Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added OTP verification for signup #32

Merged
merged 10 commits into from
May 31, 2024
Merged

Added OTP verification for signup #32

merged 10 commits into from
May 31, 2024

Conversation

Joyosmit
Copy link
Contributor

What does it fix?

Fixes #9 . When signing up users get a OTP which they need to enter for verification.

What features does it add?

  1. It is implemented using nodemailer.
  2. If OTP verification is not done, user cannot sign in.
  3. If user tries to sign in without verifying, user is prompted to do OTP verification first.
  4. OTP is valid for 10 minutes.

Screen recording for normal sign up flow:

Style.Share.-.Google.Chrome.2024-05-29.19-45-50.mp4

@vercel Vercel
Copy link

vercel bot commented May 29, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
style-share ✅ Ready (Inspect) Visit Preview 💬 Add feedback May 31, 2024 5:19am

@github-actions GitHub Actions
Copy link

Thank you for submitting your pull request! 🙌 We'll review it as soon as possible. In the meantime, please ensure that your changes align with our CONTRIBUTING.md. If there are any specific instructions or feedback regarding your PR, we'll provide them here. Thanks again for your contribution! 😊

@VaibhavArora314
Copy link
Owner

this looks good but since there are so many changes, I will take some time to review it

@Joyosmit
Copy link
Contributor Author

Sure, pls take your time.

@VaibhavArora314
Copy link
Owner

Hey so upon closer inspection I found that we are sending the jwt token on the user sign-up route and updating it in the recoil state after verifying the user but this has a security loophole as the user can inspect the frontend application and get the jwt token without verifying the email id and use it further.

So I suggest that we should send the jwt token in the verify route itself and not in the sign-up route in the backend.

@Joyosmit
Copy link
Contributor Author

Alright. I'll make that change.

@Joyosmit
Copy link
Contributor Author

Joyosmit commented May 31, 2024
edited
Loading

For this to work, you need to have -

  1. EMAIL_USER = youremail@gmail.com
  2. EMAIL_PASS = <16character app password>
    To get app password, first enable 2 step-verification on your google account, then set a app password(it will be of 16 characters).

Also pls the the GSSoC and Level 3 labels.

@VaibhavArora314 VaibhavArora314 merged commit a95b808 into VaibhavArora314:main May 31, 2024
1 check passed
@github-actions GitHub Actions
Copy link

🎉 Your pull request has been successfully merged! 🎉 Thank you for your valuable contribution to our project. Your efforts are greatly appreciated. Feel free to reach out if you have any more contributions or if there's anything else we can assist you with. Keep up the fantastic work! 🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Ultimateutkarsh11 Ultimateutkarsh11 Ultimateutkarsh11 approved these changes

@VaibhavArora314 VaibhavArora314 VaibhavArora314 approved these changes

Assignees

@Joyosmit Joyosmit

Labels
gssoc GSSOC level3
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

No verification of user's email via OTP
3 participants
@Joyosmit @VaibhavArora314 @Ultimateutkarsh11