Flagsmith
"Change Email Address" requires a password, but not all users have one
How are you running Flagsmith
- [ ] Self Hosted with Docker
- [ ] Self Hosted with Kubernetes
- [X] SaaS at flagsmith.com
- [ ] Some other way (add details in description below)
Describe the bug
In the account settings, we provide an option for users to change their email address, which requires a password to confirm the change. When using Google, GitHub or SSO for login, users do not have a Flagsmith password so this functionality cannot be used.
Steps To Reproduce
- Go to https://app.flagsmith.com/account as a GitHub, Google or SSO user
- Click on "Change Email Address"
- A password is prompted, but none exists
Expected behavior
Either disable this option for users without passwords, or provide some mechanism for users to actually change their email address.
Optionally, it would be nice to have some indication of the user's auth_type in this same setings menu, to remind the user of what they've used to log in in the past.
Screenshots
No response
@matthewelwell Hello. I am thinking of an approach and would need your opinion
The solution could be similar to the one issue you linked, but asking only the current email for new email change doesn't feel so "secured"
Whenever the user wants to change the email address, we could have an Authorize with (GitHub/Google) button that reauthorizes. The handshake and url redirect should rightfully redirect back to the same state, allowing user to change the email address directly
We could also show a label stating how the user signed-up for the account initially - password / sso
@existentialcoder I'm not sure that will work all that well since a user that wants to change their email address, but had previously auth'd with Google / Github quite probably wants to do so because they no longer have access to that Google / Github account. I suggest that for now, we just remove the option for changing email address when auth'd with github / google.