underbluewaters
commented
1 year ago Tasks remaining
- [x] Add spinner to send modal/component with confirmation that email was sent
- [x] Format email to match project invites and just look more legit
- [x] Add redirect location to verification request
- [x] Add rest endpoint that
- [x] verifies jwt (and shows an error message if failing)
- [x] uses auth0 api to verify user
- [x] sets email_verified in redis so that stale tokens don't prevent verification in existing user session
- [x] redirects to requested url or seasketch homepage
- [x] Verify that session will be verified when the user attempts to create a project again
- [ ] ~Somehow determine which project to redirect users to upon registration verification email~
- [x] Replace automated verification emails from Auth0 with custom workflow
- [x] Test usage scenarios
Stickiness of email verification bit on JWT remains a problem. One can create an account, login, then try to create a new project only to encounter failure. There's also the problem of gaining access to admin protected resources. To address this, we need a way in the UI to provide a link to send a new verification email which talks to SeaSketch, which can then notify auth0. It should also force the refresh of any auth0 tokens to gain the authentication bit.
Where will this be used?
Some of these steps will need to be manually tested. Some access controls were temporarily disabled while waiting for this problem to be fixed.