feat(otp): added environemnt variable to control enforcement of verified accounts

[waleedlatif1]

Summary

added environemnt variable to control enforcement of verified accounts, instead of using a complicated combination of hasEmailService & isProd. defaults to FALSE so maintains full backwards compatibility.

Type of Change

• Bug fix
• New feature

Testing

Tested manually.

Checklist

• Code follows project style guidelines
• Self-reviewed my changes
• Tests added/updated and passing
• No new warnings introduced
• I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
docs	Building	Preview	Comment	Sep 22, 2025 6:04pm
sim	Building	Preview	Comment	Sep 22, 2025 6:04pm

[greptile-apps]

Greptile Summary

This PR introduces a new environment variable EMAIL_VERIFICATION_ENABLED to provide explicit control over email verification enforcement in the authentication system. Previously, the system relied on a complex combination of hasEmailService() and isProd checks to determine when to enforce email verification, which created tight coupling between email service availability and verification requirements.

The changes span across multiple files in the authentication flow:

1. Environment Configuration: The new EMAIL_VERIFICATION_ENABLED variable is added to env.ts with proper Zod validation as an optional boolean that defaults to false

2. Authentication Logic: In auth.ts, the requireEmailVerification setting now uses the new isEmailVerificationEnabled flag instead of the complex isProd && hasEmailService() logic

3. Verification Components: The verification UI components (verify-content.tsx, page.tsx) now accept and use an isEmailVerificationEnabled prop to conditionally render verification forms and handle user flow

4. Verification Hook: The useVerification hook is updated to accept the new parameter and use it for controlling OTP sending and verification skip logic

5. Configuration Files: Both Helm configuration files (values.yaml and values-production.yaml) are updated to include the new environment variable with appropriate documentation

6. Environment Utilities: A new isEmailVerificationEnabled helper is added to environment.ts following the same pattern as other feature flags like isBillingEnabled

This change provides better separation of concerns by decoupling email verification enforcement from email service configuration and production environment detection. The default value of false ensures full backwards compatibility, meaning existing deployments will continue to work without requiring email verification unless explicitly configured.

Confidence score: 4/5

• This PR is safe to merge with low risk of breaking existing functionality
• Score reflects well-structured changes with proper environment variable handling and backwards compatibility, but manual testing only
• Pay close attention to the authentication flow in production environments to ensure the new environment variable is properly configured

_{8 files reviewed, 1 comment}

_{Edit Code Review Bot Settings | Greptile}

[greptile-apps]

logic: Should verify email verification is enabled before attempting to send OTP in the initial setup useEffect (lines 79-83) as well, similar to how resendCode now checks this condition

Suggested change

	if (!email || !hasEmailService || !isEmailVerificationEnabled) return
	if (email && !isSendingInitialOtp && hasEmailService && isEmailVerificationEnabled) {