Users can change their email from profile settings. They will be logged out immediately. Users can log in again with the updated email without verifying the same. This is a security problem.
So this change enforce the user to reconfirm the email after changing it. Users can log in with the updated email only after the confirmation.
Fixes: https://huntr.dev/bounties/7afd04b4-232e-4907-8a3c-acf8bd4b5b22/
Addresses: #402
- migrations to split roles and other attributes from users table
- make changes in code to accommodate this change
Co-authored-by: Sojan Jose <sojan@pepalo.com>
Co-authored-by: Pranav Raj Sreepuram <pranavrajs@gmail.com>
* Add `invited_by` foreign key to User
Allows for a User to be tied to the user who invited them
* Include `current_user` in new agent initialization parameters
* Add `shoulda-matchers` for testing associations
* Add Inviter information and associated account to welcome email
* Only show inviter info if applicable
* Update conversation spec for FFaker compatibility