Sign up/in with email (+ magic link)
adamkdean opened this issue · 1 comments
We want to add a new feature to the account system: signing up/in with emails. ✉️
This will allow us to appeal to a larger range of (potential) customers.
The sign in interface will allow an email or account number to be input. When it's an email, upon submission, the system will need to dispatch an email with a "magic link" sign in link. Account number sign ins will remain unchanged.
For sign up, a similar thing will occur. Behind the scenes, a regular account will be generated, but will have the email linked to it (recovery email) and then an email will be dispatched. Clicking the link will both verify the recovery email and sign in the user.
Any questions, let me know.
To summarise what has been discussed on Discord:
Sign Up
Creating an account with have two separate (but similar) flows.
- Create anonymous account (current flow)
- Will remain largely unchanged.
- There will be some minor UI tweaks to the "recovery email" step as this will be renamed to something like just "email".
- Sign up with email (new flow). This will be a 3-step process
- Enter email address
- Verify email address (enter code sent to email address)
- Enable 2FA (optional)
Some notes:
- The account record will be added to db, along with an account number as normal, in step 1. There will be a verified: false
flag.
- Once the user inputs the code sent to the email, the account will be verified: true
. The user can log in after this step (if they chose to skip 2FA), so a session should be created.
- The account number will NOT be displayed during the sign up flow as we do not expect a user to note this down, so don't wish to add confusion.
- If something goes wrong mid-flow and the tab gets closed, the only way back would be through a link from the verification email. This would probably mean we need separate emails for verifying emails on account creation and for adding emails to existing accounts.
Sign In
One the landing page, the same input will be used for attempting a sign in with an account number or an email address.
If using an email address, the user will be sent an email with a link that will open a tab with a signed in session (unless 2FA is needed first).
Even if an account was created with an email, if the user notes down the account number (which they can still find in the accounts settings page), they would be able to log in with either or. Same for anonymous accounts; if they add an email they can sign in with it.
Unique Constraints on Emails
As is currently the case, any email that has been verified becomes a unique value. That is to say, multiple people can create accounts with the same email (or add to existing accounts) prior to verification. Once one of these accounts is verified, an error will be returned if someone tries to verify the email from a different account. Also, an error will be returned if the email is used to create a new account/added to an existing account.
Dormant Accounts
Just like with anonymous accounts, if an account is created and never used/verified, it will remain in the database with no regular clean up job. The are no major implications (at the moment) of having extra accounts sitting in the db other than just some extra data.
We may decide to do a clean up at some point, but this needs to be done with careful consideration so we don't accidentally delete accounts that are in use.
If an account is created with an email address but never verified, a new account can still be created with the same email address with no issue (see unique constraints above). This prevents people creating unverified accounts in bad faith with other people's email addresses, as until verified it means nothing.
UI Changes
There will be some UI changes needed as a result in addition to the obvious (changes to sign in flow).
- Account settings page will need the email section moved further up to demonstrates it's increased importance.
- "Recovery Email" will be renamed to something like simply "Email", as it's no longer only for recovering accounts. We can also note that it's used for email notifications.
- Email address may need adding to the "account details" panel on pages such as billing. Also to the menu where the masked account number is at top.
- We need the ability to change a linked email, rather than remove and re-add. This is to remove the risk of an email-first account being locked out of their account after removing their email address. Give the option to delete the email too, but add a warning to the modal stating that the account number will become the only way to access the account (API CHANGE NEEDED TOO)