############################################################################### # Email Verification & Password Reset Configuration ############################################################################### # Enable email verification for new user registrations. # When enabled, new users must verify their email before full access. # Default: false ENABLE_EMAIL_VERIFICATION=false # Require email verification to log in. # Only effective when ENABLE_EMAIL_VERIFICATION=true. # When true, users cannot log in until they verify their email. # Default: false REQUIRE_EMAIL_VERIFICATION=false ############################################################################### # SMTP Configuration (Resend recommended for DictIA — Loi 25 compliant via DKIM/SPF/DMARC) ############################################################################### # SMTP server hostname (required for email functionality) # DictIA default: Resend SMTP relay (https://resend.com) SMTP_HOST=smtp.resend.com # SMTP server port # Common ports: 587 (TLS/STARTTLS), 465 (SSL), 2587 (alt-TLS) # Default: 587 SMTP_PORT=587 # SMTP authentication username # For Resend: literal "resend" SMTP_USERNAME=resend # SMTP authentication password # For Resend: an API key from https://resend.com/api-keys (starts with "re_") SMTP_PASSWORD=re_xxxxxxxxxxxxxxxxxxxxxxxxxxx # Use TLS/STARTTLS encryption (recommended for port 587) # Default: true SMTP_USE_TLS=true # Use SSL encryption (for port 465) # Note: Only enable one of SMTP_USE_TLS or SMTP_USE_SSL # Default: false SMTP_USE_SSL=false # Email address that appears in the "From" field # Domain MUST be verified in your Resend dashboard (DKIM + SPF + DMARC) # Canonical for DictIA: noreply@dictia.ca SMTP_FROM_ADDRESS=noreply@dictia.ca # Display name that appears alongside the from address # Default: DictIA SMTP_FROM_NAME=DictIA ############################################################################### # Provider-Specific Examples ############################################################################### # --- Resend (recommended for DictIA — TLS, DKIM/SPF/DMARC, Cloudflare-friendly) --- # SMTP_HOST=smtp.resend.com # SMTP_PORT=587 # SMTP_USE_TLS=true # SMTP_USERNAME=resend # SMTP_PASSWORD=re_xxxxxxxxxxxxxxxxxxxxxxxxxxx # Get from https://resend.com/api-keys # SMTP_FROM_ADDRESS=noreply@dictia.ca # Domain MUST be verified in Resend dashboard # SMTP_FROM_NAME=DictIA # --- Gmail --- # SMTP_HOST=smtp.gmail.com # SMTP_PORT=587 # SMTP_USE_TLS=true # SMTP_USERNAME=your-email@gmail.com # SMTP_PASSWORD=your-app-password # Generate at https://myaccount.google.com/apppasswords # --- SendGrid --- # SMTP_HOST=smtp.sendgrid.net # SMTP_PORT=587 # SMTP_USE_TLS=true # SMTP_USERNAME=apikey # SMTP_PASSWORD=your-sendgrid-api-key # --- Mailgun --- # SMTP_HOST=smtp.mailgun.org # SMTP_PORT=587 # SMTP_USE_TLS=true # SMTP_USERNAME=postmaster@your-domain.mailgun.org # SMTP_PASSWORD=your-mailgun-password # --- Amazon SES --- # SMTP_HOST=email-smtp.us-east-1.amazonaws.com # SMTP_PORT=587 # SMTP_USE_TLS=true # SMTP_USERNAME=your-ses-smtp-username # SMTP_PASSWORD=your-ses-smtp-password # --- Microsoft 365 / Outlook --- # SMTP_HOST=smtp.office365.com # SMTP_PORT=587 # SMTP_USE_TLS=true # SMTP_USERNAME=your-email@yourdomain.com # SMTP_PASSWORD=your-password ############################################################################### # Notes ############################################################################### # Token Expiry Times: # - Email verification links expire after 24 hours # - Password reset links expire after 1 hour # Migration Behavior: # - Existing users are automatically marked as email_verified=true # - New users (when feature is enabled) start as email_verified=false # Security Recommendations: # - Always use TLS or SSL encryption # - Use app-specific passwords or API keys when available (Resend, Gmail, etc.) # - For DictIA: prefer Resend (DKIM/SPF/DMARC handled, Loi 25-friendly logs in EU) # - Set a strong SECRET_KEY in your Flask configuration