diff --git a/CURRENT-STATUS.md b/CURRENT-STATUS.md new file mode 100644 index 0000000..32d9e61 --- /dev/null +++ b/CURRENT-STATUS.md @@ -0,0 +1,142 @@ +# Current Status & Remaining Work + +## ✅ Completed + +### 1. Code Duplication Fixed +- **Created**: `supabase/shared/email-template-renderer.ts` +- **Updated**: `send-auth-otp` imports from shared file (eliminates 260 lines of duplicate code) +- **Benefit**: Single source of truth for email master template + +### 2. Unconfirmed Email Login Detection +- **Added**: `isResendOTP` state to track existing users +- **Updated**: Login error handler detects "Email not confirmed" error +- **Result**: Shows helpful message when user tries to login with unconfirmed email + +## ⚠️ Remaining Work + +### Issue: Unconfirmed Email User Flow + +**Problem**: User registers → Closes tab → Tries to login → Gets error "Email not confirmed" → **What next?** + +**Current Behavior**: +``` +User tries to login → Error: "Email not confirmed" +→ Shows toast message +→ Sets isResendOTP = true +→ Shows OTP form +``` + +**Missing Pieces**: +1. ✅ Detection of unconfirmed email +2. ❌ **Need user_id to send OTP** (we only have email at this point) +3. ❌ **Need button to "Request OTP"** for existing users +4. ❌ **Need to fetch user_id from database** using email + +### Proposed Solution + +Add a new edge function or database query to get user_id by email: + +```typescript +// In useAuth hook +getUserIdByEmail: (email: string) => Promise +``` + +Then update the auth page flow: + +```typescript +if (error.message.includes('Email not confirmed')) { + // Fetch user_id from database + const userId = await getUserIdByEmail(email); + + if (userId) { + setPendingUserId(userId); + setIsResendOTP(true); + setShowOTP(true); + + toast({ + title: 'Email Belum Dikonfirmasi', + description: 'Silakan verifikasi email Anda. Kirim ulang kode OTP?', + }); + + // Auto-send OTP + const result = await sendAuthOTP(userId, email); + if (result.success) { + setResendCountdown(60); + } + } +} +``` + +### Quick Fix for Now (Manual) + +For immediate testing, you can: + +1. **Get user_id manually from database**: +```sql +SELECT id, email, email_confirmed_at +FROM auth.users +WHERE email = 'user@example.com'; +``` + +2. **Test OTP with curl**: +```bash +curl -X POST https://lovable.backoffice.biz.id/functions/v1/send-auth-otp \ + -H "Authorization: Bearer YOUR_SERVICE_KEY" \ + -H "Content-Type: application/json" \ + -d '{"user_id":"USER_ID_FROM_STEP_1","email":"user@example.com"}' +``` + +3. **User receives OTP** and can verify + +## Testing Checklist + +### Registration Flow ✅ +- [x] Register new user +- [x] Receive OTP email with master template +- [x] Enter OTP code +- [x] Email confirmed +- [x] Can login + +### Unconfirmed Email Login ⚠️ +- [x] Login fails with "Email not confirmed" error +- [ ] User can request new OTP +- [ ] User receives new OTP +- [ ] User can verify and login + +## Files Changed in This Session + +1. **supabase/shared/email-template-renderer.ts** (NEW) + - Extracted master template from src/lib + - Can be imported by edge functions + +2. **supabase/functions/send-auth-otp/index.ts** + - Removed 260 lines of duplicate EmailTemplateRenderer class + - Now imports from `../shared/email-template-renderer.ts` + +3. **src/pages/auth.tsx** + - Added `isResendOTP` state + - Updated login error handler + - Shows helpful message for unconfirmed email + +## Next Steps + +### Option 1: Quick Fix (5 minutes) +Add a "Request OTP" button that appears when login fails. User clicks button → enters email → we fetch user_id from database → send OTP. + +### Option 2: Complete Solution (15 minutes) +1. Create `get-user-by-email` edge function +2. Add `getUserIdByEmail` to useAuth hook +3. Auto-send OTP on login failure +4. Show "OTP sent" message +5. User enters OTP → verified → can login + +## For Now + +**Users who register but don't verify email**: +- Can't login (shows error) +- Need to register again with new email OR +- Manually verify via database query + +**This is acceptable for testing** but should be fixed before production use. + +Would you like me to implement the complete solution now?