" email?
- does the email change need to be validated by sending a validation email to the previous email addresses?
- once changed, can an email address be reused for another account? That’s a dangerous one but if you don’t support it you end up shamed on HN with "OpenAI doesn’t allow me to create an account with an email address that used to be associated with an account on their platform but isn’t anymore"
I’m probably missing 10 more bullet points.
I bet most comments in this thread didn’t think beyond "UPDATE accounts SET email = $1"
- if they verified their email, are they allowed to change it?
- if so, can they use the new email for anything as long as it’s not verified, or does it stay in pending state? for how long?
- if it’s in a pending state, can someone signup with a "pending state" email?
- does the email change need to be validated by sending a validation email to the previous email addresses?
- once changed, can an email address be reused for another account? That’s a dangerous one but if you don’t support it you end up shamed on HN with "OpenAI doesn’t allow me to create an account with an email address that used to be associated with an account on their platform but isn’t anymore"
I’m probably missing 10 more bullet points.
I bet most comments in this thread didn’t think beyond "UPDATE accounts SET email = $1"