As Adam I want the user to verify that (s)he own the email that (s)he has provided.
When a new user is created with an email address, then the system will send an email requesting verification to the new user. (The system doesn't require an email address when creating a user.)
After email is changed by the user or by the administrator, an email is sent requiring the user to verify their email address.
When an existing email is changed to a new email, then the old email will be used for notifications until the new email address has been verified.
There is a visual indication showing the email address that is verified (in this case the old email address) and an email address has been changed and is pending verification.
The verification email title:
(most likely the first option as this mimic what we do for other user related emails)
The sent email content:
When an email has been verified, the Email Verified checkbox in user details is updated as checked.
If the verification email is sent and not verified by the user within 12 hours of being sent then the email will expire.
New POST /users/auth/verifyEmail endpoint is added