yea i disagree very strongly here. while your specific use-case may seem straightforward enough to you, implementing a simple override in the UI for this would introduce a significant security risk for a very minor convenience gain.
the friction is a security feature!
so the inconvenience of having to use the rails console or toggle a site-wide setting is in fact, a critical security feature, since it acts as a “security brake” and forces an administrator to do a deliberate, high-friction process for a very sensitive operation.
changing a user’s email address is equivalent to handing over the keys to their account, since the new email address can be used to trigger a password reset, effectively locking the original user out and giving the new email owner complete control.
some primary attack vectors this friction prevents:
-
compromising admin accounts! - this is the most significant risk. if an attacker gains access to an admin’s account (through phishing, password reuse, etc), a simple UI button or toggle whatever, would allow them to silently and easily take over any other user’s account including other staff; the requirement for shell access via rails console provides a strong layer of security
-
social engineering! - this opens the door to social engineering. an nefarious intended user could impersonate a legitimate user and persuade an admin to change the email address for them; again the current high-friction process makes an admin much more likely to verify or consider the authenticity of the request
-
insider threat - a malicious admin could abuse this feature to take over accounts
for these kind of infrequent, high-risk administrative actions, the rails console is appropriate beause it ensures that teh person performing the action has server access and not a compromised session. plus the action is deliberate and requires specific technical knowledge (and it is logged in shell history).