-
-
Notifications
You must be signed in to change notification settings - Fork 100
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
#169: Implemented email verification #222
Conversation
@@ -32,17 +32,29 @@ public function behaviors() | |||
'class' => AccessControl::class, | |||
'rules' => [ | |||
[ | |||
'actions' => ['signup', 'login', 'request-password-reset', 'reset-password', 'auth'], | |||
'actions' => [ | |||
'request-password-reset', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why allow password reset if already logged in?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes. Same as it was before the change. That's fine because you may want to change your password even if you're currently logged in.
controllers/AuthController.php
Outdated
if ($user) { | ||
$user->email_verified = true; | ||
$user->removeEmailVerificationToken(); | ||
if ($user->save()) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
how about making this a method in User
which can not fail on validation of unrelated fields?
$user->verifyEmail();
will set email_verified, remove the token and save(false);
controllers/UserController.php
Outdated
{ | ||
if ($user) { | ||
if (!User::isEmailVerificationTokenValid($user->email_verification_token)) { | ||
$user->generateEmailVerificationToken(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this method should do save() internally, makes code below easier for not checking return value of save().
models/SignupForm.php
Outdated
return $user; | ||
} | ||
|
||
return null; | ||
} | ||
|
||
private function sendEmailVerificationEmail(User $user) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is duplicated with the code from UserController, should be a single method.
$expire = Yii::$app->params['user.emailVerificationTokenExpire']; | ||
$parts = explode('_', $token); | ||
$timestamp = (int) end($parts); | ||
return $timestamp + $expire >= time(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
does that mean you can make a token valid again by manipulating the time?
It is not verified yet. <?= Html::a('Verify', ['user/request-email-verification']) ?>. | ||
<?php endif ?> | ||
</li> | ||
<?php endif ?> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if someone has logged in via oauth there is no need to verify email. This case should be covered.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done adjustments. |
Needed for #169