This bot currently only checks the email address associated with the Discord account signing in, which is not necessarily going to be the same as the email they signed up to the mailing list with.
We should explore use of a transactional email service like Mailgun to verify email addresses manually. This should be done on the web page members see after authenticating their Discord account.
If the user's email is not found in the spreadsheet, the flow should be:
request corrected email address (pre-fill with known email)
request a 6-digit confirmation code (what tools are there for safely generating these?) and send an email
if verification code matches, run email verification code and apply relevant roles (it's important to only do this after verifying ownership so this can't be abused)
vcarl
commented
2 months ago
This bot currently only checks the email address associated with the Discord account signing in, which is not necessarily going to be the same as the email they signed up to the mailing list with.
We should explore use of a transactional email service like Mailgun to verify email addresses manually. This should be done on the web page members see after authenticating their Discord account.
If the user's email is not found in the spreadsheet, the flow should be: