[FEATURE]: Fix Email Verification Token Generation and Security Flow

[Likhi2005]

Problem Statement

Fix Email Verification Token Generation and Security Flow

Description

The current implementation only includes token generation and hashing logic. The email verification flow has not yet been fully integrated into the authentication system.

Current State

• Verification token generation implemented using crypto.randomBytes(32)
• SHA-256 hashing implemented for secure database storage
• Email templates created
• No integration with user registration flow
• No verification endpoint implementation
• No token expiration handling
• No token cleanup after successful verification

Proposed Solution

Tasks

• Add verification token fields to user model
• Add token expiration timestamp
• Generate verification token during user registration
• Store hashed token in database
• Send verification email containing raw token
• Create email verification endpoint
• Validate token hash against stored value
• Check token expiration
• Mark user as verified upon successful validation
• Remove verification token after use
• Add resend verification email functionality
• Add rate limiting for resend requests
• Add unit and integration tests

Acceptance Criteria

• Users receive verification email after registration
• Verification link validates correctly
• Expired tokens are rejected
• Used tokens cannot be reused
• User account is marked as verified after successful verification
• Verification flow is covered by tests

Priority

Medium

Labels

enhancement, authentication, email-verification, security

Alternatives Considered

No response