search

dwyl / time-mvp-node

The most basic version of our Time App possible to start *using* it internally!
https://time-mvp.herokuapp.com
GNU General Public License v2.0
13 stars 2 forks source link

Verify Email Address (Send Link) Before Allowing Sync between devices? #19

Closed nelsonic closed 7 years ago

nelsonic commented 7 years ago

Imagine that someone registers using an email address and then a "bad" person also attempts to register with the same email address, if we automatically show the timers for the email address to the "bad" person, that's lame.

So... We need to send people an email to the address they signed up to, in that email there needs to be a link that the person is required to click (or copy-paste) in order to verify that they own that email address.

When the person clicke the link and comes back to the app, we should encourage them to set a password so they can login again in future and from other devices.

nelsonic commented 7 years ago

Just trying to figure out how to prevent people from spoofing the verification request... My conclusion is that we need a token ...

nelsonic commented 7 years ago

Welcome Email with Verification Link: image

nelsonic commented 7 years ago

Verification link in Production: image