# Supabase Email Confirmation Setup

## Issue

By default, Supabase requires users to confirm their email before they can login. This causes the error:
```
Email not confirmed
```

## Solutions

### Option 1: Disable Email Confirmation (Recommended for Development)

1. Go to [Supabase Dashboard](https://supabase.com/dashboard)
2. Select your project
3. Navigate to **Authentication** → **Settings**
4. Scroll to **"Email Auth"** section
5. Find **"Enable email confirmations"**
6. **Uncheck/Disable it**
7. Save changes

**Pros:**
- Users can login immediately after registration
- No email setup required
- Faster development/testing

**Cons:**
- Less secure (anyone can register with any email)
- No email verification

### Option 2: Auto-Confirm Users via Service Role (Backend)

Use the Supabase Admin API to auto-confirm users after registration.

Update `src/app/core/supabase_auth.py`:

```python
async def sign_up(self, email: str, password: str, user_metadata: Optional[Dict[str, Any]] = None) -> Dict[str, Any]:
    try:
        # Create user
        response = self.client.auth.sign_up({
            "email": email,
            "password": password,
            "options": {
                "data": user_metadata or {}
            }
        })
        
        # Auto-confirm user using admin API
        if response.user:
            self.client.auth.admin.update_user_by_id(
                response.user.id,
                {"email_confirm": True}
            )
        
        return {
            "user": response.user,
            "session": response.session
        }
    except Exception as e:
        logger.error(f"Sign up error: {str(e)}")
        raise
```

**Pros:**
- Users can login immediately
- Email confirmation can be added later
- More control over user activation

**Cons:**
- Requires service role key
- More complex code

### Option 3: Enable Email Confirmation (Production)

For production, you should enable email confirmation and configure email templates.

1. **Enable Email Confirmation** in Supabase Dashboard
2. **Configure Email Templates**:
   - Go to **Authentication** → **Email Templates**
   - Customize "Confirm signup" template
   - Set redirect URL to your frontend
3. **Update Frontend**:
   - Show "Check your email" message after registration
   - Handle email confirmation callback
4. **Update Backend**:
   - Return appropriate message when email not confirmed
   - Provide "Resend confirmation email" endpoint

## Current Setup

Your backend is configured to work with **Option 1** (email confirmation disabled).

To test immediately:
1. Disable email confirmation in Supabase Dashboard
2. Run tests: `node tests/integration/test_auth_api.js`

## Testing

After disabling email confirmation, test the flow:

```bash
# Register new user
curl -X POST https://kamau1-swiftops-backend.hf.space/api/v1/auth/register \
  -H "Content-Type: application/json" \
  -d '{
    "email": "test@example.com",
    "password": "TestPass123",
    "first_name": "Test",
    "last_name": "User"
  }'

# Login immediately (no email confirmation needed)
curl -X POST https://kamau1-swiftops-backend.hf.space/api/v1/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "test@example.com",
    "password": "TestPass123"
  }'
```

## Recommendation

For development/testing: **Use Option 1** (disable email confirmation)
For production: **Use Option 3** (enable email confirmation with proper email setup)