Innova-AI/dictia-public
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Files
575db5e34206ff297ba92dc3a1c143f3d4f75218
dictia-public/config/env.email.example
Allison 37639a7d09 feat(auth): B-2.3 emails FR + DictIA branding (SMTP Resend) 
Rebrand src/services/email.py IN PLACE: French + DictIA + brand gradient
(#0062ff/#00bdd8/#00c896) — replaces legacy "Speakr" / #2563eb. Greetings now
use user.name with fallback to user.username. Subjects:
"Vérifiez votre courriel — DictIA" + "Réinitialiser votre mot de passe — DictIA".
SMTP_FROM_NAME defaults to DictIA. Footer points to info@dictia.ca with the
Loi 25 tagline.

Refonte 4 auth templates IN PLACE pour étendre marketing/base.html : check_email,
forgot_password, reset_password, verify_success. Tokens DictIA (brand-navy,
brand-bg, grad-bg, shadow-cta), French copy, WCAG patterns (label for,
focus-visible:outline-2, role=alert, aria-required, text-brand-navy/70 minimum,
NBSP français pour Loi 25 / 24 heures / 1 heure / 8 caractères).

Translate inline French flash messages in src/api/auth.py for /verify-email,
/resend-verification, /forgot-password, /reset-password. Anti-enumeration fix:
forgot_password no longer flashes the cooldown remaining (would leak account
existence) — silently skips resend, generic flash unchanged. Cooldown logic
in src/services/email.py UNCHANGED (60s — verified by test).

config/env.email.example: defaults to Resend SMTP at the top + adds Resend
to the provider examples list (preserves Gmail/SendGrid/Mailgun/SES/M365).

Tests: tests/test_email_service_dictia.py — 12 tests covering DictIA branding,
French copy, display-name fallback, anti-enumeration parity (forgot_password
returns identical message for known/unknown emails), 60s cooldown, SMTP-not-
configured returns False (no exception), check_email.html extends marketing/base
(no var(--text-primary) leaks). Includes Windows manual driver
(_run_email_service_dictia_windows.py) since pytest cannot collect on Windows
native (fcntl POSIX-only).

NO new dependency added (no resend SDK — SMTP via existing _send_email).
NO new route added or removed.
NO src/auth_extended/ created.
NO change to itsdangerous-based token logic.
templates/auth/**/*.html already in tailwind.config.js content array (B-2.2).

Verified locally on Windows manual driver: 12/12 PASS B-2.3, 9/9 PASS regression
on B-2.2 signup, 9/9 PASS regression on B-2.1 ConsentLog.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-27 23:02:20 -04:00

120 lines
4.0 KiB
Plaintext
Raw Blame History

###############################################################################
# Email Verification & Password Reset Configuration
###############################################################################
# Enable email verification for new user registrations.
# When enabled, new users must verify their email before full access.
# Default: false
ENABLE_EMAIL_VERIFICATION=false
# Require email verification to log in.
# Only effective when ENABLE_EMAIL_VERIFICATION=true.
# When true, users cannot log in until they verify their email.
# Default: false
REQUIRE_EMAIL_VERIFICATION=false
###############################################################################
# SMTP Configuration (Resend recommended for DictIA — Loi 25 compliant via DKIM/SPF/DMARC)
###############################################################################
# SMTP server hostname (required for email functionality)
# DictIA default: Resend SMTP relay (https://resend.com)
SMTP_HOST=smtp.resend.com
# SMTP server port
# Common ports: 587 (TLS/STARTTLS), 465 (SSL), 2587 (alt-TLS)
# Default: 587
SMTP_PORT=587
# SMTP authentication username
# For Resend: literal "resend"
SMTP_USERNAME=resend
# SMTP authentication password
# For Resend: an API key from https://resend.com/api-keys (starts with "re_")
SMTP_PASSWORD=re_xxxxxxxxxxxxxxxxxxxxxxxxxxx
# Use TLS/STARTTLS encryption (recommended for port 587)
# Default: true
SMTP_USE_TLS=true
# Use SSL encryption (for port 465)
# Note: Only enable one of SMTP_USE_TLS or SMTP_USE_SSL
# Default: false
SMTP_USE_SSL=false
# Email address that appears in the "From" field
# Domain MUST be verified in your Resend dashboard (DKIM + SPF + DMARC)
# Canonical for DictIA: noreply@dictia.ca
SMTP_FROM_ADDRESS=noreply@dictia.ca
# Display name that appears alongside the from address
# Default: DictIA
SMTP_FROM_NAME=DictIA
###############################################################################
# Provider-Specific Examples
###############################################################################
# --- Resend (recommended for DictIA — TLS, DKIM/SPF/DMARC, Cloudflare-friendly) ---
# SMTP_HOST=smtp.resend.com
# SMTP_PORT=587
# SMTP_USE_TLS=true
# SMTP_USERNAME=resend
# SMTP_PASSWORD=re_xxxxxxxxxxxxxxxxxxxxxxxxxxx # Get from https://resend.com/api-keys
# SMTP_FROM_ADDRESS=noreply@dictia.ca # Domain MUST be verified in Resend dashboard
# SMTP_FROM_NAME=DictIA
# --- Gmail ---
# SMTP_HOST=smtp.gmail.com
# SMTP_PORT=587
# SMTP_USE_TLS=true
# SMTP_USERNAME=your-email@gmail.com
# SMTP_PASSWORD=your-app-password # Generate at https://myaccount.google.com/apppasswords
# --- SendGrid ---
# SMTP_HOST=smtp.sendgrid.net
# SMTP_PORT=587
# SMTP_USE_TLS=true
# SMTP_USERNAME=apikey
# SMTP_PASSWORD=your-sendgrid-api-key
# --- Mailgun ---
# SMTP_HOST=smtp.mailgun.org
# SMTP_PORT=587
# SMTP_USE_TLS=true
# SMTP_USERNAME=postmaster@your-domain.mailgun.org
# SMTP_PASSWORD=your-mailgun-password
# --- Amazon SES ---
# SMTP_HOST=email-smtp.us-east-1.amazonaws.com
# SMTP_PORT=587
# SMTP_USE_TLS=true
# SMTP_USERNAME=your-ses-smtp-username
# SMTP_PASSWORD=your-ses-smtp-password
# --- Microsoft 365 / Outlook ---
# SMTP_HOST=smtp.office365.com
# SMTP_PORT=587
# SMTP_USE_TLS=true
# SMTP_USERNAME=your-email@yourdomain.com
# SMTP_PASSWORD=your-password
###############################################################################
# Notes
###############################################################################
# Token Expiry Times:
# - Email verification links expire after 24 hours
# - Password reset links expire after 1 hour
# Migration Behavior:
# - Existing users are automatically marked as email_verified=true
# - New users (when feature is enabled) start as email_verified=false
# Security Recommendations:
# - Always use TLS or SSL encryption
# - Use app-specific passwords or API keys when available (Resend, Gmail, etc.)
# - For DictIA: prefer Resend (DKIM/SPF/DMARC handled, Loi 25-friendly logs in EU)
# - Set a strong SECRET_KEY in your Flask configuration
Reference in New Issue View Git Blame Copy Permalink