Skip to content

feat: multi-step sign-up with OTP email verification#152

Open
amills-93 wants to merge 1 commit into
summer26from
feat/multi-step-signup-otp-verification
Open

feat: multi-step sign-up with OTP email verification#152
amills-93 wants to merge 1 commit into
summer26from
feat/multi-step-signup-otp-verification

Conversation

@amills-93

Copy link
Copy Markdown
Collaborator

Summary

  • Adds a new /auth/sign-up-verify page that accepts a 6-digit OTP before finalizing account creation, turning sign-up into a two-step email-verified flow
  • Replaces the direct Better Auth sendVerificationOTP call in request-otp.post.ts with a custom implementation using Node crypto, storing the OTP in the Verification table directly
  • Adds sign-up-verify.post.ts which validates the OTP, creates the User + Volunteer records in a transaction, then calls signInEmailOTP to issue a session — so the account is only created after the email address is confirmed
  • Adds a 30-second resend-code cooldown (with timer cleanup) to both the login and sign-up-verify pages
  • Fixes expiresIn unit in Better Auth emailOTP config (was milliseconds, must be seconds), exports transporter from server/utils/auth.ts, and adds error handling around sendVerificationOTP
  • Removes the password field from the sign-up schema and updates the auth middleware to whitelist /auth/sign-up-verify

Test plan

  • Complete sign-up flow: fill out form → receive OTP email → enter code → land on /volunteer/
  • Verify that navigating directly to /auth/sign-up-verify without going through sign-up redirects back to /auth/sign-up
  • Verify invalid/expired OTP returns a 400 error with "Invalid or expired code"
  • Verify duplicate email returns a 409 error
  • Verify resend button is disabled for 30 s after each send, then re-enables
  • Verify login page resend-code flow still works correctly

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants