gate magic link login on verified email delivery

The login page now only shows the magic link form when a test email has been sent successfully, not just when an adapter is configured. Saving email settings or disconnecting clears the flag so the admin must re-verify after config changes. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-21 22:25:27 +00:00
parent b0607621f3
commit 3dca9ad9d0
4 changed files with 71 additions and 2 deletions
--- a/lib/berrypod/mailer.ex
+++ b/lib/berrypod/mailer.ex
@@ -15,6 +15,27 @@ defmodule Berrypod.Mailer do
    adapter != nil and adapter != Swoosh.Adapters.Local
  end

+  @doc """
+  Returns whether email delivery has been verified via a successful test email.
+
+  This is the flag the login page uses to decide whether to show the magic link
+  form. A configured adapter alone isn't enough — the admin must have sent a
+  test email that succeeded.
+  """
+  def email_verified? do
+    email_configured?() and Settings.get_setting("email_verified", false) == true
+  end
+
+  @doc "Marks email delivery as verified (called after a successful test email)."
+  def mark_email_verified do
+    Settings.put_setting("email_verified", true, "boolean")
+  end
+
+  @doc "Clears the email verified flag (called when config changes)."
+  def clear_email_verified do
+    Settings.delete_setting("email_verified")
+  end
+
  @doc """
  Returns true if email is configured via environment variables (SMTP_HOST).