feat(auth): enhance email verification flow and Google connection handling#1570
Merged
tyler-dane merged 10 commits intomainfrom Mar 27, 2026
Merged
feat(auth): enhance email verification flow and Google connection handling#1570tyler-dane merged 10 commits intomainfrom
tyler-dane merged 10 commits intomainfrom
Conversation
…dling - Updated the authentication modal to support email verification, including new views and status messaging for verification processes. - Implemented backend logic to sync existing Compass events to Google after attaching Google authentication. - Enhanced the Google authentication service to ensure proper handling of user sessions and email verification. - Updated tests to cover new email verification scenarios and ensure robust functionality across the authentication flow. - Refactored related components and hooks for improved clarity and maintainability in the authentication process.
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
… action - Eliminated the `handleBackToLogin` function from the AuthModal component to streamline the code. - Updated the button action to call `handleBackToSignIn` instead, improving clarity in the authentication flow.
tyler-dane
force-pushed
the
feat/account-setup
branch
from
ece06bb to
bcf68fa
Compare
- Introduced a new `delete` command that purges user data from Compass, including Mongo data and SuperTokens auth identities. - Added browser cleanup prompts to guide users in clearing local storage after account deletion. - Created new constants and types for browser handling and cleanup processes. - Updated documentation to reflect the new operational backend error handling and user data deletion procedures.
- Added a new `SupertokensUserCleanupService` to handle the cleanup of SuperTokens user data, including methods for resolving users by email and external user ID. - Integrated the cleanup service into the user deletion flow, ensuring that orphaned SuperTokens users are properly removed during user data deletion. - Enhanced error handling by introducing a new `DeleteCleanupFailed` error type for better operational feedback. - Updated user service tests to cover the new cleanup functionality and ensure accurate tracking of SuperTokens user deletions.
…signup EmailVerification.init conflicted with createUserIdMapping: after mapping ST internal UUID → MongoDB ObjectId, the EmailVerificationClaim comparison during session creation always failed (external ID ≠ raw recipe UUID). Removes EmailVerification from the recipe list entirely — it was added on this branch and is not required for the delete-and-re-signup flow. Also simplifies AccountLinking's no-session fallback to shouldAutomaticallyLink: false and removes all related frontend verification UI. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…proved context handling - Relocated the ToastContainer component to be nested within the AuthModalProvider, ensuring it has access to the necessary context. - This change enhances the user experience by allowing toast notifications to be displayed correctly in relation to authentication modals.
- Introduced a comprehensive runbook for manual testing of authentication features, detailing various scenarios including sign-up, login, password reset, and Google sign-in. - Updated the README to include a link to the new Auth Manual Testing document, enhancing the documentation structure for manual testing processes.
…ltering - Adjusted the type assertion in the syncCompassEventsToGoogle function to correctly filter event data, enhancing type safety and preventing potential runtime errors.
…lation - Updated the build process to handle compilation errors more effectively by checking the exit code of the TypeScript and Webpack commands, ensuring the process exits with an appropriate error message if compilation fails. - Enhanced the installDependencies function to check for errors during dependency installation, providing clearer feedback and preventing further execution in case of failure.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #1569
Note
Medium Risk
Touches auth/account-linking and destructive user-deletion flows, plus adds a new Google backfill sync step; mistakes could create duplicate accounts, leave auth artifacts behind, or create unintended Google Calendar writes.
Overview
Improves the "connect Google later" experience by sending
shouldTryLinkingWithSessionUserthrough the web Google OAuth payload and enabling SuperTokens account linking only when an active session exists, preventing duplicate users when connecting Google from an authenticated password session.On the backend,
googleSignup()now callssyncCompassEventsToGoogle()to push existing Compass-only events to Google and backfillgEventId(including recurrence instance provider data) before restarting background sync.Hardens user deletion by adding
SupertokensUserCleanupServiceand extendinguserService.deleteCompassDataForUser()to revoke sessions and purge SuperTokens users/mappings/metadata (surfaced inSummary_Delete), with the CLI delete flow refactored to handle failures and optionally clean up orphaned SuperTokens state.Separately tightens web auth UX plumbing (token preservation generalized for auth links,
EmailVerificationrecipe enabled client-side,EmailPassword.signInopts out of session-linking) and makes browser cleanup resilient if sign-out fails; docs/runbooks and pre-push formatting output were updated accordingly.Written by Cursor Bugbot for commit 3e54833. This will update automatically on new commits. Configure here.