How to do an email check/confirmation/validation with Phoenix?

Just want to add, because you said that you are rather new to the programming world…

The basic flow of confirming email address is as follows:

  1. User registered into your app

  2. Your app inserts the user into the DB (perhaps table accounts or something) with a verified field set to false or 0

  3. Your app generates a verify token (usually some random string), and

  • inserts it into a database (another table, such as verify_tokens) and the associated user ID

  • constructs a verify link with the token and send it to the user (might also want to include the user ID in it)

  1. The user receives the email and clicks on the link

  2. In the handler, your app will:

  • check the request params and look up for a verify token belonging to the user ID in the DB and

  • if found, update the verified field of your user on table accounts

I hope that makes sense!

12 Likes

I will recommend email_checker. It’s quite straightforward to use.

That one is very hard to proof… Double-Opt-In does only prrof that the person registering also has at least reading access to the given email account.

This only ensures that the e-mail is valid and exists, right? It doesn’t proof that the person registering is the owner of the email account.

Still narrows down a lot, though :grin:

I wouldn’t put short-lived data into a database, I would store it either in a process or an ets table with some kind of time-to-llive, probably Process.send_after(self(), {:clean, verify_token}, @ttl).

2 Likes

Indeed! I still need to remind myself to think in Elixir sometimes.

1 Like

Haven’t reached that part of the book yet :p. Isn’t there some package to handle that confirmation flow?

1 Like

I don’t know if there is a package for it, but I can try and outline the code needed for this flow if you want. It’s not that difficult …

1 Like

If you don’t mind. Thanks!
I only scratched the surface of processes yet.

https://github.com/idi-ot/mailer

I’ll refactor it later though. If you have any questions, I’m happy to answer.

It’s just a stock phoenix 1.3 app right now.

The important bits are:

EDIT: Refactored it a little. Now it’s an umbrella project. Need to put send_verification into ecto multi.

2 Likes

I’d definitely put it in the database! They may not get around to checking their email soon and the server could restart before then! o.O

8 Likes

For the record, here’s how I’ve done it.

To send emails, I used the mailgun package. The setup is described in the phoenix docs section “Sending Email with Mailgun

To add the confirmation logic, I started a new phoenix application with phauxth (with mix phauxth.new --confirm), which is the openmaize library for Phoenix 1.3, just to see the code and to test it. Then I installed the phauxth package to my ongoing project and replicated the code needed just for the confirmation flow.

Thank you all for all the help!

I’d do it the same way as Bobby :023:

I would also include the user-id in the params, and retrieve the record based on that (then check the verify token to confirm or deny) as usually the user_id field will be indexed (resulting in much faster retrieval).

2 Likes

Dockyard (@alexgaribay :tada:) has recently published a guide on how to do email verification. It’s similar to the basic flow I stated above, but with leveraging Phoenix.Token as a unique token generator and expiry checking, making it unnecessary to store the token in the DB. I think that’s a really neat and lean approach!

6 Likes

A post was split to a new topic: Adding an Email Verification Flow With Phoenix

constructs a verify link with the token and send it to the user (might also want to include the user ID in it)

Are there any tutorials on how to constructs a verify link?


Here I was trying to constructs one, but still can’t figure out completely yet.

Hi @sawthinkar, the DockYard tutorial article that I shared just above your post outlines how the typical email verification with Phoenix goes (including verify link generation). There’s also a thread about it in this forum:

Do you have any problems in following them?

1 Like

I got a bit confused on Path Helpers. I was trying to construct the link in html.eex file. It wasn’t properly setup so was getting endpoint errors. I got it now. Thanks! :grin:

Email checkers would be fine for the beginners.

1 Like