From 04ecf44c2f78ae29911027352a3e9fb21187e20c Mon Sep 17 00:00:00 2001
From: Patrick Figel <patrick@figel.email>
Date: Tue, 2 Jan 2018 16:55:00 +0100
Subject: Add confirmation step for email changes (#6071)

* Add confirmation step for email changes

This adds a confirmation step for email changes of existing users.
Like the initial account confirmation, a confirmation link is sent
to the new address.

Additionally, a notification is sent to the existing address when
the change is initiated. This message includes instruction to reset
the password immediately or to contact the instance admin if the
change was not initiated by the account owner.

Fixes #3871

* Add review fixes
---
 config/initializers/devise.rb | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'config/initializers')

diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index 64c4e12ff..07912c28b 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -137,6 +137,9 @@ Devise.setup do |config|
   # Setup a pepper to generate the encrypted password.
   # config.pepper = '104d16705f794923e77c5e5167b52452d00646dc952a2d30b541c24086e647012c7b9625f253c51912e455981e503446772973d5f1638631196c819d7137fad4'
 
+  # Send a notification to the original email when the user's email is changed.
+  config.send_email_changed_notification = true
+
   # Send a notification email when the user's password is changed
   config.send_password_change_notification = true
 
@@ -160,7 +163,7 @@ Devise.setup do |config|
   # initial account confirmation) to be applied. Requires additional unconfirmed_email
   # db field (see migrations). Until confirmed, new email is stored in
   # unconfirmed_email column, and copied to email column on successful confirmation.
-  config.reconfirmable = false
+  config.reconfirmable = true
 
   # Defines which key will be used when confirming an account
   # config.confirmation_keys = [:email]
-- 
cgit