Account Verification

This section applies to Rebar only.

Introduction

The unit allows to verify that the E-Mail and phone numbers specified by the user really belong to the user. This is done by sending a message to the specified E-Mail and phone number (as SMS) asking to click on a link. The link contains long, unique and randomized key that will only be known to the recipient of the message and will be used to authenticate the ownership.

Account Creation

When an account is created, it is possible to configure Rebar to require E-Mail as account identifier, in which case it is automatically populated in the E-Mail field. Alternatively, the user can specify E-Mail as well as phone number on the profile screen:

Account Profile Settings

When the E-Mail address is first entered in the profile, or is subsequently changed, an E-Mail message is sent to that address asking the owner of the address to confirm their identity. They can do this by clicking on a link with a long, unique semi random ID:

Email Verification Email

When the owner of the E-Mail clicks on the link they will be taken to a confirmation screen:

Email Verification Screen

The screen is based on a template, which is configurable. The default screen allows the user to proceed to the application.

When a phone number is entered to the user profile, or modified, a text message is sent to that number asking to verify:

Once the user clicks on the message they are taken to a confirmation screen, also driven by a configurable template. The default template allows the user to proceed to using the application:

Within the Rebar application, there is a screen with a list of the verified accounts:

Details about an E-Mail verification are available from that list:

Email Verification Details

Details about a phone verification are available from that list:

Settings

The requirements for account name and password are specified in /configuration/units/urb-account-management/accountNameAndPasswordRequirements.js. The settings are:

Setting Description
AutoVerifyPhone Boolean that indicates if phones entered in the user profile should be verified.
AutoVerifyEmail Boolean that indicates if emails entered in the user profile should be verified.
VerificationURLPart Relative URL for the confirmation URL. Makes sense to make it relatively short, especially in the case of SMS verification, for instance /cnf.
EmailToVerify EJS template for the email to be sent for verification.
TemplateVerificationSuccess EJS template for the page for successful verification.
TemplateVerificationFailure EJS template for the page for failed verification.
SMSToVerify Prefix of the SMS message to send for verification. It will be followed by the link to verify. Example: In order to verify your account with Pacific Gadget click.