Skip to content
This repository has been archived by the owner. It is now read-only.

Move email verification from client to server #4482

Closed
vladikoff opened this issue Nov 30, 2016 · 3 comments
Closed

Move email verification from client to server #4482

vladikoff opened this issue Nov 30, 2016 · 3 comments

Comments

@vladikoff
Copy link
Contributor

@vladikoff vladikoff commented Nov 30, 2016

When a user gets a "verify account" email and navigates to it we should use the fxa-content-server server to perform the verification instead of front-end app.

Here's the current logic "front-end" logic:

verifyCode: withClient((client, uid, code, options) => {

and https://github.com/mozilla/fxa-js-client/blob/746abf79745d9825c1f0f180d15519e1983ca95f/client/FxAccountClient.js#L269

The server should perform the same request as the fxa-js-client request above ^. (use the auth url from config, stored in https://github.com/mozilla/fxa-content-server/blob/master/server/lib/configuration.js#L155 )

Ref: #4476 (comment)

@vladikoff vladikoff changed the title Move account verification from client to server Move email verification from client to server Nov 30, 2016
@shane-tomlinson shane-tomlinson added this to the FxA-0: quality milestone Dec 1, 2016
@vladikoff
Copy link
Contributor Author

@vladikoff vladikoff commented Feb 21, 2017

TODO (first attempt at this):

After:

  • Implement a TIMEOUT value
  • Log verification errors to Sentry...
@shane-tomlinson
Copy link
Member

@shane-tomlinson shane-tomlinson commented Dec 10, 2018

Re-opening since we removed server side verification due to rate-limiting.

@shane-tomlinson
Copy link
Member

@shane-tomlinson shane-tomlinson commented Dec 10, 2018

I can imagine us getting around the rate limiting by using a shared secret between the customs and content servers.

We also have to consider how to handle marketing email-opt ins. A flag is sent to /verify_email when doing client side verification, but AFAICT we lost this with server side verifiation.

@vladikoff vladikoff removed the shipit label Dec 10, 2018
@vladikoff vladikoff removed their assignment Dec 10, 2018
@ghost ghost removed the waffle:backlog label Mar 29, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants