Implement an improved registration flow for users signing up with an email address and password.
Begin by collecting the user's email information.
Send a confirmation email containing a verification code to the user's email address in the background.
Only once the user has entered the correct verification code should they be allowed to proceed with the registration process.
Motivation
Security: Increases account security by verifying that the user has control over the email address they are registering with.
Spam Reduction: Helps prevent spam accounts by adding an additional step that automated bots would find difficult to bypass.
User Trust: Builds trust with the user base by showcasing a commitment to protecting their identity and credentials.
Compliance: Ensures compliance with industry standards for user authentication and account creation.
Use Cases
Use Case 1: A new user wants to register for the service. They would receive immediate feedback via email to confirm their intent to create a new account.
Use Case 2: An existing user with a new email address wants to update their account details and needs to verify the new email.
Use Case 3: Reducing fake account creation through automated scripts by requiring email validation.
Expected Behavior
The user is prompted to enter their email address during the initial registration phase.
Upon submission, an automated email with a unique verification code is sent to the provided email.
The user is instructed to check their email and enter the verification code on the website to proceed.
The registration process only continues after the correct code has been submitted, ensuring the user's email address is valid.
Suggestions/Ideas (Optional)
Double-Opt-In: Implement a double opt-in process where the user must verify their email before and after the account is created.
Rate Limiting: Set a rate limit on how many times the confirmation email can be sent to prevent abuse.
Multi-Language Support: Ensure that the confirmation email is localized based on the user's preferred language or location.
Use params to set the current view in the process.
/signup: Home view contains the buttons to How to Register (google, LinkedIn, passwords)
/signup/email: Get the user's email and send the verification code.
/signup/email-verification: Input for the code sent to their email.
/signup/profile: To get the user's information
Check token
We sent the user a link that contains a token as qParam. This token is a UUID that is assigned to the authEntity.
Get the code on the client side and send it to the server to check it.
The server filters the authEntity with this token and gets the user's email.
Respond with a token to set the user's credentials. Use the email
Code
The user inputs the code in the client, and the response from the server should contain the user's token to authenticate them.
in the server, the authEntity should be taken using the email. If there is not an authEntity in the server that is not verified and has the given email, respond with Not Found
If the user hits the resend btn, implement a logic to limit the request by a given time. An email can only be sent every 3 mins or something like that.
Description
Motivation
Use Cases
Expected Behavior
Suggestions/Ideas (Optional)
References (Optional)
Current tasks
Check token
authEntity.authEntitywith this token and gets the user's email.Code
Not Found