feat: email verification before payment — prevent invalid email registrations #114

New issue

Closed

opened 2026-03-19 02:09:07 +00:00 by forgejo_admin · 1 comment

forgejo_admin commented 2026-03-19 02:09:07 +00:00

Owner

Copy link

Type

Feature

Lineage

plan-wkq → Phase 11 → Discovered Scope

Repo

forgejo_admin/basketball-api

User Story

As a program administrator
I want parents to verify their email before paying
So that we don't send confirmation emails to invalid addresses and flood our Gmail with bounces

Context

Production problem: parents enter typo'd or invalid emails → register and pay → system sends confirmation email → Gmail bounces → Marcus's inbox fills with bounce notifications → parent never gets credentials and is locked out. No way to recover without manual intervention.

Current flow: form → pay → send email (no verification)
Required flow: form → verification email with link → parent clicks link → THEN pay → send credentials

File Targets

Files to modify:

• src/basketball_api/routes/register.py — add email verification step before payment
• src/basketball_api/models.py — may need email_verified field on Parent
• src/basketball_api/services/email.py — new verification email template

Files in westside-app:

• src/routes/register/+page.svelte — new "check your email" intermediate step

Acceptance Criteria

• Parent submits form → receives verification email with confirmation link
• Clicking link marks email as verified
• Payment step only available after email verified
• Invalid/bounced emails never reach payment step
• Existing promo/cash/card flows still work after verification

Test Expectations

• Unit test: registration without verified email returns 400 on payment
• Unit test: verification link marks email as verified
• Integration test: full flow with verification → payment → credentials
• Run command: pytest tests/test_promo_registration.py -v

Constraints

• Verification link must expire (24h?)
• Must work for all payment methods (card, cash, promo)
• Consider: MX record check as fast first-pass validation before sending verification email

Checklist

• PR opened
• Tests pass
• No unrelated changes

Related

• westside-basketball — project
• Discovered during Phase 6 E2E verification of registration pipeline

### Type Feature ### Lineage `plan-wkq` → Phase 11 → Discovered Scope ### Repo `forgejo_admin/basketball-api` ### User Story As a program administrator I want parents to verify their email before paying So that we don't send confirmation emails to invalid addresses and flood our Gmail with bounces ### Context Production problem: parents enter typo'd or invalid emails → register and pay → system sends confirmation email → Gmail bounces → Marcus's inbox fills with bounce notifications → parent never gets credentials and is locked out. No way to recover without manual intervention. Current flow: form → pay → send email (no verification) Required flow: form → verification email with link → parent clicks link → THEN pay → send credentials ### File Targets Files to modify: - `src/basketball_api/routes/register.py` — add email verification step before payment - `src/basketball_api/models.py` — may need email_verified field on Parent - `src/basketball_api/services/email.py` — new verification email template Files in westside-app: - `src/routes/register/+page.svelte` — new "check your email" intermediate step ### Acceptance Criteria - [ ] Parent submits form → receives verification email with confirmation link - [ ] Clicking link marks email as verified - [ ] Payment step only available after email verified - [ ] Invalid/bounced emails never reach payment step - [ ] Existing promo/cash/card flows still work after verification ### Test Expectations - [ ] Unit test: registration without verified email returns 400 on payment - [ ] Unit test: verification link marks email as verified - [ ] Integration test: full flow with verification → payment → credentials - Run command: `pytest tests/test_promo_registration.py -v` ### Constraints - Verification link must expire (24h?) - Must work for all payment methods (card, cash, promo) - Consider: MX record check as fast first-pass validation before sending verification email ### Checklist - [ ] PR opened - [ ] Tests pass - [ ] No unrelated changes ### Related - `westside-basketball` — project - Discovered during Phase 6 E2E verification of registration pipeline

forgejo_admin referenced this issue from a pull request that will close it, 2026-03-24 21:07:03 +00:00

feat: email verification before payment #162

forgejo_admin referenced this issue 2026-03-24 21:08:01 +00:00

feat: email verification before payment #162

forgejo_admin referenced this issue 2026-03-24 21:23:35 +00:00

feat: email verification before payment #162

forgejo_admin added the

status:needs-fix

label 2026-03-24 21:23:37 +00:00

forgejo_admin referenced this issue from a commit 2026-03-24 21:39:02 +00:00

fix: remove email verification contamination from junction table PR

forgejo_admin referenced this issue from a commit 2026-03-24 21:43:01 +00:00

fix: remove branch contamination from parallel agents (#124, #130)

forgejo_admin referenced this issue 2026-03-24 21:45:36 +00:00

feat: email verification before payment #162

forgejo_admin added

status:approved

and removed

status:needs-fix

labels 2026-03-24 21:45:38 +00:00

forgejo_admin referenced this issue 2026-03-25 00:18:37 +00:00

feat: email verification before payment #162

forgejo_admin added

status:needs-fix

and removed

status:approved

labels 2026-03-25 00:18:38 +00:00

forgejo_admin closed this issue 2026-03-25 13:35:38 +00:00

forgejo_admin commented 2026-03-25 13:35:39 +00:00

Author

Owner

Copy link

Closing — superseded by #129 (enterprise login). Keycloak-first registration handles email verification natively. PR #162 held, not merged.

Closing — superseded by #129 (enterprise login). Keycloak-first registration handles email verification natively. PR #162 held, not merged.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

220-registration-admin-email

221-admin-leads-endpoint

222-dedup-interest-leads

205-clean-test-data-from-production-db-playe

114-email-verification

147-feat-add-get-jersey-player-info-endpoint

124-feat-many-to-many-player-team-assignment

125-feat-add-new-players-manually-seydou-gou

126-feat-team-placement-congratulations-emai

121-admin-teams-spa-endpoints

70-add-graduating-class-to-roster-api-respo

59-fix-auth-test

62-phase-4l-sveltekit-dashboard-wkq-tailsca

11-phase-1a-fix-ci-pipeline-venv-in-test-st

No results found.

Labels

Clear labels   

domain:backend

  

domain:devops

  

domain:frontend

  

status:approved

QA passed, awaiting merge approval

  

status:in-progress

Dev agent is actively working

  

status:needs-fix

QA found issues, back to dev

  

status:qa

PR submitted, awaiting QA review

  

type:bug

Bug fix

  

type:devops

Infrastructure/CI/config work

  

type:feature

New functionality

No labels

domain:backend

domain:devops

domain:frontend

status:approved

status:in-progress

status:needs-fix

status:qa

type:bug

type:devops

type:feature

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

forgejo_admin/basketball-api#114

No description provided.