Add email verification check before showing the Gravatar Quick Editor

[pinarol]

Fixes #

Adds an email verification check before showing the Gravatar Quick Editor because a user with an unverified email can't change their avatars due to a recent backend fix. Gravatar needs to have a strict policy that accounts who haven’t verified there email cannot use Gravatar.

The Gravatar Quick Editor handles the unauthorized errors with a session expired message so it's good to have a more accurate and descriptive alert here. In the meantime we'll work on the message on the SDK side.

To test:

You can use a temp inbox like www.emailondeck.com to create an email
Logout and create a new user
Go to Me > My Profile > Add profile photo
Observe: An alert pops saying To update your avatar, you need to verify your email address first.
Go to your inbox, verify the email
Go back to Me and repeat the steps
Observe: Gravatar Quick Editor shows

Regression Notes

1. Potential unintended areas of impact

2. What I did to test those areas of impact (or what existing automated tests I relied on)

3. What automated tests I added (or what prevented me from doing so)

PR submission checklist:

• I have completed the Regression Notes.
• I have considered adding unit tests for my changes.
• I have considered adding accessibility improvements for my changes.
• I have considered if this change warrants user-facing release notes and have added them to RELEASE-NOTES.txt if necessary.

Testing checklist:

• WordPress.com sites and self-hosted Jetpack sites.
• Portrait and landscape orientations.
• Light and dark modes.
• Fonts: Larger, smaller and bold text.
• High contrast.
• VoiceOver.
• Languages with large words or with letters/accents not frequently used in English.
• Right-to-left languages. (Even if translation isn’t complete, formatting should still respect the right-to-left layout)
• iPhone and iPad.
• Multi-tasking: Split view and Slide over. (iPad)

[dangermattic]

	1 Warning
⚠️	This PR is assigned to the milestone 25.6 ❄️. The due date for this milestone has already passed. Please assign it to a milestone with a later deadline or check whether the release for this milestone has already been finished.

Generated by 🚫 Danger

[wpmobilebot]

📲 You can test the changes from this Pull Request in WordPress Alpha by scanning the QR code below to install the corresponding build.

	App Name	WordPress Alpha
	Configuration	Release-Alpha
	Build Number	pr23920-0e65dde
	Version	25.6
	Bundle ID	org.wordpress.alpha
	Commit	0e65dde
	App Center Build	WPiOS - One-Offs #11222

Automatticians: You can use our internal self-serve MC tool to give yourself access to App Center if needed.

[wpmobilebot]

📲 You can test the changes from this Pull Request in Jetpack Alpha by scanning the QR code below to install the corresponding build.

	App Name	Jetpack Alpha
	Configuration	Release-Alpha
	Build Number	pr23920-0e65dde
	Version	25.6
	Bundle ID	com.jetpack.alpha
	Commit	0e65dde
	App Center Build	jetpack-installable-builds #10260

Automatticians: You can use our internal self-serve MC tool to give yourself access to App Center if needed.

[kean]

Hey, I'm not sure how accurate this field is. The usage of it was removed from the app, and I was planning to remove the field as well in favor of relying on the server to tell you which operations are not permitted without hardcoding it on the client. What happens if the client doesn't hardcode this check?

[pinarol]

What happens if the client doesn't hardcode this check?

Sounds good to me but is there a way to currently achieve that on the JP side?

We want to improve our endpoints to know the reason as to why 401 unauthorized is thrown. That way we'll be able to show a better error. Unfortunately we didn't have chance to come up with a better solution on the SDK side yet(holidays).

There has been a very recent backend change on the Gravatar side. Before that, the Quick Editor worked successfully for unverified emails, but it turns out this isn't supposed to be happening so it's fixed urgently. So, a "session expired" error is displayed in the Gravatar Quick Editor for unverified emails which can be misleading and confusing. This is just an attempt to show a better message until we sort things out the SDK side.

Although I am not sure when this change would be live even if we merged this...