Consider email verification for submitting reports

Open jonasfj opened this issue 1 year ago • 1 comments

We may require email verification prior to submission of reports.

I think we should consider this. I imagine that we could use the current form, such that:

If you're signed-in, there is no email field (as today), you just enter content and hit send.
If you're not signed-in, you have two options:
- Sign-in to submit a report (initiating a sign-in flow)
- Submit report with email verification:
  - displays a form:
    - Enter email:
    - Enter content:
    - Hit [verify email button] (initiates consent flow, sending you an email)
  - When opening the consent flow to verify email, the page will display:
    - Report message you intend to sent
    - [Verify email and submit report button]

We could make this change in a follow up, but this way we could keep the reporting mechanism from being hit by bots (accidental or not).

Jul 25 '24 14:07 jonasfj

I was mostly thinking that this might be easy to do because we already have a consent flow.

We could also just use the consent flow to verify the email for the current session, and store the verified email in the session.

Then the report form will have two options:

If you're signed-in or have a verified email for current session: enter content and submit.
If you're not signed-in and have no verified email, you get two buttons:
- Sign-in to submit report
- Verify email to submit report.

Jul 25 '24 14:07 jonasfj