[Security] Implement Two-Factor Authentication (2FA) and Email Verification System #46
Description
Problem
Currently, users can log in with any email, which allows them to impersonate others. This creates a security risk, as unverified users can access the platform and potentially abuse it. We need to introduce a system where:
- Users must verify their email address before accessing any features.
- Unverified accounts should be restricted from any actions.
- If an account remains unverified for a certain period, it should be deleted.
Objectives
- Implement email verification during the signup or login process.
- Restrict access to unverified users (e.g., no access to game features or profile updates).
- Send reminder emails for account verification.
- Automatically delete unverified accounts after a specified period (e.g., 24 or 48 hours).
- Introduce optional two-factor authentication (2FA) to further enhance account security for verified users.
Acceptance Criteria
- Users cannot access features or perform any actions until they verify their email.
- Unverified accounts are automatically deleted after a specified period if the email is not verified.
- 2FA system is introduced to allow verified users to add an extra layer of security.
- Email reminders are sent to users with unverified accounts.
- PR reviewed and tested to ensure functionality and security.
- Documentation updated to reflect changes in the account login and security flow.