This section applies to Rebar only.
The unit allows to verify that the E-Mail and phone numbers specified by the user really belong to the user. This is done by sending a message to the specified E-Mail and phone number (as SMS) asking to click on a link. The link contains long, unique and randomized key that will only be known to the recipient of the message and will be used to authenticate the ownership.
When an account is created, it is possible to configure Rebar to require E-Mail as account identifier, in which case it is automatically populated in the E-Mail field. Alternatively, the user can specify E-Mail as well as phone number on the profile screen:
When the E-Mail address is first entered in the profile, or is subsequently changed, an E-Mail message is sent to that address asking the owner of the address to confirm their identity. They can do this by clicking on a link with a long, unique semi random ID:
When the owner of the E-Mail clicks on the link they will be taken to a confirmation screen:
The screen is based on a template, which is configurable. The default screen allows the user to proceed to the application.
When a phone number is entered to the user profile, or modified, a text message is sent to that number asking to verify:
Once the user clicks on the message they are taken to a confirmation screen, also driven by a configurable template. The default template allows the user to proceed to using the application:
Within the Rebar application, there is a screen with a list of the verified accounts:
Details about an E-Mail verification are available from that list:
Details about a phone verification are available from that list:
The requirements for account name and password are specified in
/configuration/units/urb-account-management/accountNameAndPasswordRequirements.js. The settings are:
||Boolean that indicates if phones entered in the user profile should be verified.|
||Boolean that indicates if emails entered in the user profile should be verified.|
||Relative URL for the confirmation URL. Makes sense to make it relatively short, especially in the case of SMS verification, for instance
||EJS template for the email to be sent for verification.|
||EJS template for the page for successful verification.|
||EJS template for the page for failed verification.|
||Prefix of the SMS message to send for verification. It will be followed by the link to verify. Example: