Skip to content
This repository has been archived by the owner on Mar 8, 2018. It is now read-only.

Added Email Verification with Social Sign Up

Jump to bottom
Geert-Jan Brits edited this page Nov 24, 2013 · 4 revisions

There is an app config setting app.set('require-account-verification', true|false); that when set to true requires users to verify their email addresses before they are granted access to /account/. By default, even if you have the require-account-verification set to true and a user signs up using a social profile like Twitter, GitHub or Facebook, we skip email address verification. Using a social profile is a type of verification on it's own.

Our GitHub friend @gebrits thought it would be good for his project such that when a user signs up with a social provider and uses a different email address than the social account provided, that the email address should be verified. He was nice enough to share his code for this feature. It's also a great example of how easy it is to customize your system.

Step 1

Update app.js with a new config variable.

...
app.set('require-unknown-email-verification', true|false);
...

Step 2

Create a helper function in /views/signup/index.js that assists us in getting the email address provided by the social account. In our case we just stick this at the top of the file under the 'use strict'; statement.

//return email potentially set by social provider
//currently only github supplies this.
var getEmailVerifiedBySocialProvider = function(socialProfile){
  if( socialProfile.provider === 'github' ){
    return socialProfile.emails[0].value;
  }
};

Step 3

Modify the workflow createAccount event in the exports.signupSocial method to figure out if the email address from the social provider is different from the one the user provided and toggle the email verification setting accordingly.

workflow.on('createAccount', function() {
  var emailEntered = req.body.email.toLowerCase().trim(),
    emailVerifiedBySocial = (getEmailVerifiedBySocialProvider(req.session.socialProfile) || '').toLowerCase().trim();
    
  //check to see if we need to verify email address
  var verifyEmailBool =  req.app.get('require-account-verification') &&
    req.app.get('require-unknown-email-verification') &&
    emailEntered !== emailVerifiedBySocial;
    
  var nameParts = req.session.socialProfile.displayName.split(' ');
  var fieldsToSet = {
    isVerified: verifyEmailBool ? 'no' : 'yes',
    'name.first': nameParts[0],
    'name.last': nameParts[1] || '',
    'name.full': req.session.socialProfile.displayName,
    user: {
      id: workflow.user._id,
      name: workflow.user.username
    },
    search: [
      nameParts[0],
      nameParts[1] || ''
    ]
  };
  req.app.db.models.Account.create(fieldsToSet, function(err, account) {
    if (err) {
      return workflow.emit('exception', err);
    }
    
    //update user with account
    workflow.user.roles.account = account._id;
    workflow.user.save(function(err, user) {
      if (err) {
        return workflow.emit('exception', err);
      }
      
      workflow.emit('sendWelcomeEmail');
    });
  });
});

And that's it. Now the built-in account email verification will only kick-in if the user supplies an email that wasn't confirmed by their social profile.

Use the Force

We hope this was helpful. If you have questions or think this page should be expanded please contribute by opening an issue or updating this page.

Clone this wiki locally