skarampatakis
commented
7 years ago Any update on this?
Closed skarampatakis closed 7 years ago
skarampatakis
commented
7 years ago Any update on this?
esebastian
commented
7 years ago That is indeed the expected behavior @skarampatakis. The idea here was to use a passwordless approach (inspired by the one used in well-known sites like Medium) to simplify the onboarding experience for non-technical people.
As the Rails session does not have an expiration time by default, usually the whole process shouldn't be needed more than once by user device, not becoming a hassle.
We considered not to ask for the secrets once the voter was already verified, but in the end we found it more consistent to keep one unique process.
skarampatakis
commented
7 years ago Thank you for clarifying this.
Login and Register route is the same. So even if a user has registered before, he has to provide again the e-mail and secrets to sent a verification code through e-mail. And to login, the user has to click on the verification link sent.
Is it something I have misconfigured or this is the expected behavior?