Last update:
August 26, 2024
User Email Verification¶
To protect user accounts and prevent fraud, users can be asked to verify and confirm their identity via email. This feature, known as user email verification, can be activated or deactivated. The default setting is off.
Users can verify their email address by clicking a verification link sent to their email address. Verification emails can be sent in the following scenarios:
- Administrator clicks Verify email in the Platform UI (
users/{userId}/sendVerificationEmail
endpoint requested). - Administrator calls the
users/{userId}/sendVerificationEmail
endpoint. - New user is created in xAPI.
- New user registers in the Frontend Application UI.
Email verification in Platform API¶
- A SendVerificationEmail endpoint is activated. It publishes
UserVerificationEmailEvent
viaIEventPublisher.Publish()
. UserVerificationEmailEvent
event is received in VirtoCommerce.StoreModule.- The received
ApplicationUser
is passed toIStoreNotificationSender.SendUserEmailVerificationAsync()
(as a background job). - If e-mail verification is not enabled for the particular store, stop processing and exit.
ConfirmationEmailNotification
notification template is retrieved and filled.- Notification is passed to
INotificationSender.SendNotificationAsync()
for dispatching.
Email verification in xAPI¶
- A sendVerifyEmail mutation is activated. It creates and publishes
SendVerifyEmailCommand
viaIMediator.Send()
. SendVerifyEmailCommand
command is received inSendVerifyEmailCommandHandler
.- The associated
ApplicationUser
is retrieved and passed toIStoreNotificationSender.SendUserEmailVerificationAsync()
. - The processing is requested in
SendUserEmailVerificationAsync()
as described in the scenario above.
Alternative scenario¶
- A createUser mutation is activated. It creates and publishes
CreateUserCommand
viaIMediator.Send()
. CreateUserCommand
command is received inSendVerifyEmailCommandHandler
.- The newly created user is retrieved and passed to
IStoreNotificationSender.SendUserEmailVerificationAsync()
. - The processing is requested in
SendUserEmailVerificationAsync()
as described in the scenario above.
Email verification in Frontend Application Kit¶
The Frontend Application kit is an example of Platform API clients.
- A Register endpoint activated in
AccountController
. A new user is created (via Virto Platform API). - If e-mail verification is not enabled for the particular store, stop processing and exit.
EmailConfirmationNotification
notification is created and filled.- The notification is dispatched via
SendNotificationByRequest
endpoint (Notifications module).