Add email verification and password reset to dbAuth

[faFrafa]

Hi, in the dbAuth middleware, do you think it would be possible to add the email verification and password reset process? Before a user is effectively registered, he must click on the confirmation email sent through the signup. Similarly, when he needs to reset the password, he receives an email with the reset link to set a new password.

This would not only complete the dbAuth middleware, but would also allow to grant the registration process to specific email domains (eg, only @this.org and @that.org users can register).

The config would need the following parameters:

• smtp server and port (to send both verification and password reset emails)
• email address column (like the username column parameter)
• default template for the email subject and body

Unfortunately I have very little PHP knowledge to do it on my own. I hope it's doable. Otherwise, I would really appreciate any suggestion on how to achieve this, even with a different tiny library, integrated with php-crud-api's registration and session management.

Cheers, Fausto

[mevdschee]

in the dbAuth middleware, do you think it would be possible to add the email verification and password reset process?

Certainly possible and an important feature, but quite a lot of code. I'm marking it an enhancement for picking it up later.

[KoljaL]

smtp server and port (to send both verification and password reset emails)

Why not use the mail() function of PHP?

[nik2208]

I've quite struggled with php mail function, ended up using phpmailer instead

[NorthFred]

@nik2208 Do you have an example how the "password reset" can be implemented?

[nik2208]

@NorthFred what do u mean? there's already the password endpoint (different from register)

[NorthFred]

@nik2208 I was referring to the OP's topic of resetting the password in case the user doesn't remember it (e.g. password reset link...). Did you make this work with phpmailer?

[nik2208]

actually I meant, instead of mail() as suggested by Kolial I used phpmailer. I didn use it to send password reset instructions, I just said I had troubles making mail() work.

there much out there explaining how to use phpmailer. reguarding the implementation, I've created an endpoint which actually send the email and called it from the fronted when needed

[NorthFred]

@nik2208 Right, thanks for clarifying. I misunderstood your reply. I'll do some more research on topic for password reset implementation.

[nik2208]

what kind of help do u need?

[NorthFred]

@nik2208 Well, I'm using the 'dbAuth' middleware of this awesome library for login, logout, registration (signup) and password change. What I am missing is a way to let the user reset their password if they don't remember their login details - i.e. they can no longer log in. A typical approach to resolve this, is having the back-end send a "password reset" link, via which the user can access a form to reset the password.

I'm more of a front-end (Angular) person than a back-end dev, so any help is greatly appreciated!

[nik2208]

@NorthFred have a look here. It's actually pretty advanced angular. I've taken it as an example to implement my auth provider (using php-crud-api with dbAuth authentication) redirecting to my apps on successful login (using php-crud-api in jwt auth mode).

[aleppax]

This is an enhancement that I needed, but there are some considerations about using phpmailer and doubling the filesize of api.php. I've tried to do it anyway and requiring the files inside the namespace. Don't know if it is correct, I'm not experienced.

1006

Password reset is not yet implemented, but could be done using the same principle, via a confirmation email.

[apps-caraga]

I know this is an old topic, just sharing some thoughts on this. Essentially, the PHP-CRUD-API works as it is. Now for emailing, integrating phpmailer seems to add unnecessary bloat and the library would become a REST + Email API.

Anyway, my idea is for the library to have some kind of event that can trigger async actions, thus enabling suppport for event-driven architecture. For example, upon successful registration, a USER_CREATED event will be emitted and an action such as sending activation email can be triggered and handled by a separate email sending API.