Add verified_at timestamp to use for spam prevention

User are marked as verified after a join code is redeemed. The user is
redirected to Users::VerificationsController, either:

- after submitting a valid magic link code,
- or immediately after redeeming the join code (if they're already
  authenticated with the correct identity)

Account owners are automatically verified when the account is
created (because they have already provided a magic link code at that
point).

This sets up for later commits that will backfill existing users and
require verification before sending notification emails.

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Mike Dalessio
2025-12-04 20:20:20 -05:00
parent fa549a370b
commit 4602cd3cdd
16 changed files with 101 additions and 9 deletions
@@ -0,0 +1,24 @@
require "test_helper"
class Users::VerificationsControllerTest < ActionDispatch::IntegrationTest
test "new renders the auto-submit form" do
sign_in_as :david
get new_users_verification_path
assert_response :ok
end
test "create verifies the user and redirects to join" do
sign_in_as :david
user = users(:david)
user.update_column(:verified_at, nil)
assert_not user.verified?
post users_verifications_path
assert_redirected_to new_users_join_path
assert user.reload.verified?
end
end