This document explains the complete student verification flow implemented in the College Code Hub platform. The system ensures that only verified students can access the platform by requiring admin approval for all student registrations.
Student Registration → Admin Review → Approval/Rejection → Email Notification → Platform Access
When a student registers:
- Student fills out registration form with personal and college information
- System automatically sets
approval_status = 'pending'for all students - Student receives confirmation that registration is successful but pending approval
- Student is redirected to pending approval page
Registration Requirements:
- Name, Email, Password (required)
- Username (optional but recommended)
- College information (PRN, Department, Batch, etc.)
- Year of study
Admin Dashboard Access:
- Only users with
adminorsuper-adminroles can access/admin/approvals - Admins can view all pending registration requests
- Each request shows:
- Student's personal information
- College details (PRN, Department, Batch, Year)
- Registration date
- LinkedIn connection status (if applicable)
Admin Actions:
- Approve: Student account is activated, email notification sent
- Reject: Student account is rejected, email notification sent
Approval Email:
- Sent when admin approves student account
- Contains welcome message and platform access instructions
- Includes direct link to login page
Rejection Email:
- Sent when admin rejects student account
- Explains possible reasons for rejection
- Provides contact information for support
Pending Students:
- Cannot access protected routes
- Redirected to pending approval page when trying to login
- Can view pending approval status
Approved Students:
- Full access to platform features
- Can solve problems, participate in competitions
- Can update profile and connect with other students
Rejected Students:
- Cannot access platform
- Must contact support for assistance
-- Users table already includes:
approval_status VARCHAR(20) DEFAULT 'pending' CHECK (approval_status IN ('pending', 'approved', 'rejected'))
verified BOOLEAN DEFAULT false- Updated to check
approval_statusfor students - Blocks access for pending/rejected students
- Returns appropriate error messages
- Nodemailer integration for SMTP email sending
- HTML email templates for approval/rejection
- Configurable SMTP settings via environment variables
GET /api/auth/approvals/pending- Get pending approvals (admin only)PUT /api/auth/approvals/:id- Approve/reject user (admin only)- Updated login endpoints to handle verification status
- Updated to handle verification status
- Proper error handling for pending/rejected accounts
- Token management for different user states
- Enhanced error handling for verification status
- Automatic redirection to pending approval page
- Clear messaging about account status
- Informative page for students awaiting approval
- Clear instructions about next steps
- Professional design with status indicators
- Complete approval interface
- User information display
- Approve/Reject functionality
- Real-time updates
# Email Configuration
SMTP_HOST=smtp.gmail.com
SMTP_PORT=587
SMTP_SECURE=false
SMTP_USER=[email protected]
SMTP_PASS=your-app-password
# App Configuration
APP_NAME=College Code Hub
FRONTEND_URL=http://localhost:3000NEXT_PUBLIC_API_URL=http://localhost:5000- Approved Student:
[email protected]/password123 - Admin:
[email protected]/password123 - Super Admin:
[email protected]/password123 - Pending Student:
[email protected]/password123
- Go to
/auth/register - Fill out form with student information
- Submit registration
- Should redirect to pending approval page
- Check admin dashboard for new pending request
- Login as admin (
[email protected]) - Go to
/admin/approvals - View pending student information
- Click "Approve" or "Reject"
- Check email notification (if SMTP configured)
- Login with approved student account
- Should access dashboard successfully
- Try login with pending account
- Should redirect to pending approval page
- Enable 2-factor authentication on Gmail
- Generate App Password
- Use App Password in
SMTP_PASSenvironment variable - Set
SMTP_USERto your Gmail address
- Update
SMTP_HOST,SMTP_PORT,SMTP_SECUREaccordingly - Use appropriate authentication credentials
- Admin Access Control: Only verified admins can approve/reject users
- Email Validation: All email addresses are validated before sending
- Token Security: JWT tokens include user verification status
- Rate Limiting: Email sending is rate-limited to prevent spam
- Error Handling: Failed email sends don't break the approval process
-
Email Not Sending
- Check SMTP configuration
- Verify email credentials
- Check server logs for errors
-
Pending Students Can't Login
- Verify middleware is checking approval status
- Check user's approval_status in database
- Ensure proper error handling in frontend
-
Admin Can't Access Approvals
- Verify user has admin/super-admin role
- Check authentication middleware
- Ensure proper route protection
- Check database for user approval_status
- Verify JWT token contains correct user information
- Check server logs for authentication errors
- Test email configuration separately
- Verify frontend error handling
- Bulk Approval: Allow admins to approve multiple users at once
- Approval Reasons: Let admins provide reasons for rejection
- Email Templates: Customizable email templates
- Notification Settings: User preferences for email notifications
- Approval History: Track approval/rejection history
- Auto-approval: Rules for automatic approval based on criteria
For technical support or questions about the verification flow:
- Check server logs for detailed error messages
- Verify environment variables are correctly set
- Test email configuration with a simple test email
- Ensure database schema is up to date