server: send non-whitelisted template when email is not in whitelist

[lukateras]

Resolves #12.

Template text is loosely based on https://hackmd.io/_D_JAX7qS9a14GVbE-3vtA. Template can be changed at https://account.postmarkapp.com/servers/5197461/templates/16097548/edit.

[peeech]

Suggested change

	return sendEmail(email, 'not-whitelisted', {})
	sendEmail(email, 'not-whitelisted', {})
	return respond(401)

[peeech]

sendEmail() returns a promise of fetch to postmarkapp. You probably want to return 401 (obviously wrapped in Response) no matter what is the result of sendEmail().

[lukateras]

Actually, returning sendEmail promise is the right call here. Downstream is in no position to consume 401 given our current flow, as a result it gets ignored anyway. Returning Postmark response in lieu of 401 means that Holo Auth client can make sure that email gets delivered and log its ID, regardless of whether that email is challenge or not-whitelisted.

[peeech]

So from what I understand Client is not expecting any logic from the challenge call, right? (haven't checked myself)

[lukateras]

So from what I understand Client is not expecting any logic from the challenge call, right? (haven't checked myself)

Correct.

[lukateras]

Essentially, with this change, POST /v1/challenge response will always be a proxied Postmark response, and that's more useful for us than 401 because it has Postmark message ID that, if logged, can be used for cross-reference by support, and for retries if Postmark service was down.

[peeech]

means that Holo Auth client can make sure that email gets delivered and log its ID,

ok, now I do not see any logging in Holo Auth Client. I understand you are leaving it open for the future?

[lukateras]

Yes.