Session log — Passwordless doctor system, hardening and fixes

InternalView platform →
← All session logs

Session log — Passwordless doctor system, hardening and fixes

12 June 2026, evening · Medilearn · Hasmukh with Claude · auto-published from the local journal entry. A polished narrative version can be requested in any future Claude session.

Summary

A long working session on medilearn.africa's doctor verification. Started as a planning request and became a full build-out. Audited what the 9 June session had built, found that a 10 June platform update had silently broken all doctor sign-in, repaired it, then rebuilt sign-in entirely as passwordless (emailed one-time codes and links) at Hasmukh's request. Ran his twelve-item improvement list, published the privacy notice, verified the Vimeo recordings were already properly locked (correcting an earlier wrong claim), fixed the broken activity log plugin, added Doctors to the site menu, and hardened the approvals screen after buttons started bouncing to the plugins list.

Decisions

  • Doctors never set a password. Sign-in is by a 6-digit emailed code or one-click link, both single use, expiring in 15 minutes, five attempts allowed, neutral responses that never reveal whether an email is registered. Devices stay signed in 7 days (platform limit).
  • Keep the proven parts of the existing plugin rather than rebuild from scratch.
  • One account per MP number, enforced at sign-up. MP numbers tidied at entry (uppercase, no spaces, MP prefix added to bare digits).
  • Declined applicants get a polite email and may resubmit corrected details with the same email address.
  • Verification stays manual against the HPCSA iRegister. No ID uploads, no extra personal data.
  • Operator alerts go to hasmukh@gajjar.co.za (changeable in the plugin's Notifications settings).
  • Kept Kenn's and Hasmukh's own doctor accounts, removed all test accounts.
  • The MCP connection was renamed from novamira-medilearn-africa to newpagemotor-medilearn to match the PM token name.

Changes made

  • ML Doctors plugin taken from 0.2.0 to 0.5.1 on the live site (served from /var/www/medistage), with backups at each step: name split (First name, Surname), re-registration with the new platform router (ajax valet, access tiers, structured results), emails rerouted through EP Email's authenticated SMTP, passwordless sign-in machinery, acknowledgement and approval and decline emails, operator alert email, weekly Monday reminder (key-guarded endpoint plus server schedule, installed with explicit approval), Check on HPCSA button, verification notes saved with approvals, warning flags (throwaway email, shared address, odd MP format), and finally all table controls detached from the platform's settings form so stray submissions cannot bounce the operator to the plugins list.
  • Privacy Notice written and published at /privacy (the consent box had linked to a missing page).
  • EP Audit Log patched: the 10 June platform update renamed the signed-in user property and the log had been failing on every admin action since. Compatibility helper added, verified clean.
  • "Doctors" added to the main site menu (theme instance Header_Nav).
  • Vimeo checked from inside the account: all recordings already hidden from Vimeo and embeddable only on medilearn.africa, account defaults Private and Nowhere. The morning's claim that recordings were publicly watchable was wrong and is corrected in the plan document.
  • Email DNS checked: SPF, DKIM and DMARC (p=none) all present.
  • Operator one-pager saved as "Doctor Approvals Checklist.md", annual HPCSA re-check created as a yearly calendar event (12 June 09:00 SAST).
  • Test accounts removed (drtest, janesmith, plus all accounts created during testing).
  • Full plan and updates in "20260612 Doctor Verification Plan.md"; detailed build log in the medilearn medistage project's sessions-log.

Follow-ups

  • Hasmukh to test the approvals screen after the v0.5.1 fix: Check on HPCSA, a note, then Approve on the waiting test applicant (projects@mobilearn.africa).
  • Tell Kenn about the audit log breakage so the proper fix lands upstream; an official EP update may overwrite the local patch (kept in the Doctor Verification folder for re-application).
  • Later: consider moving DMARC from monitoring to quarantine once real mail has flowed, and optimise the plugin's per-page-load user scan if doctor numbers grow.
  • When ready to announce, the system is complete and public: register, verify by hand, approve, watch.