Update Account - hackforla/tdm-calculator GitHub Wiki
Update Your Account Form
If a user want to edit account details, the Update Account feature will allow them to update/modify it.
- User will be able to edit their First Name, Last Name and email address in Update Your Account page.
- Dev URL: https://tdm-dev.azurewebsites.net/updateaccount
- Prod URL: https://tdm.ladot.lacity.org/updateaccount
- GitHub location:
- Figma Design:
- WIKI TDM Calculator Figma Pages and Structure
- Figma [TDM Calculator Figma Pages and Structure, User-Facing Screens]
- Figma [TDM Calculator Handoff, User-Facing Screens]
- Issue Label on Issue tab: p-feature: My Account.
- Issue label on Project Board: p-feature: My Account.
This form is populated from the Account object of the logged-in user, since that contains the required information.
When submitted, it makes a Web API PUT request to /api/accounts/updateaccount to initiate the change process:
- The corresponding Login table record is updated with the new First Name, Last Name and Email information, the emailConfirmed flag is reset to 0 (i.e. false) so the user cannot login with this account until the email is confirmed.
- An email is then sent to the new email address with the subject line "Verify Your Account Updates". In this email the user is instructed to send an email to [email protected] if the recipient did not, in fact, request an update, or to click a provided link to verify the account update.
- If the user clicks on the link, then they are taken back to the application's
/confirm/<token>page, which will verify the request and make a Web API call to/api/accounts/confirmRegisterto confirm the change, which will set the emailConfirmed flag to 1, enabling the user to log in with the new email.
NOTE: (John D) This workflow probably needs to be re-thought, since there are problematic paths. For example:
- If the user mis-types the new email address, they will be unable to verify the new email, and will not be able to recover the account with the old email address, since it is already changed in the login table.
- They should not need to re-confirm their email if it hasn't changed
- The email address for them to contact should be a configuration variable based on the environment (dev, UAT, Production).
- There isn't any procedure a security admin could follow to resolve any problem that arises if the user attempts to change their email address.