Email update and confirmation in Email bug?

Hi

I’ve been dealing with some issue related to User’s credentials update. In the workflow, when updating an email there is a checkbox which is written: “Send an email to confirm the email”.

However, even if it is checked, the email is already changed once clicked ‘confirm’ button, without the need to use the email confirmation to change to the new email submitted.

In the Bubble docs it is written like this about that functionality:

Send an email to confirm the email

Check this box to send an email to the user confirming the new email is valid and that the user can access it. This email contains a link that once clicked will set the user’s property ‘email confirmed’ to yes. Customize the content of this email in the Languages section in the Settings Tab. Look for ‘Email confirmation subject’ and ‘Email confirmation body.’

Hence it should not promptly change user’s email. Instead by checking this box the only way to change it is if user follows the link sent to the new email submitted. Right?

What am I missing here?

(In this case I’m an user using Social Login - which I’m not sure if it has something to do with the Bug or not).

Thanks

1 Like

I could replicate the behavior you mentioned, so you are not missing anything.

  1. Signed up a user with a real email.
    • The user is created with the email and email verified is no.
  2. Confirmed the email by clicking on the link in the mail.
    • Email verified is updated to yes.
  3. Updated the email address with another email by entering the current password.
    • It immediately updated the current user’s email in the system and email verified became no again.
    • There is no place to see the old email of the current user, or no directions what happens if the user doesn’t confirm the new email address.

Hi Hergin @hergin

Thanks for the reply. In fact, the steps I’m dealing are slightly different. Check if any might explain what I’m missing:

  1. User already logged in and submit old password and new email for updating user’s credentials.
  2. New email is updated without further steps of security.

I thought that the ‘sent email confirmation’ would create a new layer of security because the new email wouldn’t be automatically changed. But no.

Is there any way to improve this layer of just requesting old password to change the new email?
Thanks