- Issue created by @lostcarpark
- 🇮🇪Ireland lostcarpark
I have created the Verifier service.
The basic functionality to send the verify email, and create and log in users now exists.
Some test cases are still required.
- 🇮🇪Ireland lostcarpark
Edited issue as the way I thought it would be implemented turned out not to be practical.
- 🇮🇪Ireland lostcarpark
I was worried about the link being vulnerable to brute force attacks, so I added a second "secret" parameter to the route, and generate a random of string of characters. This is stored in in TempStore, and must match when the link is clicked.
I have added the following test cases:
- Test that entering a valid email address submits the form and displays a message
- Test an invalid link (not stored in TempStore) does not log in
- Test a link with incorrect secret does not log in
- Test an expired link does not log in, but does redirect to verify form and ask to reenter email
- Test a valid link does log in and redirects to the destination page
-
lostcarpark →
committed a5477056 on 1.0.x
Resolve #3515644 "Create service for"
-
lostcarpark →
committed a5477056 on 1.0.x
Automatically closed - issue fixed for 2 weeks with no activity.