vapor-auth-template icon indicating copy to clipboard operation
vapor-auth-template copied to clipboard

Published 20 hours ago verified publisher icon madsodgaard

Email cannot be sent repeatedly, if Email send error

Open VineFiner opened this issue 5 years ago • 5 comments 

  
import Fluent

struct CreateEmailToken: Migration {
    func prepare(on database: Database) -> EventLoopFuture<Void> {
        return database.schema("user_email_tokens")
            .id()
            .field("user_id", .uuid, .required, .references("users", "id", onDelete: .cascade))
            .field("token", .string, .required)
            .field("expires_at", .datetime, .required)
            .unique(on: "user_id")
            .unique(on: "token")
            .create()
    }
    
    func revert(on database: Database) -> EventLoopFuture<Void> {
        return database.schema("user_email_tokens").delete()
    }
}

Should be removed .unique(on: "user_id")

VineFiner avatar May 09 '20 01:05 VineFiner

I think that if the authentication is successful, we should delete all tokens. Because if the verification email fails to be sent, they will never be deleted.

    func delete(_ emailToken: EmailToken) -> EventLoopFuture<Void> {
        return EmailToken.query(on: database)
            .join(User.self, on: \EmailToken.$user.$id == \User.$id)
            .delete()
    }

VineFiner avatar May 09 '20 03:05 VineFiner

Thanks for your input! I am not sure if we want multiple email tokens per user to exist, so I think the unique constraint is fine. However, all previous tokens should be deleted on POST api/auth/email-verification. I'll update the code to include to this

madsodgaard avatar May 09 '20 09:05 madsodgaard

For formal projects, it is appropriate to use Mailgun, but can I use my personal mailbox if tested locally? For example Gmail. I found two libraries.

https://github.com/sersoft-gmbh/SwiftSMTP

https://github.com/Mikroservices/Smtp

VineFiner avatar May 09 '20 09:05 VineFiner

Currently, the example does not have the abstraction for email functionality, PR's are welcome though. Mailgun has a pretty good free tier for testing in my opinion, but you are of course more than welcome to use whatever provider you find fitting.

madsodgaard avatar May 09 '20 09:05 madsodgaard

In my opinion there could be cases where users could verify more than one email. I never bothered deleting my email verification tokens and used them to note the verification date. Fwiw.

Sent from my iPhone

On May 9, 2020, at 4:01 AM, Mads Odgaard [email protected] wrote:

 Thanks for your input! I am not sure if we want multiple email tokens per user to exist, so I think the unique constraint is fine. However, all previous tokens should be deleted on POST api/auth/email-verification

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe.

jhoughjr avatar May 09 '20 15:05 jhoughjr