从用户电子邮件创建哈希/令牌以进行电子邮件验证 [英] Creating hash/token from user email for email-verification
问题描述
任何人都可以帮助我回答如何从用户输入(电子邮件地址)创建安全令牌(或哈希).我想制作一个用于注册的电子邮件验证系统.
Can anyone help me out with an answer to what to use for creating a security token (or hash) from a user input (email address). I'd like to make an email verification system for registration.
- 用户使用电子邮件地址和密码进行注册
- 我想创建一个唯一的 URL 并将其发送给用户(因此提出问题)
- 我将这些(安全)存储在临时表中
- 用户通过发送的 URL 验证自己
我的问题是这个 URL 应该是什么样子.我想我应该通过将电子邮件地址编码到其中,将 url 保存到临时表来使其独一无二,当用户打开链接时,我会比较两者.如果匹配,我会将凭据移动到真实表中.
My question is how this URL should look like. I think I should make it unique by encoding the email address into it, saving the url to the temp-table and when the user opens the link I would compare the two. If match, I would move the credentials to the real table.
你有关于这个主题的任何好的资源.我在后端有 nodejs.谢谢
Do you have any good resource about this topic. I have nodejs on the backend. Thanks
推荐答案
我觉得你的方法也对.我已经使用 Express (REST API) 中的类似方法完成了电子邮件验证.我使用 JSON 网络令牌(jwt-simple 包)对 email_id、user_id 和 expiry_date(用于检查发送到用户注册电子邮件地址的链接的有效性)进行编码.
I think your method is also correct. I have done email verification using a similar method in Express (REST API) . I have used JSON web token (jwt-simple package) to encode email_id, user_id and expiry_date (which is used to check the validity of link that is sent on user's registered email address).
然后将此编码数据附加到链接示例:http://your_backend_server_link/verifyEmail/1234567890afshgdf..
Then append this encoded data to link Example : http://your_backend_server_link/verifyEmail/1234567890afshgdf..
router.post('/AddUser', function(req, res, next) {
var user = new User();
user.name = req.body.name;
user.email = req.body.email;
user.is_verified = false;
user.save(function(err,user){
if(err){
console.log(err);
res.json(err);
} else{
console.log("User data saved");
var transport = mailer.createTransport({
service : "Gmail",
auth : {
user : config.central_email,
pass : config.central_email_password
}
});
// tommorow's date
var info = {};
info.user = user;
info.expiry = new Date(new Date().getTime() + 24 * 60 * 60 * 1000);
var token = jwt.encode(info,config.secret);
console.log("http://localhost:3000/verifyEmail/" + token);
var mailOptions = {
from : "TEST<noreply@vysly.com>",
to : user.email,
subject : "Welcome to TEST",
text : 'Visit this http://localhost:3000/verifyEmail/'+token,
html : '<a href="http://localhost:3000/verifyEmail/'+token+'"><H2>Click on this</H2></a>'
}
transport.sendMail(mailOptions,function(email_err,email_data){
if(email_err){
console.log(email_err);
res.json(email_err);
}else{
console.log("Email is Sent");
res.json({result : 1});
}
});
}
});
});
当用户点击此链接时,从 URL 获取令牌并对其进行解码.通过将到期日期与服务器的当前日期进行比较来检查链接的有效性
When user clicks on this link, get token from URL and decode it. Check for expiry_date by comparing it with the current date of server for the validity of link
router.get('/verifyEmail/:token',function(req,res){
var token = req.params.token;
var data = jwt.decode(token,config.secret);
console.log(new Date(data.expiry));
console.log(new Date());
if(new Date(data.expiry) > new Date()){
User.findOne({ _id : data.user._id, name : data.user.name })
.exec(function(err,user){
if(err){
console.log(err);
res.json(err);
}else if(!user){
console.log("User not found");
res.json({error : "User not found"});
}else{
console.log("User found");
user.is_verified = true;
user.save(function(update_err,update_data){
if(update_err){
console.log(update_err);
res.json(update_err);
}else{
console.log("Email is verified of user "+update_data._id);
res.json({result : 1});
}
});
}
});
}else{
console.log("Link is expired");
res.json({error : "Link is expired"});
}
});
这篇关于从用户电子邮件创建哈希/令牌以进行电子邮件验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!