jeffemmett
/
rspace-online
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
rspace-online/backlog/tasks/task-55 - Wire-up-account-s...

46 lines
2.0 KiB
Markdown
Raw Blame History

---
id: TASK-55
title: >-
Wire up account settings endpoints (email verification, device registration,
guardians)
status: Done
assignee:
- '@claude'
created_date: '2026-02-25 22:59'
labels:
- identity
- backend
- encryptid
dependencies: []
references:
- src/encryptid/server.ts
- src/encryptid/db.ts
- shared/components/rstack-identity.ts
priority: high
---
## Description
<!-- SECTION:DESCRIPTION:BEGIN -->
Add server-side endpoints for the three account settings features and wire up the client modals to use them. Email verification uses SMTP with 6-digit codes. Device registration uses WebAuthn for same-device passkey addition. Social recovery uses the existing guardian API.
<!-- SECTION:DESCRIPTION:END -->
## Acceptance Criteria
<!-- AC:BEGIN -->
- [ ] #1 POST /api/account/email/start sends 6-digit code via SMTP
- [ ] #2 POST /api/account/email/verify validates code and sets email on account
- [ ] #3 POST /api/account/device/start returns WebAuthn creation options for authenticated user
- [ ] #4 POST /api/account/device/complete stores new credential under existing account
- [ ] #5 Social recovery modal loads guardians from GET /api/guardians on open
- [ ] #6 Adding guardian calls POST /api/guardians with name + optional email
- [ ] #7 Removing guardian calls DELETE /api/guardians/:id
- [ ] #8 StoredChallenge.type includes device_registration
- [ ] #9 StoredRecoveryToken.type includes email_verification
<!-- AC:END -->
## Final Summary
<!-- SECTION:FINAL_SUMMARY:BEGIN -->
Implemented in commit 914d0e6. Added 4 new server endpoints under /api/account/ namespace. Email verification sends styled HTML email with 6-digit code via Mailcow SMTP, stores as recovery token. Device registration reuses existing challenge/credential infrastructure with new device_registration type. Client social recovery modal rewritten to use existing guardian API (add/remove individual guardians, load on open, show status). DB types extended for new token/challenge types.
<!-- SECTION:FINAL_SUMMARY:END -->
Reference in New Issue View Git Blame Copy Permalink