feat: verify email before downloading application

[jamdelion]

🎟️ Trello ticket: https://trello.com/c/EeJb0QVC/2614-harden-download-application-files-endpoint

In this PR:

• Added a 'Verify submission email' page, which links from the email the planning officer gets sent when a user submits an application
• On submission of a valid email address, the /download-application-files endpoint is called, which checks whether the email matches the submission email, and downloads the zip file if so.

To test 🧪

1. Create a flow that includes a Send component.
2. In Hasura, add a submission email to the team your flow is in (your email so that you have access to the link) - this is in the team_settings table
3. Fill out your flow as a user so that the application is submitted.
4. You should receive a 'New submission' email, containing a 'download application' link.
5. When you click the link, it should take you to a 'Verify your email' page.
6. If you fill in the submission email correctly, you should be able to download the application zipfile.
7. Incorrect email addresses should show an error message.

Screenshots

Before	After
Verify email form
With error message
With invalid email validation

Still to do:

• Plenty of test.todos to fill in
• Maybe show some sort of visual success when the application downloads correctly?
• The application summary table could be filled out with more details (from another endpoint request) - e.g. submission date, service name)

[github-actions]

Pizza

Deployed d578773 to https://4000.planx.pizza.

Useful links:

• Editor
• Storybook
• Hasura
• API
• ShareDB

[jessicamcinchak]

Really solid start ! A few initial code comments and flags for topics here that I think might make for good dev call discussion this week ? Will properly test on pizza next 👍

[jessicamcinchak]

Thanks for updating to use axios here ! A few comments on re-review, overall all working nearly as expected !

Before a final review, I think this one is a particularly good candidate to post to wider team while still in pizza-state for feedback if not already on your radar.

A few bigger-picture questions I have that would influence how/when it's merged:

• Does the "Download" page look PlanX-y enough / will council's see it as a trustworthy page to download an application from?
  • Do we need to a more-PlanX/Gov UK feeling header or something? I need to remember how Invite to Pay handles this?
• Will this new workflow break any existing integrations for councils using Send to Email?
  • Eg I have a hunch that Doncaster & Camden's internal IT teams are perhaps running scripts to auto-download email links from PlanX submission emails?
  • What's going to be the process for giving council's a headsup / trying to learn more about who might need to adjust things internally and helping them prepare for that rather than getting bug reports later?

[DafyddLlyr]

Testing and working as expected!

One comment about the layout that's worth addressing I think 👍

[DafyddLlyr]

Always good to see stories included - appreciate it!

[DafyddLlyr]

Good to see these .todo()s 👍