jamey/berrypod
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity

gate magic link login on verified email delivery
All checks were successful
deploy / deploy (push) Successful in 1m2s
Details

Browse Source 
The login page now only shows the magic link form when a test email has
been sent successfully, not just when an adapter is configured. Saving
email settings or disconnecting clears the flag so the admin must
re-verify after config changes.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
jamey 2026-02-21 22:25:27 +00:00
parent b0607621f3
commit 3dca9ad9d0
4 changed files with 71 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
lib/berrypod/mailer.ex
View File

@ -15,6 +15,27 @@ defmodule Berrypod.Mailer do
adapter != nil and adapter != Swoosh.Adapters.Local adapter != nil and adapter != Swoosh.Adapters.Local
end end
@doc """
Returns whether email delivery has been verified via a successful test email.
This is the flag the login page uses to decide whether to show the magic link
form. A configured adapter alone isn't enough — the admin must have sent a
test email that succeeded.
"""
def email_verified? do
email_configured?() and Settings.get_setting("email_verified", false) == true
end
@doc "Marks email delivery as verified (called after a successful test email)."
def mark_email_verified do
Settings.put_setting("email_verified", true, "boolean")
end
@doc "Clears the email verified flag (called when config changes)."
def clear_email_verified do
Settings.delete_setting("email_verified")
end
@doc """ @doc """
Returns true if email is configured via environment variables (SMTP_HOST). Returns true if email is configured via environment variables (SMTP_HOST).

7
lib/berrypod_web/live/admin/email_settings.ex
View File

@ -94,6 +94,8 @@ defmodule BerrypodWeb.Admin.EmailSettings do
Settings.delete_setting(key) Settings.delete_setting(key)
end end
Mailer.clear_email_verified()
# Reset to Local adapter # Reset to Local adapter
Application.put_env(:berrypod, Mailer, adapter: Swoosh.Adapters.Local) Application.put_env(:berrypod, Mailer, adapter: Swoosh.Adapters.Local)
@ -113,6 +115,8 @@ defmodule BerrypodWeb.Admin.EmailSettings do
case Mailer.send_test_email(user.email, socket.assigns.from_address) do case Mailer.send_test_email(user.email, socket.assigns.from_address) do
{:ok, _} -> {:ok, _} ->
Mailer.mark_email_verified()
{:noreply, {:noreply,
socket socket
|> assign(:sending_test, false) |> assign(:sending_test, false)
@ -174,6 +178,9 @@ defmodule BerrypodWeb.Admin.EmailSettings do
Settings.put_setting("email_from_address", from_address) Settings.put_setting("email_from_address", from_address)
end end
# Config changed — require re-verification
Mailer.clear_email_verified()
# Apply config immediately # Apply config immediately
Mailer.load_config() Mailer.load_config()

2
lib/berrypod_web/live/auth/login.ex
View File

@ -117,7 +117,7 @@ defmodule BerrypodWeb.Auth.Login do
form: form, form: form,
trigger_submit: false, trigger_submit: false,
registration_open: !Accounts.has_admin?(), registration_open: !Accounts.has_admin?(),
email_configured: Mailer.email_configured?() email_configured: Mailer.email_verified?()
)} )}
end end

43
test/berrypod_web/live/auth/login_test.exs
View File

@ -4,7 +4,14 @@ defmodule BerrypodWeb.Auth.LoginTest do
import Phoenix.LiveViewTest import Phoenix.LiveViewTest
import Berrypod.AccountsFixtures import Berrypod.AccountsFixtures
alias Berrypod.Mailer
describe "login page" do describe "login page" do
setup do
Mailer.mark_email_verified()
:ok
end
test "renders login page", %{conn: conn} do test "renders login page", %{conn: conn} do
{:ok, _lv, html} = live(conn, ~p"/users/log-in") {:ok, _lv, html} = live(conn, ~p"/users/log-in")
@ -15,6 +22,11 @@ defmodule BerrypodWeb.Auth.LoginTest do
end end
describe "user login - magic link" do describe "user login - magic link" do
setup do
Mailer.mark_email_verified()
:ok
end
test "sends magic link email when user exists", %{conn: conn} do test "sends magic link email when user exists", %{conn: conn} do
user = user_fixture() user = user_fixture()
@ -93,7 +105,7 @@ defmodule BerrypodWeb.Auth.LoginTest do
end end
end end
describe "email configured" do describe "email configured and verified" do
setup do setup do
original = Application.get_env(:berrypod, Berrypod.Mailer) original = Application.get_env(:berrypod, Berrypod.Mailer)
@ -102,6 +114,8 @@ defmodule BerrypodWeb.Auth.LoginTest do
api_key: "test" api_key: "test"
) )
Mailer.mark_email_verified()
on_exit(fn -> Application.put_env(:berrypod, Berrypod.Mailer, original) end) on_exit(fn -> Application.put_env(:berrypod, Berrypod.Mailer, original) end)
:ok :ok
end end
@ -114,6 +128,32 @@ defmodule BerrypodWeb.Auth.LoginTest do
end end
end end
describe "email configured but not verified" do
setup do
# Create user before switching adapter (fixture sends a confirmation email)
_user = user_fixture()
original = Application.get_env(:berrypod, Berrypod.Mailer)
Application.put_env(:berrypod, Berrypod.Mailer,
adapter: Swoosh.Adapters.Postmark,
api_key: "test"
)
Mailer.clear_email_verified()
on_exit(fn -> Application.put_env(:berrypod, Berrypod.Mailer, original) end)
:ok
end
test "hides magic link form and shows recovery link", %{conn: conn} do
{:ok, _lv, html} = live(conn, ~p"/users/log-in")
refute html =~ "Log in with email"
assert html =~ "Locked out?"
end
end
describe "login navigation" do describe "login navigation" do
test "redirects to setup page when the setup link is clicked", %{conn: conn} do test "redirects to setup page when the setup link is clicked", %{conn: conn} do
{:ok, lv, _html} = live(conn, ~p"/users/log-in") {:ok, lv, _html} = live(conn, ~p"/users/log-in")
@ -130,6 +170,7 @@ defmodule BerrypodWeb.Auth.LoginTest do
describe "re-authentication (sudo mode)" do describe "re-authentication (sudo mode)" do
setup %{conn: conn} do setup %{conn: conn} do
Mailer.mark_email_verified()
user = user_fixture() user = user_fixture()
%{user: user, conn: log_in_user(conn, user)} %{user: user, conn: log_in_user(conn, user)}
end end