Verified-email recovery flow for OAuth sign-in (email_in_use lockout) #72
Labels
No labels
area:auth
area:ci
area:db
area:infra
area:native
area:pwa
area:service
epic
feature
foundation
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
james/carol#72
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Follow-up to #12 / ADR-0014. The OAuth integration deliberately refuses to auto-link an OAuth identity to an existing User by email — the published account-takeover attack against several Sign-In-With-X integrations is exactly that auto-link. Today the refusal looks like a lockout:
A user registered locally with email X, forgot the password, and now tries "Sign in with GitHub" with email X. They're redirected to
/login?error=email_in_usewith the documented copy "An account with this email exists. Sign in to it, then connect GitHub in Account settings." — but they can't sign in to the existing account because they forgot the password.This ticket adds the recovery path.
Scope
email_in_usebranch and the provider has returned a verified email matching an existing User:lib/email/send.ts) with a console-printer transport as the dev default and SMTP env-driven for production./login?error=email_in_usecopy gains a "Send verification email" affordance (button or auto-trigger) that puts a "Check your inbox" message on screen./auth/oauth/verify-link/[token](or similar) handles the click. Render success / token expired / token invalid states.Acceptance criteria
SMTP_*or a singleEMAIL_TRANSPORTURL).Out of scope
Part of epic #1. References ADR-0014.