about summary refs log tree commit diff
path: root/config
diff options
context:
space:
mode:
authorPatrick Figel <patrick@figel.email>2018-01-02 16:55:00 +0100
committerEugen Rochko <eugen@zeonfederated.com>2018-01-02 16:55:00 +0100
commit04ecf44c2f78ae29911027352a3e9fb21187e20c (patch)
treeb7cd1393ef5c0a938d5c928327f563f4bb206290 /config
parentb6af88192ff48372c5f6ed1321f21d99aaffcd3f (diff)
Add confirmation step for email changes (#6071)
* Add confirmation step for email changes

This adds a confirmation step for email changes of existing users.
Like the initial account confirmation, a confirmation link is sent
to the new address.

Additionally, a notification is sent to the existing address when
the change is initiated. This message includes instruction to reset
the password immediately or to contact the instance admin if the
change was not initiated by the account owner.

Fixes #3871

* Add review fixes
Diffstat (limited to 'config')
-rw-r--r--config/initializers/devise.rb5
-rw-r--r--config/locales/devise.en.yml4
2 files changed, 8 insertions, 1 deletions
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index 64c4e12ff..07912c28b 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -137,6 +137,9 @@ Devise.setup do |config|
   # Setup a pepper to generate the encrypted password.
   # config.pepper = '104d16705f794923e77c5e5167b52452d00646dc952a2d30b541c24086e647012c7b9625f253c51912e455981e503446772973d5f1638631196c819d7137fad4'
 
+  # Send a notification to the original email when the user's email is changed.
+  config.send_email_changed_notification = true
+
   # Send a notification email when the user's password is changed
   config.send_password_change_notification = true
 
@@ -160,7 +163,7 @@ Devise.setup do |config|
   # initial account confirmation) to be applied. Requires additional unconfirmed_email
   # db field (see migrations). Until confirmed, new email is stored in
   # unconfirmed_email column, and copied to email column on successful confirmation.
-  config.reconfirmable = false
+  config.reconfirmable = true
 
   # Defines which key will be used when confirming an account
   # config.confirmation_keys = [:email]
diff --git a/config/locales/devise.en.yml b/config/locales/devise.en.yml
index 586c5349d..c5ae583ff 100644
--- a/config/locales/devise.en.yml
+++ b/config/locales/devise.en.yml
@@ -18,8 +18,12 @@ en:
     mailer:
       confirmation_instructions:
         subject: 'Mastodon: Confirmation instructions for %{instance}'
+      email_changed:
+        subject: 'Mastodon: Email changed'
       password_change:
         subject: 'Mastodon: Password changed'
+      reconfirmation_instructions:
+        subject: 'Mastodon: Confirm email for %{instance}'
       reset_password_instructions:
         subject: 'Mastodon: Reset password instructions'
       unlock_instructions: