fix: Social sign-in users bypass email verification#189
Closed
bobbyonmagic wants to merge 1 commit intothedevdojo:mainfrom
Closed
fix: Social sign-in users bypass email verification#189bobbyonmagic wants to merge 1 commit intothedevdojo:mainfrom
bobbyonmagic wants to merge 1 commit intothedevdojo:mainfrom
Conversation
When an existing user with unverified email links their account via social sign-in, their email is now automatically marked as verified. Social providers (Google, GitHub, etc.) already verify email addresses, so users signing in via social should be considered verified. Changes: - Mark email as verified when existing user links social account - New users created via social already have email_verified_at set - Added tests for social auth email verification behavior
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
When an existing user with unverified email links their account via social sign-in, their email is now automatically marked as verified.
Social providers (Google, GitHub, etc.) already verify email addresses, so users signing in via social should be considered verified.
Changes
email_verified_atis set if nullWhy
Previously, if a user registered via email but didn't verify their email, they would still be prompted to verify after linking a social account. This is confusing UX since social providers already verify email addresses.
Testing
email_verified_atis set (already worked)email_verified_atis now set