User email verification after email address update

7 posts, 0 answers
  1. David
    David avatar
    30 posts
    Member since:
    Sep 2010

    Posted 06 Nov 2014 Link to this post

    So, after a new user account is created in Backend, a verification email is (can be) sent to the user. That works perfectly.

    But what happens when the user changes their email address (and doesn't actually create a new account in Backend, just an update to the account)? I don't believe a new verification email is sent out. Is there any way to have this happen? And if not, any suggestions? Obviously, it's important to verify the new email address.

    Thanks,
    David
  2. Anton Dobrev
    Admin
    Anton Dobrev avatar
    539 posts

    Posted 10 Nov 2014 Link to this post

    Hi David,

    Thank you for your input on this. Unfortunately, this functionality is not supported out of the box in the Backend Services API, but you may want to consider the following approach:

    1. Open the Cloud Code for the Users content type.
    2. In the beforeUpdate event register a logic that verifies if the update is on the Email field of the user registration. If YES - make an additional call to Users by the Id of this user and set the property IsVerified to false. Note that you need to make the call with a Master Key authentication, e.g. instantiate the Everlive instance with Everlive.Sdk.withMasterKey().
    3. Pass to the current context of the beforeUpdate event a variable that contains the state of the user, for example:
    context.userChangedEmail = true;

    3. In the afterUpdate event, verify the context for change in the email field:
    if (context.userChangedEmail) {
     // resend verification email
    }

    You can read more about this topic in this documentation article. How to make external calls from the Cloud Code is explained here.

    Unfortunately, currently our security API does not allow toggling the IsVerified property of a user registration even with a Master Key authentication. This is possible only when calling the verify endpoint described in the article above. We decided that exposing the ability to set this property would be useful in custom verification scenarios. This is expected to be deployed to our Live environment within 24 hours and you should be able to implement the above workflow with no impediments. I will update this thread with the progress on this task.

    Let me know if you have questions.

    Regards,
    Anton Dobrev
    Telerik
     
    Everlive is now Telerik Backend Services, and is part of the Telerik Platform.
     
  3. David
    David avatar
    30 posts
    Member since:
    Sep 2010

    Posted 11 Nov 2014 in reply to Anton Dobrev Link to this post

    This is perfect, thanks for the explanations. I'll need to dig into it a bit more, but it all makes sense.

    Thanks,
    David
  4. Anton Dobrev
    Admin
    Anton Dobrev avatar
    539 posts

    Posted 12 Nov 2014 Link to this post

    Hello David,

    The REST API now supports toggling the "IsVerified" property of the user registration with a master key authorization. You can now proceed with the implementation of this scenario.

    Please, let me know if you have further questions.

    Regards,
    Anton Dobrev
    Telerik
     
    Everlive is now Telerik Backend Services, and is part of the Telerik Platform.
     
  5. David
    David avatar
    30 posts
    Member since:
    Sep 2010

    Posted 07 May in reply to Anton Dobrev Link to this post

    Anton,

    So it appears after an account is verified, the "VerficationCode" is set to null. I'm able to successfully change isVerified back to false (from true) using the REST API as stated above, but the VerificationCode does not reset from null. If I attempt to manually change the VerificationCode using the REST API, that doesn't seem to work either.

    Any advice?

  6. Tsvetomir Nedyalkov
    Admin
    Tsvetomir Nedyalkov avatar
    7 posts

    Posted 10 May Link to this post

    Hello David,

    I am sorry to hear that you still are experiencing problems with the User Verification mechanism.




    We investigated the issue and unfortunately it seems that there is a bug on our side, which leads to the current incorrect behavior:

    1. When the user changes his email, the system does send Verification email to the new email and "IsVerified" is set to false, but the VerificationCode of the user remains null.

    2. If the user uses the provided link in the email, the Verification does not succeed due to the not set VerificationCode.

    3. Even if the "IsVerified" property of the User is set to false through the REST API, the VerificationCode remains again null and a consequent resent Verification email will not work for the User Verification.




    We apologize for the caused inconvenience and will try to fix the issue with high priority.

     
    As a workaround you can implement a custom Verification logic by modifying the "VerifyAccountEmail" template as explained here in order to redirect the user to a custom verification page and use your own verification codes in order to complete correctly the verification.



    Regards,
    Tsvetomir Nedyalkov
    Telerik
     
    Everlive is now Telerik Backend Services, and is part of the Telerik Platform.
     
  7. Tsvetomir Nedyalkov
    Admin
    Tsvetomir Nedyalkov avatar
    7 posts

    Posted 11 Aug Link to this post

    Hello David,

    We have released the fix for this issue.

    Now when the user updates his email, the user should be able to verify it successfully, using the received email on the new email address.

    In the above case, even if the "IsVerified" property of the User is set to false through the REST API, the VerificationCode will be regenerated and the consequent Verification email will work.

    Regards,
    Tsvetomir Nedyalkov
    Telerik by Progress
     
    Everlive is now Telerik Backend Services, and is part of the Telerik Platform.
     
Back to Top