Support for optional account verification

Question

Support for optional account verification

Closed this issue 3 years ago · 9 comments

Is there a way to got configurable option for allowing users with not approved account to log in? In my application e-mail confirmation isn't mandatory, but possible and adding more functionality for the users.

Answer 1 · 2015-02-27T15:14:02.000Z

You should be able to override the login logic to support your use-case.

Answer 2 · 2015-02-27T19:41:35.000Z

Yes, your extension is greatly configurable right now and thats what I've actually done. Just thought it will be good to have this feature in stock. Second project I've got where e-mail is not needed to activate account, but should be checked anyway to connect to it.
Thinking about adding extra boolean for this: email_confirmed.

Answer 3 · 2015-02-28T08:14:11.000Z

The whole idea behind this extension was to allow you to use it for any application. I'd like to keep the number of features to a minimum, while leaving room for implementing any use-case you might have.

If you find something hard to implement, we'd love to hear about it. We don't want developers abandoning the extension because they are unable to implement, e.g. their authentication flow.

That said, the main focus of this extension is account security so anything we can do to make it more secure by default we will certainly consider implementing into the extension itself.

Answer 4 · 2015-02-28T08:20:04.000Z

What we usually end up doing is using a different identity class (Account model) that may contain additional columns. Often that's the only thing we need to override, everything else can pretty much be done through configuration.

Answer 5 · 2015-02-28T08:24:56.000Z

Actually what you could do is to use add a new status STATUS_VERIFIED = 2 for your Account model and disabled the whole account activation process. I think we should keep the account activation and verification separate. I'll give the verification part some thought, maybe we can support it out of the box as a separate feature.

Answer 6 · 2015-02-28T09:30:23.000Z

Thanks a lot! Additional status should be enough.

Answer 7 · 2015-02-28T09:54:32.000Z

Just an additional idea.
If user has written not his\her email there should be link in recipients e-mail I haven't initiated a sign up to delete account.
This feature could be useful for current behavior with activation e-mails too.

Answer 8 · 2015-02-28T11:16:25.000Z

That's also a good idea, we should create a separate issue for that.

Answer 9 · 2022-03-30T09:49:15.000Z

Closing and archiving repo.