Email verification (including business logic)


As Adam I want the user to verify that (s)he own the email that (s)he has provided.

Acceptance Criteria

  • When a new user is created with an email address, then the system will send an email requesting verification to the new user. (The system doesn't require an email address when creating a user.)

  • After email is changed by the user or by the administrator, an email is sent requiring the user to verify their email address.

  • When an existing email is changed to a new email, then the old email will be used for notifications until the new email address has been verified.

    • There is a visual indication showing the email address that is verified (in this case the old email address) and an email address has been changed and is pending verification.

  • The verification email title:


      1 Verify Your Email Address

      (most likely the first option as this mimic what we do for other user related emails)


      1 OpenLMIS - Verify Your Email Address
  • The sent email content:

    1 2 To verify your email address visit the following link:
  • When an email has been verified, the Email Verified checkbox in user details is updated as checked.

  • If the verification email is sent and not verified by the user within 12 hours of being sent then the email will expire.


  • New POST /users/auth/verifyEmail endpoint is added



Łukasz Lewczyński


Sam Im

Story Points


Time tracking


Epic Link



Fix versions