core: add support for changing account email

packages/core/api/index.js

@@ -256,8 +256,12 @@ class Database {
             await this.user.logout(false, "Account Deleted");
             break;
           }
+          case "userEmailChanged": {
+            await this.user.logout(true, "Email changed");
+            break;
+          }
           case "userPasswordChanged": {
-            await this.user.logout(true, "Password Changed");
+            await this.user.logout(true, "Password changed");
             break;
           }
           case "emailConfirmed": {

packages/core/api/user-manager.js

@@ -322,16 +322,42 @@ class UserManager {
     }
   }
 
-  async sendVerificationEmail() {
+  async sendVerificationEmail(newEmail) {
     let token = await this.tokenManager.getAccessToken();
     if (!token) return;
     await http.post(
       `${constants.AUTH_HOST}${ENDPOINTS.verifyUser}`,
-      null,
+      { newEmail },
       token
     );
   }
 
+  async changeEmail(newEmail, password, code) {
+    const token = await this.tokenManager.getAccessToken();
+    if (!token) return;
+
+    const user = await this.getUser();
+    if (!user) return;
+
+    const email = newEmail.toLowerCase();
+
+    await http.patch(
+      `${constants.AUTH_HOST}${ENDPOINTS.patchUser}`,
+      {
+        type: "change_email",
+        new_email: newEmail,
+        password: await this._storage.hash(password, email),
+        verification_code: code
+      },
+      token
+    );
+
+    await this._storage.deriveCryptoKey(`_uk_@${newEmail}`, {
+      password,
+      salt: user.salt
+    });
+  }
+
   recoverAccount(email) {
     return http.post(`${constants.AUTH_HOST}${ENDPOINTS.recoverAccount}`, {
       email,