Skip to content
This repository has been archived by the owner on Dec 12, 2021. It is now read-only.

[Question] Forced verify email after password sign up #18

Closed
redstrike opened this issue Sep 1, 2015 · 5 comments
Closed

[Question] Forced verify email after password sign up #18

redstrike opened this issue Sep 1, 2015 · 5 comments

Comments

@redstrike
Copy link
Contributor

Does Gitkit has this behaviour built-in on client-side code? Or I have to implement it myself?

After entering the password and finished creating an account, user is redirected to sign_in_success_url, without knowing about verifying email step. So, do we really need to verify email if we use Gitkit's flow?
@redstrike redstrike changed the title [question] Forced verify email after password sign up [Question] Forced verify email after password sign up Sep 1, 2015
@teunis90
Copy link

teunis90 commented Sep 8, 2015

Please file questions at Stack Overflow, this issue tracker should be use to file bugs!

But I'm in a good mood today :) You should implement this yourself.

In the guide you find a PHP example how you can determine if a user is logged in: https://developers.google.com/identity/toolkit/web/quickstart/php

In short call the GitKit client module:

$gitkitClient = Gitkit_Client::createFromFile(dirname(__FILE__) . '/gitkit-server-config.json');
$gitkitUser = $gitkitClient->getUserInRequest();

Check if the user is logged in, if the e-mail is verified. And if not show the verify link

if ($gitkitUser) {
  echo $gitkitUser->getEmail() . "\n";
  echo $gitkitUser->isEmailVerified() . "\n";
  if($gitkitUser->isEmailVerified() == false) {
    echo $gitkitClient->getEmailVerificationLink($gitkitUser->getEmail()) . "\n";
  }
}

@redstrike
Copy link
Contributor Author

I have already known that, but I wonder is it ok if a user is created an account by using password (email is not verified) and I don't want to force my user to verify their email? In other words, does it necessary to do email verification?

@bojeil
Copy link

bojeil commented Sep 14, 2015

It is up to you whether you want to verify an account email or not. You are not forced to. However if you want to, you have to implement it yourself. However the email verification link has to be emailed to the user's email for them to verify it. You want to make sure the user actually owns that email. Once they click on the oob link you emailed, they will be taken to the widget page to complete verification.

@teunis90
Copy link

@bojeil good point. In extension, It's better to encapsulate the OOB link in your own application so that the oob link url match the domain of the outgoing e-mail. Otherwise your e-mail could be marked as spam.

@redstrike
Copy link
Contributor Author

Thank you very much! This is my first time of implementing a user system with 3rd party system, so I did not sure about "what I should and what I should not".

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@redstrike @teunis90 @bojeil