Follow-up from "Send a confirmation email when the user adds a secondary email address"
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
The following discussion from gitlab-ce!14037 should be addressed:
-
@DouweM started a discussion: (+4 comments) @digitalmoksha Currently, it's not possible to add an email to your account if someone else already added it to theirs, even if they never confirmed it. The same goes for registering: I can't register using an email any user added to their account. This means that any user can effectively ban someone from ever registering with GitLab. That's obviously a problem :)
Now that we are getting secondary email confirmation, we could allow a user to add an email to their account even if someone else already added it to their profile before, as long as the other person hasn't confirmed their ownership of the email yet. Once one of the users confirms their ownership, it is removed from the other user, and no other users can add it to their accounts anymore.
To find the user for a given commit, we could use the earliest created email record if there are multiple. Note that if the email is confirmed by one user, all other email records will be deleted and there will only be one email record left, so we can still simply use the earliest created one.
When a user adds an email to their profile that is already in use (but unconfirmed), we can display a message like "Commits made using this email address will be attributed to user X until you confirm your ownership."
If you have time, do you think you could look into that?
/cc @smcgivern