How to prevent unverified users from accessing pages

Hi, I set up my app to require email verification, and the verification works. However, when I added a new page (“dashboard”), I noticed that the user can access the page without having email verified.

The steps are:

  1. User signs up, giving email and password
  2. User gets redirected to verify email screen.
  3. User ignores the verification, but instead enters manually an URL for the dashboard in the browser, e.g. https://domain.app/dashboard.
  4. The user gets access to the dashboard, as the header only checks if user is logged in, but not if they are verified.

Is this a bug or a feature? Can I prevent unverified but logged-in users accessing pages?

Thanks in advance,

Artur

Hello @artur.guja welcome to the forum!

To prevent logged-in users from accessing unwanted pages requires page redirection logic based on user roles and whether a user is logged in or out and whether a page is private or public.

Canvas handles this through >> logic & dBStructure << that is available in the header reusable, index page, role field in the userObject and options sets to manage Bubble pages.

You can read about this in the following section of the documentation. Also, I recommend that you watch the video below as it complements the documentation rather well. :smiley: