[make:registration] allow email verification without authentication #776
Conversation
weaverryan
left a comment
weaverryan
left a comment
There was a problem hiding this comment.
Very nice! Only minor comments
src/Resources/skeleton/registration/RegistrationController.tpl.php
Outdated
Show resolved
Hide resolved
src/Resources/skeleton/registration/RegistrationController.tpl.php
Outdated
Show resolved
Hide resolved
src/Maker/MakeRegistrationForm.php
Outdated
|
|
||
| $input->setArgument( | ||
| 'verify-email-with-auth', | ||
| $io->confirm('Do you want to require the user to be authenticated to verify their email?', true) |
There was a problem hiding this comment.
Hmm, I'm trying to think about how a person would understand this... and the wording on it. Maybe we give some extra info before?
To verify their email address, you can either require that users are authenticated when they click
the verification link or allow them to be anonymous (e.g. maybe they click the link on a different
device).
Allow anonymous users to verify their email?
(and default to no)
There was a problem hiding this comment.
think we have this nailed down now
jrushlow
added
Status: Needs Work
weaverryan
force-pushed
the
feature/verify-email-no-auth
branch
from
7f198ee to
ebdb227
Compare
|
Thank you Jesse! |
|
After [make:registration] where I need to change the code to allow email verification without authentication? |
|
@PetarBelberov if you're using the newest version of Maker, which includes this PR, then If you've previously executed this command, adapt the changes from these 2 files into your app:
We also have it documented here: https://github.com/symfonycasts/verify-email-bundle#anonymous-validation Cheers! |
|
@weaverryan, yes, the issue was from the current version I used. I am a lucky guy with this brand new update. Thank you for the help. All the best! |
… his account if we don't want the user to be logged in after the account creation request. So according to weaverryan on the page symfony/maker-bundle#776 : the solution is to redo a symfony make:registration by deleting all files related to registration : src/Controller/RegistrationController.php, src/Form/RegistrationFormType.php, src/Security/EmailVerifier.php, templates/registration/confirmation_email.html.twig, templates/registration/register.html.twig.
3 participants
By passing the user id as an extra query param to
VerifyEmailHelper::generateSignature()- users are able to verify their email address without being authenticated.As a precautionary note, answering
notoDo you want to require the user to be authenticated to verify their email?will allow anyone with the link generated byVerifyEmailHelperto validated that users email address. It should also be advised that answeringnocould possibly leak personally identifiable information in log files if the useridis changed to say, a users email address.