课程: React: Authentication

The basic email verification process - React.js教程

课程: React: Authentication

开始一个月试用 购买团队方案

The basic email verification process

- [Narrator] At this point in our application, we have a working authentication flow that allows users to both sign up and log into our application. And it also uses JWTs to keep our users logged in and make sure users can only access their own user data. Now, the next thing we're going to look at adding to our application is an email verification flow. You see, at the point that our application is currently at, users can create accounts with any email address that they want, regardless of whether or not they actually own that email address. And this obviously isn't ideal because we need a valid email address to communicate with our users and do things like allow them to reset their password, which we'll look at later in the course. And obviously we don't want users to be able to use each other's emails to create accounts. So what we're going to do is implement our own full stack email verification flow, basically from scratch. But the first thing you might be wondering is how does this whole flow work exactly? Well, just to make sure we're on the same page let's walk through the basic email verification flow step-by-step. Now the email verification process begins when a user creates a new account on our application. At this point, they've entered their email and password and this information will then be sent to the signup end point on our server which creates a new user account and then stores the user's information in MongoDB. We've seen this so far. Now here's where email verification comes in. In addition to the email and password that the user created their account with, our server is going to create a randomly generated verification hash that the user can't see. And this will be used to prove that the user actually has access to that email address. So once we've generated that verification hash, we're going to send an email to the email address that the user provided. This email will contain a link with the verification hash that the user can click and next if the user actually owns that email they'll be able to access this link which will send them to a special page in our application that takes this verification hash and sends it to the server to see if it's the hash that we actually generated for that user. And of course, if it is we're going to show the user a message saying that their email was successfully verified, at which point the user's account will be marked as verified in the database and they'll be able to access all of our application's features. Well, those are the basics of the email verification flow. Obviously there are many different variations of this that we could implement, and if you're familiar with any of those, feel free to implement them yourself. Once we walk through implementing this one here.

内容