Resend SUSI.AI Account Verification Link

In this blog post, I’ll be telling on how to resend SUSI account verification link via SUSI-server.

Below given is a small code snippet from signup servlet.

String token = createRandomString(30);
			ClientCredential access_token = new ClientCredential(ClientCredential.Type.access_token, token);
			Authentication tokenAuthentication = DAO.getAuthentication(access_token);
			tokenAuthentication.setExpireTime(7 * 24 * 60 * 60);
			tokenAuthentication.put("one_time", true);

This piece of code generates a random string of length 30 characters, which is marked as token against the user who just signed up. Looking closely, the reader will realize that this token will expire after 7*24*60*60 seconds, i.e. 7 days later. As soon as a user signs up, they are registered in authentication file, hence signing up again is not an option in case token expires.

A user not verified will be using this feature, So minimal user role is defined as ANONYMOUS. Clients have to make a request at below given API endpoint to trigger resend verification link with e-mail id of the user as ‘emailid’ GET or POST parameter.

As a first step, server checks if the request contains ‘emailid’ parameter with length  > 0 or if a blank parameter is sent. If any of the 2 is true, server responds with error code 422 and error message “No email id provided!”. Otherwise, a client identity is generated in the following manner.

ClientCredential credential = new ClientCredential(ClientCredential.Type.passwd_login, emailId);
        Authentication authentication = DAO.getAuthentication(credential);
        if (authentication.getIdentity() == null) {
            throw new APIException(422, "Invalid email id. Please Sign up!");

Using the email id received, an object of ClientCredential class is made with credential type as passwd_login which in turn serves as a parameter to get an authentication object. This servlet is particularly for those users who have already signed up but are not verified. This means user email must be present in the database. The authentication object will look back into database and search if user exist or not. If user email id is absent, error code 422 with error message         “Invalid email id. Please Sign up!”. This is how the verification link looks like :{30 characters long token}&validateEmail={user email id}&request_session=true
  • access _token —> access token
  • validateEmail —> email id of the user
  • request_session —> boolean value to request a session

Server in the above similar manner generates client credential object, retrieves an authentication object and marks user as activated. Please look at the code below for better understanding.

if((auth.getIdentity().getName().equals(post.get("validateEmail", null)) && auth.getIdentity().isEmail()) || permissions.getBoolean("activate", false)) { 
//other required tests and conditions 
authentication.put("activated", true);
// JSON object to notify client				
return new ServiceResponse(result);

We will stick to the very basic requirements for this servlet. Next we need to check if user is already verified or not. If yes, throw an error to the client with error message as  “User already verified!”

if (authentication.getBoolean("accepted", false)) {
            throw new APIException(422, "User already verified!");

If all the tests passed, by now server is sure that it is a valid request to resend account verification link. Server finally generates a random string which it marks as the new token for the user, set its new expiry time and an email is sent to user (with support from EmailHandler class )with new token encoded in it.

Additional Resources

  1. Email handler

Site : example code. Example post by anonymous user

  1. How to generate a random string in JAVA

Site : StackOverflow. Post by ꜱᴜʀᴇꜱʜ ᴀᴛᴛᴀ

  1. How to send email through java servlet

Site : Tutorials Point. Post by Tutorials Point