-
Notifications
You must be signed in to change notification settings - Fork 209
Custom confirm logic
Robert Brennan edited this page Oct 2, 2019
·
3 revisions
By default, if you enable the confirm
package, Authboss won't let users log in at all until their email is confirmed. If you want to show a page that says something like a confirmation email has been sent to [email protected]
, you'll need to implement some custom logic. In the examples below, we've created that page at /check-confirmation
.
- Don't use the confirm middleware
- Change your
User
implementation to always returntrue
forGetConfirmed()
, and create aGetActuallyConfirmed()
function - Implement your own confirm middleware. Something like:
// GetUserAuthMiddleware ensures a user is logged in
func GetUserAuthMiddleware(auth *authboss.Authboss) func(http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
user, err := auth.CurrentUser(r)
if err != nil {
handleNotAuthorized(w, r)
return
} else if !user.(*database.User).GetActuallyConfirmed() {
http.Redirect(w, r, "/check-confirmation", 307)
return
}
next.ServeHTTP(w, r)
})
}
}
- (optional) create middleware that requires a user to be registered, but not confirmed
// GetUserAuthUnconfirmedMiddleware allows users to access a page even if they have not confirmed their email
func GetUserAuthUnconfirmedMiddleware(auth *authboss.Authboss) func(http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
user, err := auth.CurrentUser(r)
if err != nil {
handleNotAuthorized(w, r)
return
}
next.ServeHTTP(w, r)
})
}
}
- Register an event to log the user in after registration. Usually AB does this automatically, but not if the confirm module is enabled.
ab.Events.After(authboss.EventRegister, func(w http.ResponseWriter, r *http.Request, handled bool) (bool, error) {
// Authboss won't log the user in post-registration if the confirm package is enabled.
// We do it manually here so we can display a helpful message with their email address.
user, err := ab.CurrentUser(r)
if err != nil {
logrus.Errorf("Error while logging in user in after registration: %v", err)
return handled, err
}
authboss.PutSession(w, authboss.SessionKey, user.GetPID())
logrus.Infof("Manually logged user %s in after registration", user.GetPID())
http.Redirect(w, r, "/check-confirmation", 307)
return handled, nil
})
- (optional) implement confirmation resend
confirmer := confirm.Confirm{Authboss: auth}
router.HandleFunc("/resend-confirmation", func(w http.ResponseWriter, r *http.Request) {
user := serverutil.GetUser(r)
confirmer.StartConfirmation(r.Context(), user, true)
/* render HTML page saying an email has been sent */
})