Alternative email support in v2 #1210
Description
Is your feature request related to a problem? Please describe.
As part of V2 we've moved to committer email being the determining factor for tying changes to a user.
In order to support cases where a user's email used to log in doesn't match the email used to make commits changes will be necessary.
Describe the solution you'd like
There are a few approaches we might want to implement:
- Users manually add alternative emails themselves
- They're initially unverified & there's a process to verify ownership
- could email a code that they enter
- could email a link they click
- They're initially unverified & there's a process to verify ownership
- Provide a API for registering alternative emails on behalf of users
- Scrape an API for alternative emails
This should also probably be configurable:
- Fully disable alternative emails
- Allow specific methods of registration
- Probably rules on what emails can be added
- Maybe unnecessary as enforced by commit config already?
- Maybe apply the exact same rules when alt emails are submitted?
- Potentially optionally allowing unverified emails (default would be verified only)
- could be a stopgap and easiest implementation, wouldn't be worse than the GH username used previously.
Basic data:
- alternativeEmails: list
- email: string
- verified: boolean
Could also have a timestamp for verification and have a re-verification mechanism but overkill IMO
Describe alternatives you've considered
Changing how user's auth is a bit tricky. Other than that there's not much of an alternative beyond the implementation options above.
Additional context
Add any other context or screenshots about the feature request here.