json only verify_account mail link workaround

145 views
Skip to first unread message

Симеон Ангелов

unread,
Aug 8, 2018, 4:15:28 AM8/8/18
to Rodauth
Hi, is there any workaround for this ? Everything is working ok when make post request to verify account but it gonna be great if users can verify accounts from mail.

Thanks,
Simeon

Jeremy Evans

unread,
Aug 8, 2018, 9:42:49 AM8/8/18
to Rodauth
On Wednesday, August 8, 2018 at 1:15:28 AM UTC-7, Симеон Ангелов wrote:
Hi, is there any workaround for this ? Everything is working ok when make post request to verify account but it gonna be great if users can verify accounts from mail.


If you use :json=>:only, then Rodauth doesn't create HTML pages where you can send the user.  In that case you are responsible for handling the situation.  One way to do so:

    verify_account_email_link do
      token_link('/some/verify/path', verify_account_key_param, verify_account_key_value)
    end

Where /some/verify/path is a page in the application where you will be handling this, presumably by issuing a JSON request to Rodauth.

Thanks,
Jeremy

Симеон Ангелов

unread,
Aug 8, 2018, 10:20:58 AM8/8/18
to Rodauth
I hope i'm understand correctly (pretty sure i don't). Something like this:

  plugin :rodauth, json: :only do
    enable  :create_account,
            :verify_account,
            :login,
            :logout,
            :change_password,
            :reset_password,
            :lockout,
            :disallow_common_passwords,
            :password_complexity,
            :jwt 

    verify_account_email_link do
      token_link(:verify_account, verify_account_key_param, verify_account_key_value)
    end
  end

  route do |r|
    r.multi_route
    r.rodauth

    r.is :verify_account do
      params = {key: r.params["key"]}
      json_headers = {
        "Content-Type" => "application/json",
        "Accept" => "application/json"
      }

      uri = URI.parse(r.base_url + '/verify-account')
      http = Net::HTTP.new(uri.host, uri.port)

      response = http.post(uri.path, params.to_json, json_headers)
      response.body
    end
  end


Jeremy Evans

unread,
Aug 8, 2018, 10:31:52 AM8/8/18
to Rodauth
On Wednesday, August 8, 2018 at 7:20:58 AM UTC-7, Симеон Ангелов wrote:
I hope i'm understand correctly (pretty sure i don't). Something like this:

  plugin :rodauth, json: :only do
    enable  :create_account,
            :verify_account,
            :login,
            :logout,
            :change_password,
            :reset_password,
            :lockout,
            :disallow_common_passwords,
            :password_complexity,
            :jwt 

    verify_account_email_link do
      token_link(:verify_account, verify_account_key_param, verify_account_key_value)

token_link('my-verify', verify_account_key_param, verify_account_key_value)
 
    end
  end

  route do |r|
    r.multi_route
    r.rodauth

    r.is :verify_account do

r.get 'my-verify' do
 
      params = {key: r.params["key"]}
      json_headers = {
        "Content-Type" => "application/json",
        "Accept" => "application/json"
      }

      uri = URI.parse(r.base_url + '/verify-account')
      http = Net::HTTP.new(uri.host, uri.port)

      response = http.post(uri.path, params.to_json, json_headers)
      response.body
    end
  end


Converting GET to POST directly is probably a bad idea.  You want to display some HTML page with a form the user needs to submit, and that form submission should do the POST (I'm guessing using an ajax request if you are in json-only mode).

Thanks,
Jeremy
 

Симеон Ангелов

unread,
Aug 8, 2018, 11:01:36 AM8/8/18
to Rodauth
Forgot to mention that i use plugin :render for proper handling the mail send after account was created. Your suggestion is to make some view in front end part, with form which gonna point to /verify-account and do the POST?

Jeremy Evans

unread,
Aug 8, 2018, 11:47:54 AM8/8/18
to Rodauth
On Wednesday, August 8, 2018 at 8:01:36 AM UTC-7, Симеон Ангелов wrote:
Forgot to mention that i use plugin :render for proper handling the mail send after account was created. Your suggestion is to make some view in front end part, with form which gonna point to /verify-account and do the POST?

In non json: :only mode, that is how Rodauth works.  The link takes the user to a web page, and they can click a button to do the verification.  You don't want to verify directly from the link, as that performs a GET request and verification is a non-idempotent action.

If you want Rodauth to handle displaying the HTML to the user for you, then don't use json: :only. You can use json: true to still allow the JSON parts to work, but also support the HTML interface.  If you really only want to allow the HTML interface for verification, you can filter requests (either in the Roda routing tree before calling r.rodauth or using the before_rodauth configuration method).

If you want to use Rodauth in json: :only mode, you can, but you need to send the user to some webpage and have that webpage perform the verification.

This situation is not limited to account verification, it will affect similar things that use email such as password resets and account unlocks.

Thanks,
Jeremy

Симеон Ангелов

unread,
Aug 9, 2018, 11:45:24 AM8/9/18
to Rodauth
Thank you Jeremy, i will do like you said, mail will send user to some web page which will perform verification.
Want to thank you for awesome Roda and Rodauth. It is pleasure for me to work with this frameworks everything is clear and simple.

Wish you good day.

Thanks,
Simeon
Reply all
Reply to author
Forward
0 new messages