feat: implement blocking email verification modal

[HarshMN2345]

What does this PR do?

• Remove email verification banner in favor of blocking modal
• Add scrim background with blur effect to block console access
• Implement 60-second resend timer with localStorage persistence

Test Plan

Related PRs and Issues

(If this PR is related to any other PR or resolves any issue or related to any issue link all related PR and issues here.)

Have you read the Contributing Guidelines on issues?

yes

Summary by CodeRabbit

• New Features

  • Introduced a dedicated “Verify your email address” modal with a focused scrim.
  • Added a persistent resend timer (60s) with countdown that survives refreshes and prevents accidental re-sends.
  • Included a “Switch account” link directly in the modal.

• UX Improvements

  • Shows the user’s email and clear status messaging.
  • Contextual button label (Send/Resend) and disabled state during cooldown.
  • Modal auto-appears when verification is required and is non-dismissible for clarity.

• Removed

  • Replaced the header email verification banner with the modal.

[appwrite]

Console

Project ID: 688b7bf400350cbd60e9

Sites (2)

Site	Status	Logs	Preview	QR
console-qa 688b7cf6003b1842c9dc	Ready	View Logs	Preview URL
console-cloud 688b7c18002b9b871a8f	Ready	View Logs	Preview URL

Note

Appwrite has a Discord community with over 16 000 members.

[coderabbitai]

Walkthrough

• Deleted emailVerificationBanner.svelte and removed its export from src/lib/components/index.ts.
• Updated src/routes/(console)/+layout.svelte to remove EmailVerificationBanner and render SendVerificationEmailModal instead.
• Reworked sendVerificationEmailModal.svelte to control visibility via internal conditions or external show prop, render a non-dismissible Modal within a scrim, and handle email sending through a new sendVerificationEmail function.
• Added a persistent resend timer using localStorage with initialization, restoration on mount, countdown management, and cleanup on destroy.
• Added UI elements: displayed user email, a Switch account link, and a resend countdown message.

Possibly related PRs

• feat: added modal for email verfication #2354: Earlier iteration of sendVerificationEmailModal.svelte; this PR directly reworks its visibility and submit flow and adds a persistent resend timer.
• fix: hide email verification banner on wizard pages #2372: Modifies email verification banner visibility logic; related because this PR removes that banner and replaces the flow with the modal.

Suggested reviewers

• stnguyen90
• ItzNotABug

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title "feat: implement blocking email verification modal" succinctly and accurately summarizes the PR’s primary change — replacing the banner with a blocking modal that prevents console access until email verification — and aligns with the provided objectives and diffs. It is concise, specific, and uses a conventional "feat:" prefix appropriate for a feature addition. The title avoids unnecessary implementation detail while clearly conveying the main intent for reviewers scanning history.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat-block-console-until-verify

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/lib/components/account/sendVerificationEmailModal.svelte (1)

116-139: Scrub verification secrets from the URL after successful verification.

Leaving userId and secret in the address bar is a security/privacy risk (leaks via history, screenshots, support logs). Replace the URL with cleanUrl on success.

Apply this diff inside the success branch:

         try {
             await sdk.forConsole.account.updateVerification({ userId, secret });
             addNotification({
                 message: 'Email verified successfully',
                 type: 'success'
             });
             await Promise.all([
                 invalidate(Dependencies.ACCOUNT),
                 invalidate(Dependencies.FACTORS)
             ]);
+            // Remove sensitive query params from the URL without a navigation
+            if (browser) {
+                history.replaceState({}, '', cleanUrl);
+            }
         } catch (error) {

🧹 Nitpick comments (5)

src/lib/components/account/sendVerificationEmailModal.svelte (4)

195-209: Add a z-index to ensure the scrim truly blocks the console.

Without an explicit z-index, fixed/sticky elements with higher stacking contexts can sit above the scrim.

 .email-verification-scrim {
     position: fixed;
     top: 0;
     left: 0;
     width: 100%;
     height: 100%;
     background-color: hsl(240 5% 8% / 0.6);
     backdrop-filter: blur(4px);
     display: flex;
     align-items: center;
     justify-content: center;
+    z-index: 1000; /* ensure it overlays console chrome */
 }

---

168-174: Prefer reactive $user over get(user) in markup.

Using get() makes the email non-reactive and adds an unnecessary import.

-                            style="display: inline;">{get(user)?.email}</Typography.Text>
+                            style="display: inline;">{$user?.email}</Typography.Text>

Also remove the unused import:

-    import { get } from 'svelte/store';

---

60-60: Specify radix for parseInt.

Be explicit with base-10 to avoid surprises.

-            const timerEndTime = parseInt(savedTimerEnd);
+            const timerEndTime = parseInt(savedTimerEnd, 10);

---

176-177: Ensure “Switch account” is keyboard-accessible.

If Link requires href for focusability, switch to a button-styled control or provide href and prevent default in the handler.

Example:

-<Link variant="default" on:click={() => logout(false)}>Switch account</Link>
+<Button variant="link" on:click={() => logout(false)}>Switch account</Button>

src/routes/(console)/+layout.svelte (1)

367-368: Modal placement LGTM; consider gating at callsite (optional).

The component self-gates on isCloud and other conditions, but you could also wrap it here for tiny render savings.

Example:

{#if isCloud}
    <SendVerificationEmailModal />
{/if}

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f64ace1 and ae5dc7f.

📒 Files selected for processing (4)

• src/lib/components/account/sendVerificationEmailModal.svelte (2 hunks)
• src/lib/components/alerts/emailVerificationBanner.svelte (0 hunks)
• src/lib/components/index.ts (0 hunks)
• src/routes/(console)/+layout.svelte (2 hunks)

💤 Files with no reviewable changes (2)

• src/lib/components/alerts/emailVerificationBanner.svelte
• src/lib/components/index.ts

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: e2e
• GitHub Check: build

🔇 Additional comments (3)

src/lib/components/account/sendVerificationEmailModal.svelte (2)

158-166: Double overlay check.

The custom scrim plus Modal may result in two overlays/backdrops. If Modal already renders its own overlay, consider disabling it or reusing it (and applying the blur there) to avoid stacking/scroll issues.

---

40-51: Timer/persistence flow looks solid.

Good use of a saved end time and a countdown with rehydration.

src/routes/(console)/+layout.svelte (1)

48-50: Imports look correct and consistent with the new flow.

[coderabbitai]

⚠️ Potential issue

Don't clear localStorage on destroy; it defeats persistence of the resend timer.

Clearing TIMER_END_KEY/EMAIL_SENT_KEY in onDestroy breaks the “persist across reloads” goal and allows immediate resends after a refresh/navigation.

Apply this diff:

 onDestroy(() => {
     if (timerInterval) {
         clearInterval(timerInterval);
     }
-    // round up localstorage when component is destroyed
-    if (browser) {
-        localStorage.removeItem(TIMER_END_KEY);
-        localStorage.removeItem(EMAIL_SENT_KEY);
-    }
 });

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	onDestroy(() => {
	if (timerInterval) {
	clearInterval(timerInterval);
	}
	// round up localstorage when component is destroyed
	if (browser) {
	localStorage.removeItem(TIMER_END_KEY);
	localStorage.removeItem(EMAIL_SENT_KEY);
	}
	});
	onDestroy(() => {
	if (timerInterval) {
	clearInterval(timerInterval);
	}
	});

🤖 Prompt for AI Agents

In src/lib/components/account/sendVerificationEmailModal.svelte around lines 146
to 155, the onDestroy handler currently clears TIMER_END_KEY and EMAIL_SENT_KEY
from localStorage which breaks persistence across navigations; remove the
localStorage.removeItem calls from onDestroy so the resend timer state is
preserved across reloads and navigations, leaving only the
clearInterval(timerInterval) logic; ensure any clearing of those keys happens
only when the timer naturally expires or when an explicit cancel/reset action
occurs (not on component destroy).

[ItzNotABug]

why not button submit and use the onSubmit?