Partner's non-verified business email change reflected into Shopify Collaborator Request

## Details In https://partners.shopify.com a Partner must validate his email address prior making a request to manage a store. An email is then being sent to the Shop owner and it only includes the Partner's Business Name and it also links to the **Collaborator Request Review** to either accept or decline it. Taking that into consideration, if a Partner's change his email address without validating it once a request is sent, the Shopify shop owner's is being displayed the non-verified business email which could lead him to accept a malicious user. ## Steps to reproduce 1. Login to your Partner's account which has a verified email 2. Make a request to add a managed Shopify Store to your account 3. Go to Settings and update your **Business Email** 4. Login to the managed Shopify shop and review the Collaborator Request, the non-verified email will be displayed As a side note, this also leads to Information Disclosure (https://hackerone.com/bugs?report_id=853919) as if the above process is done and you do change the Partner's email to let's say [email protected], once the Collaborator Request is accepted and you Log-in through the Partner's dashboard, you'll be shown [email protected] stores into the dropdown. ## Demo ██████ ## Impact A Partner's is being able to spoof his confirmed email address by a non-verified one in store management request