Mark users as "verified" and only send notifications to verified users#1968
Merged
flavorjones merged 5 commits intomainfrom Dec 6, 2025
Merged
Mark users as "verified" and only send notifications to verified users#1968flavorjones merged 5 commits intomainfrom
flavorjones merged 5 commits intomainfrom
Conversation
flavorjones
force-pushed
the
flavorjones/only-email-confirmed-users
branch
from
d24779b to
8f6d900
Compare
Member
Author
|
@jz the user profile will look like this if a user is unverified (which for a real human should only look like this during the magic link email turnaround time): 
|
jeremy
approved these changes
Dec 5, 2025
flavorjones
force-pushed
the
flavorjones/only-email-confirmed-users
branch
2 times, most recently
from
6adc8a0 to
7a48725
Compare
Reworked the magic link stimulus controller, because the system test was causing double-submission of the form (because the event was bubbling up). I think that change simplifies the form and will still work well for iOS devices.
User are marked as verified after a join code is redeemed. The user is redirected to Users::VerificationsController, either: - after submitting a valid magic link code, - or immediately after redeeming the join code (if they're already authenticated with the correct identity) Account owners are automatically verified when the account is created (because they have already provided a magic link code at that point). This sets up for later commits that will backfill existing users and require verification before sending notification emails. Co-Authored-By: Claude <noreply@anthropic.com>
Identifies users who have demonstrated authentication by looking for evidence of real activity: owners, content creators (cards, comments, boards, events), action takers (assigners, closers, postponers, reactors, pinners, filter creators), board accessors, export requesters, push subscribers, setup completers, and users with active sessions. Run this script after deploying the verified_at column to backfill existing users before enabling the notification guard. Co-Authored-By: Claude <noreply@anthropic.com>
Adds verified? check to bundling_emails? to prevent notification emails from being sent to users who have never authenticated. This closes the spam vector where bad actors could create users for known email addresses and trigger unwanted notifications by mentioning them. Co-Authored-By: Claude <noreply@anthropic.com>
Display "Unverified" with an explanation instead of the email address for users who haven't confirmed their identity. Hide the card links and activity timeline since unverified users won't have any activity. Co-Authored-By: Claude <noreply@anthropic.com>
flavorjones
force-pushed
the
flavorjones/only-email-confirmed-users
branch
from
7a48725 to
fc8ef33
Compare
Member
Author
|
Looks good in staging. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation
Today, spammers can add users to an account by consuming join codes; and those users will receive notification emails even if they never log in to confirm their identity. This enables spam delivery via notification emails, which we need to prevent.
Details
Add a verified_at timestamp to users that is set when they reedem a join link, by inserting a verification step into two flows:
The "verify" step above is implemented with a new controller,
Users::VerificationsController.The
JoinCodesControllerwill redirect the user tonew_users_verification_urleither directly or viasession[:return_to_after_authenticating]and theSesssions::MagicLinkController. TheVerificationsControlleruses an auto-submit form so that a redirect can be converted into a POST action and write to the database.Two notes:
Finally, Fizzy will only send notification emails to users who have verified their email address.
Rollout
Ideally this would get rolled out in three steps:
verified_atbut we could do it all at once if we're careful not to overlap the process with invocation of the recurring job
deliver_bundled_notifications.