When you build an application there is a good chance that you'll want to restrict access to certain parts of it. You'll need to set up a user authe...
For further actions, you may consider blocking this person and/or reporting abuse
Hi Chris! Nice post! I have a question. When you register in the app and not verify the email, how do you control when other user wants to register in the app but with the same email that you previously registered but not verified it?
If the email is "in use" but not verified, the email's user can the recover password or send another code activation to its email.
One thing I'll suggest is, once a user post BioData for account registration, check if mail exist :
`
One thing I'll suggest is, once a user post BioData for account registration, check if mail exist
If (mail_exist){
is_mail_verified ? {ask user to confirm identity, by sending verification link to mail} : { redirect to login }
}
else{
register user and verify email
}
One thing I'll suggest is, once a user post BioData for account registration, check if mail exist :
If (mail_exist)
is_mail_verified ? {ask user to confirm identity, by sending verification link to mail} : { redirect to login }
}
else{
register user and verify email
}
Thank you! I solved that problem very similar to what you say.
Shouldn't the token expiration date be longer than 10 minutes? Just in case the user does not want to verify their account right away?
That is, of course, as flexible as you need. At the end, I think the question is, why do you need the code to expire at all. I guess, the shorter the period, the safer the system in general. But it's totally up to you.
Btw I am sorry for the late reply. Somehow I didn't receive any notifications. Cheers
Thanks for your reply. I guess a good reason for the token to expire is just in case the user's email gets hacked. Either by a hacker or a disgruntled boyfriend or girlfriend. If any of those people happen to find the link and the original user has not yet activated their account, they would be able to activate the account for them. However, activating the account alone would not give them the login credentials. I suppose the hackers can choose to reset the password at that point by entering the email address but even if they manage to do that, chances are the account does not contain any sensitive data since the original user never even activated the account. In the end, I suppose you're right. The token does not need to expire since no real harm will come from it even if someone manages to hack their email.
Brilliant solution, implemented it yesterday and it works great, thanks Chris!
Great that it worked out for you!
Hi Chris! Thanks for the post!
Btw, what is the point to save all the codes in to a collection instead of adding a new field to user model?
Is there any need to save the historical verification code?