[2.0-scala] How to implement an email verification

[edmondo1984]

Dear all,

I need to implement an email verification mechanism in play after after the user has registered on my website.

I am trying to understand what is the best architecture, this is my guess:

- Define a special route for email validation

- When the user register generate a token and save it inside the cache with a token -> user mapping.

- Send an email containing an url which points to the route providing the token as a parameter

- In the special route controller, retrieve the user from the cache using the token, validate the email and store it in the database.

What do you think ?

Best regards

Edmondo

[Johan Andren]

Sounds like a good and simple implementation to me!

[Will Sargent]

Look at https://github.com/yesnault/Play20StartApp or
http://joscha.github.com/play-authenticate/

Will.

On Thu, Aug 16, 2012 at 4:51 PM, Johan Andren <johan....@mejsla.se> wrote:
> Sounds like a good and simple implementation to me!
>

> --
> You received this message because you are subscribed to the Google Groups
> "play-framework" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/play-framework/-/AlwjnAJavcoJ.
>
> To post to this group, send email to play-fr...@googlegroups.com.
> To unsubscribe from this group, send email to
> play-framewor...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/play-framework?hl=en.

[Ike]

I would reconsider storing the token in the cache. The email can take a non-trivial amount of time to be delivered, even more to be opened by the user and by that time you cannot easily guarantee that the token will still be available in the cache. This is usually done by storing the token in the database and then removing it once the email has been validated.

If you need to time limit the validation you can always store a timestamp with the token so you can check it at validation time to see if a threshold has been passed.