fix(iam): implement email verification flow with new API routes and verification page

[ilramdhan]

Description

This pull request adds email verification as a required step in the authentication flow. Now, after logging in, users who need to verify their email will be redirected to a new verification page where they can enter a code sent to their email. The implementation includes new API endpoints for sending, resending, and verifying email codes, as well as updates to the authentication context and configuration.

Type of Change

• 🐛 Bug fix
• ✨ New feature
• 🎨 UI/UX improvement
• ♻️ Refactor
• 📚 Documentation
• 🔧 Chore (deps, config)

Module/Component Affected

• Dashboard
• Auth
• Finance
• HR / IT / CI / EXSIM
• Components (common/)
• Components (ui/)
• Navigation
• API Routes

Changes Made

Authentication Flow Enhancements:

• Added support for email verification during login: if the backend indicates that email verification is required, users are redirected to the /verify-email page after login. (src/app/(auth)/login/page.tsx, src/providers/auth-provider.tsx, src/app/api/v1/iam/auth/login/route.ts, src/lib/auth/types.ts) [1] [2] [3] [4]
• Updated AuthUser parsing to include the emailVerified property. (src/hooks/iam/use-current-user.ts)

New Email Verification UI:

• Introduced a new /verify-email page where users can enter a 6-digit code, resend the code (with cooldown), and handle error/success states. (src/app/(auth)/verify-email/page.tsx)

API Endpoints for Email Verification:

• Added endpoints for sending, resending, and verifying email verification codes:
  • POST /api/v1/iam/auth/send-email-verification (src/app/api/v1/iam/auth/send-email-verification/route.ts)
  • POST /api/v1/iam/auth/resend-email-verification (src/app/api/v1/iam/auth/resend-email-verification/route.ts)
  • POST /api/v1/iam/auth/verify-email (src/app/api/v1/iam/auth/verify-email/route.ts)

Configuration and Type Updates:

• Extended AUTH_ROUTES and AUTH_API to include new routes and endpoints for email verification. (src/lib/auth/config.ts) [1] [2]
• Exported new email verification request/response types. (src/lib/auth/types.ts)

Build Verification

• npm run lint passes
• npx tsc --noEmit passes
• npm run build succeeds

Accessibility

• Keyboard navigation works
• Screen reader compatible
• Proper ARIA labels
• Color contrast adequate

Performance

• No unnecessary re-renders
• Images optimized
• Heavy components lazy loaded

---

Pre-merge Checklist

• I have read and followed RULES.md
• I have read and followed CONTRIBUTING.md
• Loading states implemented (if data fetching)
• Error handling present
• Component props typed properly
• Uses semantic color classes
• Responsive design tested
• Dark mode compatible
• Screenshots included (for UI changes)

[Copilot]

Pull request overview

Implements an email verification step in the IAM authentication flow, adding a new verification page and API routes to send/resend/verify email codes, plus wiring the new flags/types through the auth client and provider.

Changes:

• Extended IAM auth generated types to include requiresEmailVerification and emailVerified, and added gRPC message/service definitions for send/resend/verify email.
• Added Next.js API routes for sending, resending, and verifying email verification codes.
• Added /verify-email UI page and updated login/auth provider plumbing to redirect when verification is required.

Reviewed changes

Copilot reviewed 10 out of 11 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
src/types/generated/iam/v1/auth.ts	Adds generated fields/messages and service methods for email verification.
src/providers/auth-provider.tsx	Returns requiresEmailVerification from login and keeps auth state in sync.
src/lib/auth/types.ts	Re-exports new generated request/response types and extends LoginResult.
src/lib/auth/config.ts	Adds AUTH_ROUTES.VERIFY_EMAIL and new AUTH_API endpoints.
src/hooks/iam/use-current-user.ts	Parses emailVerified into the AuthUser model.
src/app/api/v1/iam/auth/login/route.ts	Includes requiresEmailVerification in the login response payload.
src/app/api/v1/iam/auth/send-email-verification/route.ts	New route to send a verification code using the authenticated session.
src/app/api/v1/iam/auth/resend-email-verification/route.ts	New route to resend a verification code using the authenticated session.
src/app/api/v1/iam/auth/verify-email/route.ts	New route to verify a submitted email code using the authenticated session.
src/app/(auth)/verify-email/page.tsx	New client page to enter OTP, resend with cooldown, and submit verification.
src/app/(auth)/login/page.tsx	Redirects to verification page when requiresEmailVerification is returned.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The redirect to the email verification step is hard-coded as "/verify-email" even though AUTH_ROUTES now exposes VERIFY_EMAIL. Using the shared constant keeps auth flows consistent and avoids route drift (e.g., see verify-otp page using AUTH_ROUTES.* for navigation).

Suggested change

	router.push("/verify-email")
	router.push(AUTH_ROUTES.VERIFY_EMAIL)

[Copilot]

router.refresh() immediately after router.push(...) is likely redundant (navigation will already cause a new render/data fetch) and can trigger an extra refresh request. Consider removing it, or switching to a single navigation method (replace vs push) if the intent is to avoid keeping the verification page in history.

Suggested change

router.refresh()