From e2b421c88479857831e938acb311aef5127f38b4 Mon Sep 17 00:00:00 2001
From: Ellie Huxtable <ellie@atuin.sh>
Date: Tue, 27 Jan 2026 13:56:18 -0800
Subject: feat: remove user verification functionality (#3108)

<!-- Thank you for making a PR! Bug fixes are always welcome, but if
you're adding a new feature or changing an existing one, we'd really
appreciate if you open an issue, post on the forum, or drop in on
Discord -->

## Checks
- [ ] I am happy for maintainers to push small adjustments to this PR,
to speed up the review cycle
- [ ] I have checked that there are no existing pull requests for the
same thing

---------

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
---
 crates/atuin-server/src/handlers/user.rs | 105 -------------------------------
 1 file changed, 105 deletions(-)

(limited to 'crates/atuin-server/src/handlers')

diff --git a/crates/atuin-server/src/handlers/user.rs b/crates/atuin-server/src/handlers/user.rs
index 4edd1787..c6fec51e 100644
--- a/crates/atuin-server/src/handlers/user.rs
+++ b/crates/atuin-server/src/handlers/user.rs
@@ -13,8 +13,6 @@ use axum::{
 };
 use metrics::counter;
 
-use postmark::{Query, reqwest::PostmarkClient};
-
 use rand::rngs::OsRng;
 use tracing::{debug, error, info, instrument};
 
@@ -178,109 +176,6 @@ pub async fn delete<DB: Database>(
     Ok(Json(DeleteUserResponse {}))
 }
 
-#[instrument(skip_all, fields(user.id = user.id))]
-pub async fn send_verification<DB: Database>(
-    UserAuth(user): UserAuth,
-    state: State<AppState<DB>>,
-) -> Result<Json<SendVerificationResponse>, ErrorResponseStatus<'static>> {
-    let settings = state.0.settings;
-    debug!("request to verify user {}", user.username);
-
-    if !settings.mail.enabled {
-        return Ok(Json(SendVerificationResponse {
-            email_sent: false,
-            verified: false,
-        }));
-    }
-
-    if user.verified.is_some() {
-        return Ok(Json(SendVerificationResponse {
-            email_sent: false,
-            verified: true,
-        }));
-    }
-
-    // TODO: if we ever add another mail provider, can match on them all here.
-    let postmark_token = match settings.mail.postmark.token {
-        Some(token) => token,
-        _ => {
-            error!("Failed to verify email: got None for postmark token");
-            return Err(ErrorResponse::reply("mail not configured")
-                .with_status(StatusCode::INTERNAL_SERVER_ERROR));
-        }
-    };
-
-    let db = &state.0.database;
-
-    let verification_token = db
-        .user_verification_token(user.id)
-        .await
-        .expect("Failed to verify");
-
-    debug!("Generated verification token, emailing user");
-
-    let client = PostmarkClient::builder()
-        .base_url("https://api.postmarkapp.com/")
-        .server_token(postmark_token)
-        .build();
-
-    let req = postmark::api::email::SendEmailRequest::builder()
-        .from(settings.mail.verification.from)
-        .subject(settings.mail.verification.subject)
-        .to(user.email)
-        .body(postmark::api::Body::text(format!(
-            "Please run the following command to finalize your Atuin account verification. It is valid for 15 minutes:\n\natuin account verify --token '{verification_token}'"
-        )))
-        .build();
-
-    req.execute(&client)
-        .await
-        .expect("postmark email request failed");
-
-    debug!("Email sent");
-
-    Ok(Json(SendVerificationResponse {
-        email_sent: true,
-        verified: false,
-    }))
-}
-
-#[instrument(skip_all, fields(user.id = user.id))]
-pub async fn verify_user<DB: Database>(
-    UserAuth(user): UserAuth,
-    state: State<AppState<DB>>,
-    Json(token_request): Json<VerificationTokenRequest>,
-) -> Result<Json<VerificationTokenResponse>, ErrorResponseStatus<'static>> {
-    let db = state.0.database;
-
-    if user.verified.is_some() {
-        return Ok(Json(VerificationTokenResponse { verified: true }));
-    }
-
-    let token = db.user_verification_token(user.id).await.map_err(|e| {
-        error!("Failed to read user token: {e}");
-
-        ErrorResponse::reply("Failed to verify").with_status(StatusCode::INTERNAL_SERVER_ERROR)
-    })?;
-
-    if token_request.token == token {
-        db.verify_user(user.id).await.map_err(|e| {
-            error!("Failed to verify user: {e}");
-
-            ErrorResponse::reply("Failed to verify").with_status(StatusCode::INTERNAL_SERVER_ERROR)
-        })?;
-    } else {
-        info!(
-            "Incorrect verification token {} vs {}",
-            token_request.token, token
-        );
-
-        return Ok(Json(VerificationTokenResponse { verified: false }));
-    }
-
-    Ok(Json(VerificationTokenResponse { verified: true }))
-}
-
 #[instrument(skip_all, fields(user.id = user.id, change_password))]
 pub async fn change_password<DB: Database>(
     UserAuth(mut user): UserAuth,
-- 
cgit v1.3.1