By default, devise uses an email address for sign up and sign in.
But I want that the email address should be allowed to be changed by the user.
If I allow the user to edit the email address, and the user specifies an "incorrect" (i.e. a typo by mistake) email address and then user signs out, and the user also forgets what the typo'ed email was, now the user account is inaccessible by the user!
How to best work around this? (except for creating a separate, unchangeable username field that will always allow user to login)
You can force the user to confirm his account again if he changes his email.
Once, you updated the password of the concerned user, you need to un-confirm the user, and then re-send the confirmation email.
To unconfirm the user :
user = User.find(1)
if user.confirmed?
  user.confirmed_at = nil
  user.save(:validate => false)
end
To resend the email confirmation :
user = User.find(1)
user.send_confirmation_instructions
Hope this help !
Devise does this out of the box. Here is the info from the initializer:
# If true, requires any email changes to be confirmed (exactly the same way as
# initial account confirmation) to be applied. Requires additional unconfirmed_email
# db field (see migrations). Until confirmed new email is stored in
# unconfirmed email column, and copied to email column on successful confirmation.
config.reconfirmable = true
In confirmable module you may see how it works.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With