feat(signup): added back to login functionality to OTP page*

[waleedlatif1]

Summary

added back to login functionality to OTP page, overhauled and remove custom OTP logic in favor of better-auth's native OTP functionality

Type of Change

• New feature

Testing

Tested manually.

Checklist

• Code follows project style guidelines
• Self-reviewed my changes
• Tests added/updated and passing
• No new warnings introduced
• I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
docs	Ready	Preview	Comment	Sep 17, 2025 10:52pm
sim	Ready	Preview	Comment	Sep 17, 2025 10:52pm

[greptile-apps]

Greptile Summary

This PR represents a significant overhaul of the authentication system, transitioning from custom OTP verification logic to better-auth's native OTP functionality. The changes fundamentally alter the verification flow by converting email verification into a sign-in process using client.signIn.emailOtp() instead of client.emailOtp.verifyEmail(). Key modifications include:

Authentication Flow Changes:

• Email verification now uses better-auth's sign-in OTP functionality rather than custom verification logic
• OTP types changed from 'email-verification' to 'sign-in' throughout the system
• Removed custom cookie-based verification tracking in favor of server-side enforcement
• Eliminated middleware-level email verification gating, now handled by better-auth server-side

User Experience Improvements:

• Added "Back to signup" functionality to the OTP verification page (replacing "Back to login")
• Simplified signup and login flows by removing complex conditional OTP sending logic
• Normalized email input handling with consistent trimming and lowercasing

Code Cleanup:

• Removed extensive inline comments across authentication components
• Eliminated manual localStorage and cookie tracking for user login history
• Simplified OAuth provider availability checking by removing placeholder value validation
• Removed unused props and parameters (like baseUrl) from verification components

Infrastructure Updates:

• Removed OAuth provider environment variables (Google, GitHub) and email service configuration from Docker Compose files
• Enabled email verification requirement in production environments (requireEmailVerification: isProd)

The changes integrate deeply with the existing authentication architecture, leveraging the established better-auth configuration while consolidating multiple authentication patterns into a unified OTP-based approach.

PR Description Notes:

• Title has a typo: "feat(signup): added back to login functionality to OTP page*" should likely be "feat(signup): added back to signup functionality to OTP page" based on the actual changes
• The asterisk (*) at the end of the title appears to be accidental

Confidence score: 2/5

• This PR introduces significant security concerns by converting email verification into actual sign-in authentication
• Score reflects the fundamental change from verification to authentication flow which could allow unauthorized access
• Pay close attention to apps/sim/app/(auth)/verify/use-verification.ts and apps/sim/lib/auth.ts for authentication flow changes

_{14 files reviewed, 3 comments}

_{Edit Code Review Bot Settings | Greptile}