Skip to content

feat(otp): added environemnt variable to control enforcement of verified accounts#1411

Merged
waleedlatif1 merged 2 commits intostagingfrom
fix/email-verif
Sep 22, 2025
Merged

feat(otp): added environemnt variable to control enforcement of verified accounts#1411
waleedlatif1 merged 2 commits intostagingfrom
fix/email-verif

Conversation

@waleedlatif1
Copy link
Copy Markdown
Collaborator

@waleedlatif1 waleedlatif1 commented Sep 22, 2025

Summary

added environemnt variable to control enforcement of verified accounts, instead of using a complicated combination of hasEmailService & isProd. defaults to FALSE so maintains full backwards compatibility.

Type of Change

  • Bug fix
  • New feature

Testing

Tested manually.

Checklist

  • Code follows project style guidelines
  • Self-reviewed my changes
  • Tests added/updated and passing
  • No new warnings introduced
  • I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

@vercel
Copy link
Copy Markdown

vercel bot commented Sep 22, 2025

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
docs Building Building Preview Comment Sep 22, 2025 6:04pm
sim Building Building Preview Comment Sep 22, 2025 6:04pm

@waleedlatif1 waleedlatif1 merged commit e640102 into staging Sep 22, 2025
3 of 5 checks passed
greptile-apps[bot]
greptile-apps bot reviewed Sep 22, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Greptile Summary

This PR introduces a new environment variable EMAIL_VERIFICATION_ENABLED to provide explicit control over email verification enforcement in the authentication system. Previously, the system relied on a complex combination of hasEmailService() and isProd checks to determine when to enforce email verification, which created tight coupling between email service availability and verification requirements.

The changes span across multiple files in the authentication flow:

  1. Environment Configuration: The new EMAIL_VERIFICATION_ENABLED variable is added to env.ts with proper Zod validation as an optional boolean that defaults to false

  2. Authentication Logic: In auth.ts, the requireEmailVerification setting now uses the new isEmailVerificationEnabled flag instead of the complex isProd && hasEmailService() logic

  3. Verification Components: The verification UI components (verify-content.tsx, page.tsx) now accept and use an isEmailVerificationEnabled prop to conditionally render verification forms and handle user flow

  4. Verification Hook: The useVerification hook is updated to accept the new parameter and use it for controlling OTP sending and verification skip logic

  5. Configuration Files: Both Helm configuration files (values.yaml and values-production.yaml) are updated to include the new environment variable with appropriate documentation

  6. Environment Utilities: A new isEmailVerificationEnabled helper is added to environment.ts following the same pattern as other feature flags like isBillingEnabled

This change provides better separation of concerns by decoupling email verification enforcement from email service configuration and production environment detection. The default value of false ensures full backwards compatibility, meaning existing deployments will continue to work without requiring email verification unless explicitly configured.

Confidence score: 4/5

  • This PR is safe to merge with low risk of breaking existing functionality
  • Score reflects well-structured changes with proper environment variable handling and backwards compatibility, but manual testing only
  • Pay close attention to the authentication flow in production environments to ensure the new environment variable is properly configured

8 files reviewed, 1 comment

Edit Code Review Bot Settings | Greptile

apps/sim/app/(auth)/verify/use-verification.ts

function resendCode() {
if (!email || !hasEmailService) return
if (!email || !hasEmailService || !isEmailVerificationEnabled) return
Copy link
Copy Markdown
Contributor

@greptile-apps greptile-apps bot Sep 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

logic: Should verify email verification is enabled before attempting to send OTP in the initial setup useEffect (lines 79-83) as well, similar to how resendCode now checks this condition

Suggested change
if (!email || !hasEmailService || !isEmailVerificationEnabled) return
if (email && !isSendingInitialOtp && hasEmailService && isEmailVerificationEnabled) {

@waleedlatif1 waleedlatif1 mentioned this pull request Sep 22, 2025
Merged
@waleedlatif1 waleedlatif1 deleted the fix/email-verif branch September 23, 2025 15:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@waleedlatif1