Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

added email confirmation to the DBAuthMiddleware using phpmailer. #1006

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

added email confirmation to the DBAuthMiddleware using phpmailer. #1006

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
fe42a93
added email confirmation to the DBAuthMiddleware using phpmailer.
Dec 14, 2023
24a3dc6
small change
Dec 14, 2023
0522b6d
fixed missing reference to password column
Dec 15, 2023
d3ce706
added import of SMTP namespace
Dec 15, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 34 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -713,11 +713,16 @@ You can tune the middleware behavior using middleware specific configuration par
- "dbAuth.returnedColumns": The columns returned on successful login, empty means 'all' ("")
- "dbAuth.usernameFormField": The name of the form field that holds the username ("username")
- "dbAuth.passwordFormField": The name of the form field that holds the password ("password")
- "dbAuth.emailFormField": The name of the form field that holds the email ("email")
- "dbAuth.newPasswordFormField": The name of the form field that holds the new password ("newPassword")
- "dbAuth.registerUser": JSON user data (or "1") in case you want the /register endpoint enabled ("")
- "dbAuth.loginAfterRegistration": 1 or zero if registered users should be logged in after registration ("")
- "dbAuth.passwordLength": Minimum length that the password must have ("12")
- "dbAuth.sessionName": The name of the PHP session that is started ("")
- "dbAuth.confirmEmail": zero or 1 if registered users should confirm email after registration ("")
- "dbAuth.emailColumn": The users table column that holds email ("email")
- "dbAuth.tokenColumn": The users table column that holds email confirmation token ("token")
- "dbAuth.confirmedColumn": The users table column knowing if user has confirmed his email address ("confirmed")
- "wpAuth.mode": Set to "optional" if you want to allow anonymous access ("required")
- "wpAuth.wpDirectory": The folder/path where the Wordpress install can be found (".")
- "wpAuth.usernameFormField": The name of the form field that holds the username ("username")
Expand Down Expand Up @@ -820,6 +825,7 @@ The database authentication middleware defines five new routes:
---------------------------------------------------------------------------------------------------
GET /me - - returns the user that is currently logged in
POST /register - username, password - adds a user with given username and password
GET /confirm - token - enables the user if the token matches the one sent to the user's email address
POST /login - username, password - logs a user in by username and password
POST /password - username, password, newPassword - updates the password of the logged in user
POST /logout - - logs out the currently logged in user
Expand All @@ -831,6 +837,33 @@ The passwords are stored as hashes in the password column in the users table. Yo
using the register endpoint, but this functionality must be turned on using the "dbAuth.registerUser"
configuration parameter.

By enabling `dbAuth.confirmEmail` you can send a confirmation email to the user's address and wait
for them to follow the link in order to enable the account. The library used to send the email is
phpmailer, the protocol used is SMTP and some extra configuration is needed.
The database requires three more columns for the users table: email, confirmed, token.

$emailSettings = [
'host' => '',
'username' => '',
'password' => '',
'secure' => 'ssl',
'port' => 465,
'from' => '',
'confirmSubject' => 'Confirmation Email',
'confirmTemplate' => '<p>Dear User,<br>Congratulations!</p> <p>You have successfully registered.<br>In order to validate your email address, please click on the link below:</p><br>'
];

$config = new Config([
...
'dbAuth.confirmEmail' => 1,
'dbAuth.emailSettings' => $emailSettings,
'dbAuth.confirmedColumn' => 'confirmed',
'dbAuth.emailColumn' => 'email',
'dbAuth.tokenColumn' => 'token',
...
]);


It is IMPORTANT to restrict access to the users table using the 'authorization' middleware, otherwise all
users can freely add, modify or delete any account! The minimal configuration is shown below:

Expand Down Expand Up @@ -1435,6 +1468,7 @@ The following errors may be reported:
| 1020 | 409 Conflict | User already exists
| 1021 | 422 Unprocessable entity | Password too short
| 1022 | 422 Unprocessable entity | Username is empty
| 1023 | 403 Forbidden | Email not confirmed
| 9999 | 500 Internal server error | Unknown error

The following JSON structure is used:
Expand Down
Loading