In this blog post, I’ll be telling on how to resend SUSI account verification link via SUSI-server.
Below given is a small code snippet from signup servlet.
This piece of code generates a random string of length 30 characters, which is marked as token against the user who just signed up. Looking closely, the reader will realize that this token will expire after 7*24*60*60 seconds, i.e. 7 days later. As soon as a user signs up, they are registered in authentication file, hence signing up again is not an option in case token expires.
A user not verified will be using this feature, So minimal user role is defined as ANONYMOUS. Clients have to make a request at below given API endpoint to trigger resend verification link with e-mail id of the user as ‘emailid’ GET or POST parameter.
As a first step, server checks if the request contains ‘emailid’ parameter with length > 0 or if a blank parameter is sent. If any of the 2 is true, server responds with error code 422 and error message “No email id provided!”. Otherwise, a client identity is generated in the following manner.
Using the email id received, an object of ClientCredential class is made with credential type as passwd_login which in turn serves as a parameter to get an authentication object. This servlet is particularly for those users who have already signed up but are not verified. This means user email must be present in the database. The authentication object will look back into database and search if user exist or not. If user email id is absent, error code 422 with error message “Invalid email id. Please Sign up!”. This is how the verification link looks like :
- access _token —> access token
- validateEmail —> email id of the user
- request_session —> boolean value to request a session
Server in the above similar manner generates client credential object, retrieves an authentication object and marks user as activated. Please look at the code below for better understanding.
We will stick to the very basic requirements for this servlet. Next we need to check if user is already verified or not. If yes, throw an error to the client with error message as “User already verified!”
If all the tests passed, by now server is sure that it is a valid request to resend account verification link. Server finally generates a random string which it marks as the new token for the user, set its new expiry time and an email is sent to user (with support from EmailHandler class )with new token encoded in it.
Site : example code. Example post by anonymous user
Site : StackOverflow. Post by ꜱᴜʀᴇꜱʜ ᴀᴛᴛᴀ
Site : Tutorials Point. Post by Tutorials Point