Re-send confirmation request

[steinitzu]

Very nice library! Been a breeze to integrate into my Slim3 app.

I wanted to discuss the possibility of re-sending an email confirmation request on demand after registration.
Case being where confirmation link is lost or expired before the user clicks it. In which case the user is stuck in limbo as far as I can tell.

It looks to me that this would mostly be a matter of making createConfirmationRequest public.
A DB DELETE query could also be issued on every call by default to invalidate any previous confirmation tokens for given email so that only the latest one is valid.

Are there any potential issues with this that I'm overlooking?

Best
Steini

[ocram]

Thanks for your appreciation!

Everything you said was correct and this is definitely a missing feature that we must add. I'd even say this should have the highest priority, since undelivered emails can be quite frequent depending on how you sent your emails, and inattentive users will cause problems, anyway.

Regarding the implementation, I wouldn't make that method public but instead create a simple wrapper. This gives us two advantages: The new wrapper can have a meaningful name like resendConfirmation and we can do some additional database queries in the wrapper. First, we could check that the last request has been a while ago, i.e. you shouldn't be able to request a new confirmation just ten minutes after the first one. Second, as you said, we should invalidate the old request.

Thanks for the hint, this is absolutely needed!

[steinitzu]

That sounds great!
Rate limiting would definitely be needed too, should be configurable in some way. Maybe just by passing a min number of seconds that should have passed to resendConfirmation.

[ocram]

Implemented in:

• b7a47fc
• d86d7ff
• 2839743
• 381e05f
• 0bbf9d3
• f83ac96
• c9a4e28
• 27adc9f
• b3d37ad

This is available in a new major version, v6.0.0, which comes with a few breaking changes. For a guide on how to upgrade, please see the migration notes in Migration.md.