ASP.NET Identity rollback unverified email change

Question

At the moment this is a general question with no code as I am looking for a BEST practices example to my question:

1. User issues an email change request. (done)
2. A link is sent to the new address to confirm the new email. (done)
3. User clicks the confirmation link and the DB update is complete. (done)

What also needs to happen is when the confirmation link is sent for the change, an email should also be sent to the original email address where the user can click a link to reverse the process for whatever reason. I would think also that even if the new email address was accepted, if the original link denies the change it reverts and 2) if the original email reverts and then the new email link is confirmed, that the request would then be denied.

Any direction or code on this matter would be greatly appreciated.

Answer 1

Seems like a simple bit field in the database user record would suffice, or an associated database record would work too. When both emails are sent, mark the field for that user, let's call it "ChangeEmailSent" to 1. When either email is clicked, the field should be updated to 0. The actual changing of the email should only occur if the field is 1.

Some pseudo-code if you like

private void CancelEmailChange(email)
{
    var user = Database.GetUser(email);
    user.ChangeEmailSent = false;
    Database.Save();
}

private void ProcessEmailChange(email)
{
    var user = Database.GetUser(email);
if (user.ChangeEmailSent)
{
    user.email = getNewEmailAddress();  //whatever logic for a new email
    user.ChangeEmailSent = false;
    Database.Save();
}

}