This is a migrated thread and some comments may be shown as answers.

User email verification after email address update

6 Answers 243 Views
General Discussion
This is a migrated thread and some comments may be shown as answers.
This question is locked. New answers and comments are not allowed.
David
Top achievements
Rank 1
David asked on 06 Nov 2014, 10:48 PM
So, after a new user account is created in Backend, a verification email is (can be) sent to the user. That works perfectly.

But what happens when the user changes their email address (and doesn't actually create a new account in Backend, just an update to the account)? I don't believe a new verification email is sent out. Is there any way to have this happen? And if not, any suggestions? Obviously, it's important to verify the new email address.

Thanks,
David

6 Answers, 1 is accepted

Sort by
0
Anton Dobrev
Telerik team
answered on 10 Nov 2014, 03:11 PM
Hi David,

Thank you for your input on this. Unfortunately, this functionality is not supported out of the box in the Backend Services API, but you may want to consider the following approach:

1. Open the Cloud Code for the Users content type.
2. In the beforeUpdate event register a logic that verifies if the update is on the Email field of the user registration. If YES - make an additional call to Users by the Id of this user and set the property IsVerified to false. Note that you need to make the call with a Master Key authentication, e.g. instantiate the Everlive instance with Everlive.Sdk.withMasterKey().
3. Pass to the current context of the beforeUpdate event a variable that contains the state of the user, for example:
context.userChangedEmail = true;

3. In the afterUpdate event, verify the context for change in the email field:
if (context.userChangedEmail) {
 // resend verification email
}

You can read more about this topic in this documentation article. How to make external calls from the Cloud Code is explained here.

Unfortunately, currently our security API does not allow toggling the IsVerified property of a user registration even with a Master Key authentication. This is possible only when calling the verify endpoint described in the article above. We decided that exposing the ability to set this property would be useful in custom verification scenarios. This is expected to be deployed to our Live environment within 24 hours and you should be able to implement the above workflow with no impediments. I will update this thread with the progress on this task.

Let me know if you have questions.

Regards,
Anton Dobrev
Telerik
 
Everlive is now Telerik Backend Services, and is part of the Telerik Platform.
 
0
David
Top achievements
Rank 1
answered on 11 Nov 2014, 10:35 PM
This is perfect, thanks for the explanations. I'll need to dig into it a bit more, but it all makes sense.

Thanks,
David
0
Anton Dobrev
Telerik team
answered on 12 Nov 2014, 09:49 AM
Hello David,

The REST API now supports toggling the "IsVerified" property of the user registration with a master key authorization. You can now proceed with the implementation of this scenario.

Please, let me know if you have further questions.

Regards,
Anton Dobrev
Telerik
 
Everlive is now Telerik Backend Services, and is part of the Telerik Platform.
 
0
David
Top achievements
Rank 1
answered on 07 May 2016, 02:26 PM

Anton,

So it appears after an account is verified, the "VerficationCode" is set to null. I'm able to successfully change isVerified back to false (from true) using the REST API as stated above, but the VerificationCode does not reset from null. If I attempt to manually change the VerificationCode using the REST API, that doesn't seem to work either.

Any advice?

0
Tsvetomir Nedyalkov
Telerik team
answered on 10 May 2016, 01:36 PM
Hello David,

I am sorry to hear that you still are experiencing problems with the User Verification mechanism.




We investigated the issue and unfortunately it seems that there is a bug on our side, which leads to the current incorrect behavior:

1. When the user changes his email, the system does send Verification email to the new email and "IsVerified" is set to false, but the VerificationCode of the user remains null.

2. If the user uses the provided link in the email, the Verification does not succeed due to the not set VerificationCode.

3. Even if the "IsVerified" property of the User is set to false through the REST API, the VerificationCode remains again null and a consequent resent Verification email will not work for the User Verification.




We apologize for the caused inconvenience and will try to fix the issue with high priority.

 
As a workaround you can implement a custom Verification logic by modifying the "VerifyAccountEmail" template as explained here in order to redirect the user to a custom verification page and use your own verification codes in order to complete correctly the verification.



Regards,
Tsvetomir Nedyalkov
Telerik
 
Everlive is now Telerik Backend Services, and is part of the Telerik Platform.
 
0
Tsvetomir Nedyalkov
Telerik team
answered on 11 Aug 2016, 10:00 AM
Hello David,

We have released the fix for this issue.

Now when the user updates his email, the user should be able to verify it successfully, using the received email on the new email address.

In the above case, even if the "IsVerified" property of the User is set to false through the REST API, the VerificationCode will be regenerated and the consequent Verification email will work.

Regards,
Tsvetomir Nedyalkov
Telerik by Progress
 
Everlive is now Telerik Backend Services, and is part of the Telerik Platform.
 
Tags
General Discussion
Asked by
David
Top achievements
Rank 1
Answers by
Anton Dobrev
Telerik team
David
Top achievements
Rank 1
Tsvetomir Nedyalkov
Telerik team
Share this question
or