Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: verify email #322

Merged
merged 12 commits into from
Dec 27, 2024
Merged

fix: verify email #322

merged 12 commits into from
Dec 27, 2024

Conversation

peintnermax
Copy link
Member

@peintnermax peintnermax commented Dec 17, 2024
edited
Loading

This PR adds the zitadel legacy email verified check on users. If users have their email not verified yet, they should be directed to /verify page after having verified their password.
From there users can setup auth factors if none are set (email links for newly created users) or should be redirected to verify other methods if they have set any (for later iterations).
If no additional checks are required, users should be logged in directly and their flow should be completed.

The email verified check requires an env variable EMAIL_VERIFICATION set to true to.

Test cases:

  • user with password and no verified email logs in -> /verify -> login
  • user without password click email link -> /verify -> setup authenticator -> login (invite or email link)
  • user with IDP should be checked after coming back from the IDP -> /verify -> login
  • user with passkey should be checked after verifying passkey -> /verify -> login

IDEA: the /verify page should be invokable in every situation and resume the login with any scenario
email verified checks are done after updating the session for password, passkey and idp.

Definition of Ready

  • I am happy with the code
  • Short description of the feature/issue is added in the pr description
  • PR is linked to the corresponding user story
  • Acceptance criteria are met
  • All open todos and follow ups are defined in a new ticket and justified
  • Deviations from the acceptance criteria and design are agreed with the PO and documented.
  • Vitest unit tests ensure that components produce expected outputs on different inputs.
  • Cypress integration tests ensure that login app pages work as expected on good and bad user inputs, ZITADEL responses or IDP redirects. The ZITADEL API is mocked, IDP redirects are simulated.
  • Playwright acceptances tests ensure that the happy paths of common user journeys work as expected. The ZITADEL API is not mocked but IDP redirects are simulated.
  • No debug or dead code
  • My code has no repetitions

@vercel Vercel
Copy link

vercel bot commented Dec 17, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
typescript-login ❌ Failed (Inspect) Dec 27, 2024 8:56am

@peintnermax peintnermax changed the base branch from main to qa December 27, 2024 13:21
@peintnermax peintnermax marked this pull request as ready for review December 27, 2024 13:21
@peintnermax peintnermax merged commit 478f795 into qa Dec 27, 2024
5 of 8 checks passed
@peintnermax peintnermax deleted the verify-email branch December 27, 2024 13:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@peintnermax