Email security notifications

[FlxMgdnz]

Currently, Hanko backend only sends emails for passcode authentication.

Add a new config option to enable / disable account security notifications.

If enabled, send security notification emails to the user's primary email address on

• Password changed
• Email address added
• Primary email address changed (use primary email before the change)
• Passkey created

[irby]

@FlxMgdnz Would we want to configure each of these scenarios individually?

[irby]

@FlxMgdnz I’ll take on this item

[FlxMgdnz]

@FlxMgdnz Would we want to configure each of these scenarios individually?

@irby I think it would be better to be able to toggle each warning individually, yes.

[prashantug21]

@FlxMgdnz Is this issue available?

[Fer-Win]

@FlxMgdnz If no is currently working on it or you would want someone else to work on it. Let me try it please..Assign it to me...

[irby]

@Fer-Win I am currently working on this one. About 80% done, ran into an issue I'm working to resolve before I can get a PR up :)

[Fer-Win]

@irby ok fine, let me know if any other issue opens up

[irby]

@FlxMgdnz I'm assuming emails sent out should be recorded in an audit log, correct?

Do we want to refactor the SMTP settings? Currently, these configuration settings are setup under passcode, but obviously as we include security notifications these will no longer only apply to passcodes.

[FlxMgdnz]

@irby yes we should log the emails.

SMTP settings refactoring makes sense imho.

[irby]

@FlxMgdnz It'll make sense to break out the SMTP settings refactor into its own PR. Do you want me to create an issue for this change, or can I link it to this issue?

[FlxMgdnz]

Right, that makes sense. Linking to this issue/comment should be sufficient. Thanks @irby !