From 4d6a09c3fd6f1fc3dbd4ef7cd35ccd14843f87be Mon Sep 17 00:00:00 2001
From: Michelle <michelle.winkler@miichelle.moe>
Date: Fri, 27 Feb 2026 17:21:01 +0100
Subject: [PATCH] Improve email verification error handling in registration and
 resend verification endpoints

---
 server/routes/auth.js | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/server/routes/auth.js b/server/routes/auth.js
index 4a9103e..9a79050 100644
--- a/server/routes/auth.js
+++ b/server/routes/auth.js
@@ -71,8 +71,13 @@ router.post('/register', async (req, res) => {
         try { appName = JSON.parse(brandingSetting.value).appName || appName; } catch {}
       }
 
-      sendVerificationEmail(email.toLowerCase(), display_name, verifyUrl, appName)
-        .catch(err => console.error('Verification mail failed (non-fatal):', err.message));
+      try {
+        await sendVerificationEmail(email.toLowerCase(), display_name, verifyUrl, appName);
+      } catch (mailErr) {
+        console.error('Verification mail failed:', mailErr.message);
+        // Account is created but email failed — user can resend from login page
+        return res.status(201).json({ needsVerification: true, emailFailed: true, message: 'Account created but verification email could not be sent. Please try resending.' });
+      }
 
       return res.status(201).json({ needsVerification: true, message: 'Verification email has been sent' });
     }
@@ -164,14 +169,17 @@ router.post('/resend-verification', async (req, res) => {
       try { appName = JSON.parse(brandingSetting.value).appName || appName; } catch {}
     }
 
-    // Fire-and-forget — do not await so SMTP timeouts don't fail the request
-    sendVerificationEmail(email.toLowerCase(), user.display_name || user.name, verifyUrl, appName)
-      .catch(err => console.error('Resend verification mail failed (non-fatal):', err.message));
+    try {
+      await sendVerificationEmail(email.toLowerCase(), user.display_name || user.name, verifyUrl, appName);
+    } catch (mailErr) {
+      console.error('Resend verification mail failed:', mailErr.message);
+      return res.status(502).json({ error: 'Email could not be sent. Please check your SMTP configuration.' });
+    }
 
     res.json({ message: 'If an account exists, a new email has been sent.' });
   } catch (err) {
     console.error('Resend verification error:', err);
-    res.status(500).json({ error: 'Email could not be sent' });
+    res.status(500).json({ error: 'Internal server error' });
   }
 });