-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Email verification #8240
Comments
I want to work on this issue can you please assign it to me |
Sure thanks @Yashgupta9330! |
Hey @FelixMalfait, This seems like a feature that'd be fun to work on! Could I be assigned? |
You're everywhere @samyakpiya 🐐 - thanks! |
Hey @FelixMalfait, I understand we’re planning to allow account creation first and then send a verification email to restrict login until the email is verified. While working on the issue, I was thinking about instead sending a verification code that includes a magic link right after the user enters their email, before they set up their password. This could help reduce spam accounts, save resources, and enhance security. It seems we already have the template for it. Optioanally, we could create an Input OTP frontend UI component for it. Let me know your thoughts! |
@samyakpiya we wanted to implement no-password + magic-link only initially, but then we asked for user feedback and it seems magic link isn't as popular these days, most people want a password. |
In the future, we're going to open a generous free plan on the cloud version, so we need to limit the number of spam accounts created.
Let's introduce email verification for people that don't use Microsoft/Google login.
Pre-requisite: introduce a server-level environment variable IS_EMAIL_VERIFICATION_REQUIRED (defaults to false), as some people self-hosting might not want to go through that (means they have to setup an email server!).
Signup Process
Note: users joining an existing workspace through an invite shouldn't have to validate their email again
Signin Process
During signin, check the isEmailVerified field.
If isEmailVerified is false, prevent login and prompt the user to verify their email.
Optionally, offer to resend the verification email.
Note: we already have the
emailVerified
column onuser
but it wasn't used - we might want to drop it or rename it to isEmailVerified to be consistent with other columns in the codebaseTodo during deploy: script/sql query to set emailVerified=true for every user that ever had a valid subscription (credit card = strong verification, we can consider the email is most likely to be valid)
Email content
We already have templates for Twenty emails (e.g. user invites)
https://www.figma.com/design/xt8O9mFeLl46C5InWwoMrN/Twenty?node-id=44465-119474&node-type=frame&t=L4Zw8NIeonoYkIdd-11
The text was updated successfully, but these errors were encountered: