One of our users has two Discourse accounts, one that is no longer in use, and a new account that they’re not able to log into. The reason appears to be that their new account on our CAS SSO provider has the same email address set as their old account on our forum.
I experimented with my own test account, trying to deactivate it and deleting the SSO record. However that seems to prevent new logins for that account, due to the existing record no longer matching the SSO payload, and now the email address is seen as conflicting.
I also experimented with trying to change the email address on our user’s unused Discourse account so they could log in with that email address on their new account. However an email confirmation is required. I set up an email alias on our SMTP server so I could intercept an arbitrary address. However, when following the link, I need to log in as them via SSO. The problem with that is that I would have to reactivate the user’s account, set a new password, link their account to our member database, and create a false membership on our SSO provider. This is certainly possible to do, but I feel like I’m in a tangled web trying to correct this user’s account.
Going into the DB and making the change with some SQL queries is something I’ve done in the past, but that is risky, and I would rather avoid that approach if possible.
If it doesn’t break Discourse, I would love to have a feature allowing me to delete an email address on a deactivated account, rather than just setting the email address to unconfirmed.
If there are any other ways that I can handle this problem, please let me know. Thanks!