Sylius: [UserBundle] Improve register with email confirmation

Created on 16 Oct 2015  路  6Comments  路  Source: Sylius/Sylius

Hi everyone!.

I wanna know your opinion about implementing email confirmation considering this:

  • On customer.pre_create event, the user must be disabled and a confirmation token should be generated (use the same field used in password request).
  • The confirmation email must contains a link to a new confirmAction which use the confirmation token as parameter, the action validate the token and enable the user and set the confirmationToken to null.
  • The ConfirmAction should redirect to login if the token is valid and dispatch pre_confirm and post_confirm events.
  • As the user is created with disabled state, the AutoLoginListener is no longer works, so should be deleted.
  • The prepareResetPasswordRequest method on the UserController must verify the status of the user for prevent the execution when the user is disabled (show the flash message sylius.user.email.not_exist for example)
Feature RFC
Source
picture gperdomor

Most helpful comment

The email verification feature is already merged (see #5029), so now this feature should be easy to add.

We don't plan to implement this feature soon, but if anyone from community is willing to work on it, we will be happy to help 馃槈

picture michalmarcinkowski on 19 Jul 2016
👍2

All 6 comments

Actually, I'd like to have this toggleable. So basically being able to easily enable/disable the listeners responsible for autologin and confirmation token generation/email + disabling user. Just like FOSUserBundle is doing it, IIRC. Thoughts?

pjedrzejewski picture pjedrzejewski on 19 Oct 2015

Any progress here? or defined workflow for this?

gperdomor picture gperdomor on 12 May 2016

Currently we're implementing email verification. The workflow is the following:

  1. Register and autologin - the user is able to login but his email is not verified
  2. Send email with email confirmation link
  3. Visit confirmation link (your email will be verified)

And also a possibility to resend confirmation email.

  1. [Logged in user] Go to my account profile -> click "resend confirmation email" link
  2. [Not logged in user] Go to resend confirmation email page -> fill in your email -> press "Resend" button (same as request password reset)

I would suggest to wait for this functionality and then we can add configurable option to disable user account at default and enable it after verification. It will only require to disable autologin listener, disable UserRegistrationFormSubscriber which enables user on registration form submit and enable user after the verification.

michalmarcinkowski picture michalmarcinkowski on 12 May 2016

@michalmarcinkowski 馃憤 ... I will wait then :D

gperdomor picture gperdomor on 13 May 2016
👍1

@michalmarcinkowski do you have any news about this feature? At what stage it is now?

krafas picture krafas on 19 Jul 2016

The email verification feature is already merged (see #5029), so now this feature should be easy to add.

We don't plan to implement this feature soon, but if anyone from community is willing to work on it, we will be happy to help 馃槈

michalmarcinkowski picture michalmarcinkowski on 19 Jul 2016
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

crbelaus picture crbelaus  路  3Comments
reyostallenberg picture reyostallenberg  路  3Comments
mikemix picture mikemix  路  3Comments
mezoni picture mezoni  路  3Comments
tchapi picture tchapi  路  3Comments