Skip to content

Auth: Implement email verification system #1

New issue
New issue
Open
Open
Auth: Implement email verification system#1
Labels
area/authAuthenticationphase/1-testnetPhase 1: Testnetpriority/highHigh prioritytype/featureFeature
@umwelt

Description

@umwelt
umwelt
opened on Nov 26, 2025

Context

Phase 1 requires basic email verification (no full KYC). Users must verify email addresses before accessing certain features. This fulfills the Phase 1 KYC requirement: "None (basic email/device verification only)".

Scope

  • Email verification token generation (secure random, 32 bytes)
  • Token storage with expiration (24 hours)
  • Email template system for verification emails
  • API endpoint: POST /api/v1/identity/verify/email
  • API endpoint: POST /api/v1/identity/verify/resend
  • Update identity record with email_verified field
  • Rate limiting (max 3 resends per hour)

Dependencies

None - independent feature

Development Setup

Starting branch: feature/sid-integration (contains latest crypto refactoring)

Recommended workflow:

# Clone and checkout base branch
git checkout feature/sid-integration
git pull origin feature/sid-integration

# Create feature branch for this work
git checkout -b feature/email-verification

# Work on implementation
# When done, push and create PR to merge back to feature/sid-integration
git push origin feature/email-verification

Acceptance Criteria

  • Token generation using lib-crypto SecureRng (lib-crypto/src/random/mod.rs)
  • Tokens expire after 24 hours
  • Email template with verification link
  • Verification endpoint validates token and updates identity
  • Resend endpoint with rate limiting
  • email_verified field added to Identity struct
  • Unit tests for token generation/validation
  • Integration tests for full flow
  • API documentation

Technical Notes

  • Store tokens in-memory or temporary database table
  • Clean up expired tokens daily
  • Email delivery is out of scope (mock/log for now)
  • Use lib-crypto/src/random/mod.rs SecureRng for cryptographic token generation
  • Reference existing SecureRng usage in lib-identity/src/backup/crypto.rs
  • Identity struct location: lib-identity/src/identity/core.rs

Estimated Effort

5-7 days for mid-level developer (4-5 days if familiar with codebase)

  • Core development: ~26 hours
  • Codebase ramp-up: +4-6 hours
  • Buffer: +4-6 hours

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/authAuthenticationphase/1-testnetPhase 1: Testnetpriority/highHigh prioritytype/featureFeature

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions