Add admin-create registration + live email-verified flag
Registration now goes through POST /api/auth/register, which admin-creates the Kratos identity (unverified email, NO auto-sent code). Kratos self-service registration never returns the verification flow id, so the client could never submit the user's code to the right flow; admin creation lets the client own a single verification flow instead. Also surface the live Kratos verified flag and fix Apple audience + team IDs. - kratos.Client.CreateIdentity via admin API; ErrIdentityExists / ErrInvalidCredentials - AuthService.Register + AuthHandler.Register + public POST /api/auth/register/ - CurrentUser overrides stale user_profile.verified with the live Kratos flag; UserRepository.MarkVerified mirrors it back - configmap: additional_id_token_audiences allows the .dev bundle id_token - fix Apple/APNs team id V3PF3M6B6U -> X86BR9WTLD in .env.example + dev init Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Trey t
@@ -66,6 +66,16 @@ func (r *UserRepository) FindByID(id uint) (*models.User, error) {
|
||||
return &user, nil
|
||||
}
|
||||
|
||||
// MarkVerified sets user_userprofile.verified=true for the given user.
|
||||
// Syncs the local mirror with Kratos's verifiable_addresses.verified after
|
||||
// a successful verification flow. Idempotent — re-flipping an already-true
|
||||
// row is a guarded no-op write.
|
||||
func (r *UserRepository) MarkVerified(userID uint) error {
|
||||
return r.db.Model(&models.UserProfile{}).
|
||||
Where("user_id = ? AND verified = ?", userID, false).
|
||||
Update("verified", true).Error
|
||||
}
|
||||
|
||||
// FindByIDWithProfile finds a user by ID with profile preloaded
|
||||
func (r *UserRepository) FindByIDWithProfile(id uint) (*models.User, error) {
|
||||
var user models.User
|
||||
|
||||
Reference in New Issue
Block a user