Skip to content

Feature: Add recovery email (backup email) support #40

New issue
New issue
Open
Open
Feature: Add recovery email (backup email) support#40
@leodip

Description

@leodip
leodip
opened on Nov 29, 2025

Summary

Allow users to set a secondary "recovery email" that can be used for account recovery (password reset) if they lose access to their primary email.

Use Case

  • User loses access to primary email (account compromised, forgot password, provider issue)
  • User can use verified recovery email to receive password reset links
  • Industry standard feature (Google, Microsoft, etc.)

Current State

The User model has a single email with verification:

  • Email, EmailVerified
  • EmailVerificationCodeEncrypted, EmailVerificationCodeIssuedAt

Password reset (/forgot-password) only checks the primary email.

Proposed Implementation

Database Changes

Add fields to users table (all 4 database types):

recovery_email TEXT,
recovery_email_verified INTEGER NOT NULL DEFAULT 0,
recovery_email_verification_code_encrypted BLOB,
recovery_email_verification_code_issued_at DATETIME

User Model Changes

RecoveryEmail                          string
RecoveryEmailVerified                  bool
RecoveryEmailVerificationCodeEncrypted []byte
RecoveryEmailVerificationCodeIssuedAt  sql.NullTime

New API Endpoints (Self-Service)

Endpoint Method Description
/api/v1/account/recovery-email PUT Set/update recovery email
/api/v1/account/recovery-email/verification/send POST Send verification code
/api/v1/account/recovery-email/verification POST Verify recovery email

Modified Flows

  • Forgot Password: Check both email and recovery_email columns when user requests password reset
  • Admin User Management: Allow admins to view/set recovery email

Validation Rules

  • Recovery email must be different from primary email
  • Recovery email must be verified before it can be used for password reset
  • Same verification pattern as primary email (6-char code, 5-minute expiration, 60-second resend cooldown)

Audit Events

  • updated_own_recovery_email
  • verified_recovery_email
  • sent_recovery_email_verification
  • used_recovery_email_for_password_reset

Files Affected

  • src/core/models/user.go
  • src/core/data/*/schema.sql (all 4 database types)
  • src/authserver/internal/handlers/handler_forgot_password.go
  • src/core/constants/constants.go (audit events)
  • New handler files for recovery email endpoints

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions