commit 9caada2349ef60253e71281b5317feb29df41b90
Author: Lauren Zugai
Date: Tue Oct 28 18:07:05 2025 -0500
refactor(sessions): Separate 'verified' into 'emailVerified' + 'sessionVerified', other clean up
Because:
* We have had confusion around unverified sessions and the 'verified' flag
* We've introduced a band-aid fix in the front-end
This commit:
* Introduces clarity by separating 'verified' into 'sessionVerified' and 'emailVerified' across relevant endpoints
* Removes/reduces checks of verificationTokenId and/or tokenVerified to just tokenVerified, as these both check verificationTokenId and was unclear
* Fixes a case where auth-server is returning 'verified: true' for a non-2FA non-Sync unverified session, and removes corresponding front-end bandaid fixes
* Removes an env var previously added for testing that we don't need, updates docs for another covering that case
closes FXA-12454