🏛️ [EPIC] : Verify email address

[mike-mcnulty]

Summary

Verify email address

JIRA Epic

https://input-output.atlassian.net/browse/NPG-7772

Description

Child of #1253

User Story

As an admin, I need all Catalyst users to have a verified email tied to their historical ideascale account, so that I can enforce proposal submission eligibility requirements, such as max open projects.

As a user, I want to verify my email, so that I can associate my historical Ideascale track record with my new Catalyst keychain.

User Journey

• Voices / Get started
• Voices / Save email address
• Email / Open email client
• Email / Read verification message
• Email / Click verification link
• Review / View verification details
• Review / Return to Voices
• Voices / Manage email address

Acceptance Criteria

GIVEN a new user in account creation
WHEN collect user email + nickname
THEN post id, email, nickname to reviews-backend
AND WHEN new user entry posted to reviews-backend
THEN auto send verification email to user

GIVEN a user in the reviews-backend
WHEN email_verified = false
THEN display banner with CTA + lock user actions
AND WHEN email_verified = true
THEN hide banner + unlock user actions

Full verification flow

(to align with @coire1)

• User enter email in new app during account creation
• App post userId, userEmail, userNickname to reviews-backend
• On success response, set user state to ‘unverified’ (display banner=”Please verify your email to finish account setup. Click here to resend verification email.”; My Account > Email shows “unverified” label)
• WHEN new entry posted to reviews-backend THEN generate verification email AND send to userEmail
• User open message in email client. When they click link, they get routed to the Review Module. They land in the “Account” page, where userID, userEmail, userNickname from Voices can be seen (read-only). The email now shows a “verified” label.
• From the Reviews Module, the user clicks a button that routes back to the My Account page of Voices.
• On refresh, Voices checks email verification flag from reviews-backend. If verified, set user state to ‘verified’ (hide banner, update label on My Account / Email)
• If user updates email from Voices / My Account, then repeat all steps

Open questions

• What are all the ways that email verification can fail? What edge cases need to be considered in the Voices UI?
• Can an already verified email ever go back to unverified?
• In ‘unverified’ state, should all user actions be locked, or only proposer actions? If proposer actions, then submission only, or start / edit too?
• How is the association to Ideascale happening? Anything relevant to know / consider on the Voices side?
• How does userId relate to keychain and role keys?

Todo

Design

• Get Started / Create Base Profile / Save Nickname + Email
• General Interface / Unverified Email Banner / Text + CTA
• General Interface / Unverified Email User / Locked Actions
• My Account / Manage Base Profile / Email Address / Verification Status

Figma Link
@nielskijf please insert link

Frontend

• Include base profile creation in account setup flow
• Dynamic banner based on user email verification status
• Lock actions for unverified email users
• Update my account page to include nickname, email management

Backend

(@neil-iohk please add any relevant arch / backend tasks based on discussions with Lucio)

• Store in cat-gateway: userId (public access)
• Store in reviews backend: userId, userEmail, userNickname (protected access)

Dependencies

• Email verification implemented by operations team
• UI changes to Reviews Module by operations team