-
Notifications
You must be signed in to change notification settings - Fork 428
Add an option to require email verification on sign up #739
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: dev
Are you sure you want to change the base?
Conversation
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
PR Summary
Implements required email verification option for user sign-up across the stack-auth system, with admin configuration controls and secure verification flows.
- Added
requiresEmailVerification
boolean field toProjectUser
model with Prisma migration and CRUD layer integration - Implemented email verification handlers in sign-in/sign-up flows with both OTP and magic link support
- Enhanced
OAuthModel
to check email verification requirements before token generation - Added
EmailVerificationRequired
error type and handler in client app implementation - Created admin UI toggle in dashboard for configuring email verification requirements per project
22 files reviewed, 6 comments
Edit PR Review Bot Settings | Greptile
apps/backend/src/app/api/latest/auth/email-verifiation-required/sign-in/route.tsx
Outdated
Show resolved
Hide resolved
✨ No issues found! Your code is sparkling clean! ✨ 🗒️ View all ignored comments in this repo
Need help? Join our Discord for support! |
@@ -0,0 +1,123 @@ | |||
import { sendEmailFromTemplate } from "@/lib/emails"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Typographical error: The directory/file name 'email-verifiation-required' appears to contain a spelling mistake. It should likely be 'email-verification-required'.
apps/backend/src/app/api/latest/auth/passkey/sign-in/verification-code-handler.tsx
Outdated
Show resolved
Hide resolved
apps/backend/src/app/api/latest/auth/password/sign-up/route.tsx
Outdated
Show resolved
Hide resolved
Documentation Changes Required
Please ensure these changes are reflected in the relevant documentation files to keep them in sync with the recent code changes. |
...end/src/app/api/latest/auth/email-verifiation-required/sign-in/verification-code-handler.tsx
Outdated
Show resolved
Hide resolved
packages/template/src/lib/stack-app/apps/implementations/client-app-impl.ts
Show resolved
Hide resolved
user_id: options.userId, | ||
}); | ||
|
||
if (!user.primary_email) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In throwEmailVerificationRequiredErrorIfNeeded, if the user lacks a primary_email, the function logs an error and returns. Consider throwing an error instead to avoid ambiguous client behavior.
const headerText = t("Verify your email to continue"); | ||
const instructionText = t("Enter the six-digit code sent to your email"); | ||
|
||
useEffect(() => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The useEffect here automatically redirects if a user exists or if the nonce is missing. This may trigger an unintended redirect even if the email isn’t verified. Consider checking the user’s email verification status (e.g. user.primary_email_verified) before redirecting.
return result; | ||
if (result.status === 'ok') { | ||
if (result.data.accessToken && result.data.refreshToken) { | ||
await this._signInToAccountWithTokens(result.data as any); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Avoid casting tokens with 'as any' when calling _signInToAccountWithTokens. Consider updating the types so that the returned data fits the expected structure and no unsafe cast is needed.
… callbackUrl in verification code handler
throw new StatusError(400, "Email verification is required, but no email verification callback URL was provided. If you enabled the email verification required setting, you need to update the Stack Auth client to use this feature."); | ||
} | ||
|
||
// TODO: check if callback url is valid |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The added check for callbackUrl is good. Consider further validating that the URL is non‐empty and properly formatted (using a tagged template literal like urlString`` if constructing URLs) to avoid potential issues.
// TODO: check if callback url is valid | |
new URL(options.callbackUrl); |
This comment was generated because it violated a code review rule: mrule_pmzJAgHDlFZgwIwD.
Important
Adds an option to require email verification on sign-up, updating configurations, handlers, and UI components to support this feature.
emailVerificationRequired
option to project configuration inschema.prisma
andconfig.tsx
.throwEmailVerificationRequiredErrorIfNeeded
function inverification-code-handler.tsx
to enforce email verification.sign-in
andsign-up
routes to check for email verification requirement.page-client.tsx
.email-verification.tsx
to include OTP.verifyEmail
inclient-interface.ts
to return tokens on success.emailVerificationRedirectUrl
to OAuth flows inauth.ts
andclient-app-impl.ts
.emailVerificationRequired
.This description was created by
for 03ed9e0. You can customize this summary. It will automatically update as commits are pushed.