OpenFn
Ensure Users Confirm Their Accounts After Sign Up
Description
This PR introduces an alert banner and modal to remind users to confirm their accounts. When a user creates an account in Lightning, we send them an account confirmation email. Until the user confirms their account, an alert banner is displayed at the top of the app to remind them about the confirmation. If the user does not confirm their account within 48 hours, we block their access to all app pages except the profile page by displaying a modal that requires them to confirm their account. This modal allows them to resend the confirmation email and visit their profile page to modify their email.
Closes #160
Validation steps
-
Account Creation
- Create a new user account in Lightning.
- Ensure that an account confirmation email is sent to the user's registered email address.
-
Alert Banner Display
- Before the user confirms their account, log in to the app.
- Verify that an alert banner is displayed at the top of the app, reminding the user to confirm their account.
-
Email Confirmation
- Confirm the account using the link in the confirmation email.
- Log in again and verify that the alert banner is no longer displayed.
-
48-Hour Time Lapse
- Create another test account without confirming it immediately.
- Wait for 48 hours to pass (or simulate this time lapse if possible).
-
Modal Display
- After 48 hours, attempt to log in with the unconfirmed account.
- Verify that a modal appears, blocking access to all app pages except the profile page.
- Ensure the modal clearly instructs the user to confirm their account.
-
Resend Confirmation Email
- Use the modal to resend the confirmation email.
- Check that a new confirmation email is received in the user's email inbox.
- Confirm the account using the link in the email.
- Log in and verify that the modal no longer appears and full app access is restored.
-
Profile Page Access
- From the modal, navigate to the profile page.
- Verify that the user can modify their email address on the profile page.
Additional notes for the reviewer
Pre-submission checklist
- [x] I have performed a self-review of my code.
- [x] I have implemented and tested all related authorization policies. (e.g.,
:owner,:admin,:editor,:viewer) - [ ] I have updated the changelog.
Codecov Report
Attention: Patch coverage is 92.64706% with 5 lines in your changes missing coverage. Please review.
Project coverage is 89.79%. Comparing base (
95c8aa7) to head (71d84c7). Report is 1 commits behind head on main.
| Files | Patch % | Lines |
|---|---|---|
| ...b/lightning_web/live/account_confirmation_modal.ex | 80.00% | 4 Missing :warning: |
| ...ng_web/controllers/user_confirmation_controller.ex | 83.33% | 1 Missing :warning: |
Additional details and impacted files
@@ Coverage Diff @@
## main #2364 +/- ##
==========================================
- Coverage 89.83% 89.79% -0.05%
==========================================
Files 305 306 +1
Lines 10458 10512 +54
==========================================
+ Hits 9395 9439 +44
- Misses 1063 1073 +10
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
Thanks for this man.
Please see my comments here:
- For the message in the blocking modal, please let's remove "accounts" from this line :
... we have blocked access to your accounts, projects and workflows... - We need to rethink the placement of the alert message when the email is sent. I'd love something inexpensive, I'd have loved the toast but I get your concern on time and how expensive it can be.
Also, rather than sending the initial email for account verification, can we use this new copy? The default version has the "Welcome to OpenFn" text which should not be sent to a user who have been on the platform for longer than 48 hours.
@elias-ba
Thanks. I have just one last comment:
When I click on resend confirmation email from the banner, please can we show a flash message that says "Confirmation email sent to your email address.
All is good to me
