Conversation
…resend functionality
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR implements a secure email verification system for user registration by introducing new API endpoints, updating authentication flows, enhancing DB schema/migrations, and adding comprehensive test coverage. Key changes include:
- Secure token-based email verification integrated into registration and sign-in flows.
- New UI components and endpoints for email verification and resend functions.
- Expanded tests ensuring correct behavior in various scenarios.
Reviewed Changes
Copilot reviewed 20 out of 20 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| tests/components/auth/sign-up-form.test.tsx | Updated tests to validate success messaging and redirection after registration. |
| tests/app/auth/verify-email/[token]/page.test.tsx | Added tests ensuring proper handling of the email verification page. |
| tests/app/auth/resend-verification/page.test.tsx | Included tests for the resend verification email page and its various states. |
| tests/api/auth/verify-email.test.ts | Introduced API tests covering various error and success scenarios for email verification. |
| tests/api/auth/resend-verification.test.ts | Added tests to simulate resend verification email behavior and security responses. |
| tests/api/auth/register.test.ts | Updated registration tests to account for email verification token generation and messaging. |
| lib/users/actions.ts | Added functions to update, validate, and verify user email tokens. |
| lib/db/schema/users.ts | Extended schema to include email verification fields with default values. |
| lib/db/migrations/* | New migration files to add email verification related fields to the users table. |
| lib/auth.ts | Updated login flow to block access for unverified or inactive accounts. |
| lib/actions.ts | Added a common email template and email verification sending function. |
| components/auth/sign-up-form.tsx | Modified sign-up form to display a success message and clear inputs before redirecting. |
| components/auth/sign-in-form.tsx | Enhanced sign-in form to show additional guidance when email verification is pending. |
| app/auth/verify-email/[token]/page.tsx | Created a new verification page component for handling and displaying verification statuses. |
| app/auth/resend-verification/page.tsx | Built a new page for resending verification emails with appropriate UI states. |
| app/api/auth/verify-email/route.ts | Developed an API route to process email verification requests securely. |
| app/api/auth/resend-verification/route.ts | Developed an API route to process resend verification requests with security in mind. |
| app/api/auth/register/route.ts | Updated registration API to generate and email verification tokens upon new account creation. |
Comments suppressed due to low confidence (3)
components/auth/sign-up-form.tsx:74
- [nitpick] Consider replacing the fixed timeout redirection with a more deterministic approach (e.g., using router.replace after ensuring the success message has been read) for improved user experience.
setTimeout(() => { router.push("/auth/sign-in") }, 2000)
components/auth/sign-in-form.tsx:59
- Ensure that the toast library supports rendering React components when passing JSX directly in error messages to avoid unexpected rendering issues.
if (result.error.includes('verify your email')) {
lib/db/migrations/0012_email_verification_token.sql:1
- Remove or reposition inline comment markers (e.g., '--> statement-breakpoint') to prevent potential SQL parsing issues.
ALTER TABLE "users" ADD COLUMN "email_verified" boolean DEFAULT false NOT NULL;--> statement-breakpoint
Coverage reportThe coverage rate went from The branch rate is
Diff Coverage details (click to unfold)app/auth/verify-email/[token]/page.tsx
app/api/auth/resend-verification/route.ts
app/auth/resend-verification/page.tsx
lib/auth.ts
app/api/auth/verify-email/route.ts
lib/db/schema/users.ts
components/auth/sign-up-form.tsx
app/api/auth/register/route.ts
components/auth/sign-in-form.tsx
|
Matios102
approved these changes
Jun 4, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Email Verification System Implementation
Overview
This PR implements a secure email verification system for user registration, enhancing account security and preventing unauthorized access. The implementation follows security best practices and includes comprehensive test coverage.
Key Features
Changes
Database
emailVerified(boolean)email_verification_token(text)email_verification_expires(timestamp)Authentication Flow
API Endpoints
/api/auth/register: Updated to create unverified accounts/api/auth/verify-email: New endpoint for email verification/api/auth/resend-verification: New endpoint for requesting new verification emailsFrontend
Security Improvements
Testing
Testing Instructions
Security Considerations