Would this be an OK way to implement email verification?1) Upon user registration, the user is created in the database with a field "verified" set to value "false". Another field "confKey" with a random string/hash as the value is also created in the user model.2) A message containing a link to an endpoint for email verification is sent to the user's email address3) That link contains a param which is the same random string/hash as the "confKey" in that user's data in the db.4) The endpoint compares the param to confKey and if they are equal, sets "verified" to "true".5) Endpoints that require a verified email check that "verified" is true before executing.Does this logic make sense? Anything I'm missing here? Security vulnerabilities doing it this way?
Submitted November 17, 2018 at 05:45AM by ibrahimpg
No comments:
Post a Comment