Replies: 1 comment 9 replies
-
If you're not using The following should probably work, though it's probably vulnerable to timing attacks: account_from_verify_account_key do |code|
verification_key = Account::VerificationKey.find_by(code: code)
if verification_key.nil?
verify_account_code_error "Invalid verification code."
elsif verification_key.requested_at <= 24.hours.ago
verify_account_code_error "This verification code has expired."
end
_account_from_id(verification_key.id)
end |
Beta Was this translation helpful? Give feedback.
9 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hey there! I'm in the process of implementing code-based email verification following the discussion here: https://groups.google.com/g/rodauth/c/eBQem6q3Ne0/m/4jsJK7EZAwAJ. This is the rough account registration & verification flow I am trying to create:
1/ User creates a new account via /create-account and user is immediately redirected to /verify-account
2/ Verification email (containing 6 digit verification code) gets sent to user
3/ User enters the code from their email on /verify-account
4/ User is verified and redirected
With the
verify_account_grace_period
feature enabled, the above works as expected so long as the verification is completed within the grace period.However, if the grace period has elapsed, or if
verify_account_grace_period
is disabled (my preference), the following exception occurs after a user enters their verification code:I have a barebones repo set up here to reproduce this: https://github.com/moneill/rodauth-debug (see rodauth_main.rb). My approach is a blend of https://groups.google.com/g/rodauth/c/eBQem6q3Ne0/m/4jsJK7EZAwAJ plus #249 (comment) for redirecting to the originally-requested page.
Any thoughts on what might I might be doing wrong? Appreciate any guidance folks might be able to offer!
Beta Was this translation helpful? Give feedback.
All reactions