scaffolding for #10262 ol registration

[mekarpeles]

Closes #10262

Technical

• adds xauthn verify / activate method
• refactors account plugin to shift logic to audit
• reclaims previous activate class for new style activation/verification
• DRY login cookies

Must be coordinated with https://git.archive.org/ia/petabox/-/merge_requests/5406/diffs

Stakeholders

@jimchamp

[Copilot]

Pull Request Overview

This PR implements scaffolding for OpenLibrary registration verification using Internet Archive's xauthn service, refactoring account authentication logic and improving code organization.

• Adds new xauthn verify/activate method for account verification
• Refactors account plugin to move Print Disability (PD) logic to the audit layer
• Consolidates login cookie management into reusable methods

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 8 comments.

File	Description
openlibrary/plugins/upstream/account.py	Refactors login logic, removes PD helper functions, adds new verification endpoint, and consolidates cookie handling
openlibrary/accounts/model.py	Moves PD-related functionality to OpenLibraryAccount class, adds InternetArchiveAccount.verify method, and integrates PD processing into audit_accounts

Comments suppressed due to low confidence (1)

[Copilot]

Pull request overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 6 comments.

[mekarpeles]

Re: Copilot round-2 review — Addressed all feedback:

Real bugs fixed:

• elif not pda: unreachable — changed to else: so REQUESTED status is correctly set when user has PD cookie but no special access yet.
• Enum vs int comparison — pd_status == PDRequestStatus.REQUESTED.value changed to pd_status == PDRequestStatus.REQUESTED (compare enum to enum, not to its int value).
• pd_status treats 0 as falsey — if rpd changed to if rpd is not None; also added int(rpd) normalization before constructing the enum.
• update_pd bugs — fixed if rpd → if rpd is not None; fixed save_preferences(**prefs) → save_preferences(prefs) (takes a dict, not unpacked kwargs).
• Double EMAILED update — removed the redundant update_pd(pda, EMAILED) call after send_pd_email() since send_pd_email already calls update_pd(rpd=EMAILED) internally.
• action.split(':') ValueError — changed to (action.split(':', 1) + [''])[:2] to safely handle actions with no colon or extra colons.
• send_verification_email removed but still called — restored both the module-level function and the Account.send_verification_email() instance method so the admin resend flow (admin/code.py:404) continues to work.

False positives (no changes needed):

• v not defined — v is the loop variable in for k, v in kwargs.items(), defined on the same line as the web.setcookie call.
• ol_user not defined — ol_user = ol_account.get_user() is assigned immediately before its first use, inside the same if ol_account := ... block.
• Incomplete conditional for yrg_banner_pref — if pref_key := ... is a walrus-operator assignment; the cookie is set only if the preference key exists. Correct as-is.
• Missing comma / syntax error in account_verify.GET — the code account_login().login(access=r['s3']['access'], secret=r['s3']['secret']) has no email argument and no syntax error.
• Login called as class method — account_login().login(...) correctly instantiates the handler then calls the method. Not a class method call.
• Bare raise / XXX comment — no bare raise or XXX exists in the current code. Stale comment from an earlier diff state.
• prd typo / ol_account undefined in send_pd_email — both were fixed in the previous round of Copilot review. Already resolved.

[mekarpeles]

Tested and works; should show some sort of toast message that verification succeeded and patron is logged in if the /account/verify?t= endpoint succeeds.

Tested subsequent activation attempts fail (as desired); token can only be used to activate + login once.

[mekarpeles]

Since email is sent from achive.org system, can this block of code be removed? Is it used anywhere?

https://github.com/internetarchive/openlibrary/pull/11052/changes#diff-884f3a712a7e51cce625ca19060335684272f33a967702b19e66e48dbdd1be69R223-R232

[mekarpeles]

TL;DR

Adds support for /account/verify?t=

Archive.org sendmail can be updated to email link for openlibrary.org
https://git.archive.org/ia/petabox/-/merge_requests/5406/diffs

Until this happens, the existing code should still work (for now it expects IA to send archive.org link). When we switch over, it should work automatically.

[Copilot]

Pull request overview

Copilot reviewed 7 out of 7 changed files in this pull request and generated 5 comments.

[jimchamp]

Since email is sent from achive.org system, can this block of code be removed? Is it used anywhere?

https://github.com/internetarchive/openlibrary/pull/11052/changes#diff-884f3a712a7e51cce625ca19060335684272f33a967702b19e66e48dbdd1be69R223-R232

I think you're talking about clear_cookies. Isn't this used when we login from /admin/people?

[jimchamp]

This all seems fine to me.

I fixed a merge conflict related to our recent open redirect fixes. The commit is here. Please check it out before merging.