fix: to update isEmailVerified while updating email

[iamhks]

Description

Fixes #8990
Made changes to fetch the identities array and update isEmailVerified for the old email

Demo

Testing scenarios

• Scenario A: In case of multiple values in identities array

  • I have updated the code to update the last occurrence in the array assuming that is the latest identity

• Scenario B: Confusion w.r.t "changed email mentioned in bug description"

  • If the changed email refers to old email then the PR is good, else I'll just have to tweak 2-3lines of the code
  • My assumption was the old email is no longer an active user and hence we need to remove verification for the same, but in case the expectation was that the new user will also be auto verified and we need to make that isEmailverified as false (although unlikely since user creation process is different but pls let me know if my understanding is incorrect)

Final checklist

• I checked the code review guidelines
• I have added Metrics Representative as reviewer(s) if my PR invovles metrics/data/analytics related changes
• I have performed a self-review of my code, the same way I'd do it for any other team member
• I have tested all cases I listed in the testing scenarios and I haven't found any issues or regressions
• Whenever I took a non-obvious choice I added a comment explaining why I did it this way
• I added the label Skip Maintainer Review Indicating the PR only requires reviewer review and can be merged right after it's approved if the PR introduces only minor changes, does not contain any architectural changes or does not introduce any new patterns and I think one review is sufficient'
• PR title is human readable and could be used in changelog

[Dschoordsch]

-1 instead of having a separate update call, we should update the identities array in the updateTable('User') call further below. We should also find the identity matchin AuthIdentityLocal and update that one explicitly.

[iamhks]

Sure, updated the PR. Please have a second look.

[mattkrick]

we can't throw here because SSO signups won't have an identity #9202.

[mattkrick]

TBH this mutation should be rewritten if we start dipping into identities. There's an assumption that the identity stays the same, only the email changes, which we can only verify by talking to the user. This mutation should work for SSO or google identities, too, which this new code will break.

I'd suggest we hold off for now as this work isn't eating our lunch, but breaking current functionality could impact our customer service folks. In a better future we'll just enforce email verification upon signup so we can reduce the number of spam account & do away with the flag all together

[iamhks]

Alternatively, we could also remove just the else part of the code, throwing no error.
This would not break the existing functionality and keep working for LOCAL identities.
As and when SSO identities are implemented, this mutation can also be updated.

[mattkrick]

totally down for that! as long as API doesn't break current functionality I'm happy

[iamhks]

Great! I have update the PR accordingly, tested the same; works for both Google Auth and Local.

[Dschoordsch]

Looks good except for some style issues.

[Dschoordsch]

-1 Please remove. The comment states the obvious and just adds clutter

[Dschoordsch]

+1 In our code base we usually destructure fields. Also the Array suffix is not necessary as it's typed and identities is already plural. So we would move l35 up here and it would look like

const {id: userId, identities} = user

[Dschoordsch]

+1 typing in the find is not necessary as you've cast already the array itself.

[Dschoordsch]

+1 There is no point in repeating the logic in a comment. It's ok to have a block comment for structuring, or even better to state the intent of the change, so something like

// unset isEmailVerified

or

// changing the email means it's no longer verified

would be better, but if in doubt, omit the comment