Email based authentication
At several places in the application, emails are sent to the user for authentication.
When registering, an unvalidated user is created in the database and an email containing a validation link (using a nonce) is sent to the provided address. If the link is clicked before the expiration date, then the user account is validated. On the contrary, when the account is not confirmed during a certain timespan, the account is destroyed.
A user may forget their password. In order to regain access to the application, they must request a password change. The legitimacy of the request is checked by sending them an email containing a validation link. Once the validation link is clicked, the password may be chosen freely.
We currently have problems with @free.fr adresses. To change the email used for an account:
- Connect to the prod database
- Retrieve the user id associated to the current email:
select * from users.user where email = '[email protected]';=>id=1234 - Update the values in the DB:
We reinitialize the
update users.user set email = '[email protected]', validation_nonce = null, validation_nonce_expire = null where id = 1234;validation_nonceandvalidation_expirefields that aren't useful anymore (they are filled when one's trying to reinit it's password or after the account creation and are there to validate the modifications).
- 🏠 Home
- 📖 Changelog
- 🛠️ Dev tips
- 🍪 Production Recipes
- 🚀 Deployment
- 👨🎓 Useful informations
- ☠️ Legacy
New forum admin