Comments (3)
ocram
commented on May 18, 2024
Thanks for your appreciation!
Everything you said was correct and this is definitely a missing feature that we must add. I'd even say this should have the highest priority, since undelivered emails can be quite frequent depending on how you sent your emails, and inattentive users will cause problems, anyway.
Regarding the implementation, I wouldn't make that method public but instead create a simple wrapper. This gives us two advantages: The new wrapper can have a meaningful name like resendConfirmation and we can do some additional database queries in the wrapper. First, we could check that the last request has been a while ago, i.e. you shouldn't be able to request a new confirmation just ten minutes after the first one. Second, as you said, we should invalidate the old request.
Thanks for the hint, this is absolutely needed!
from php-auth.
steinitzu
commented on May 18, 2024
That sounds great!
Rate limiting would definitely be needed too, should be configurable in some way. Maybe just by passing a min number of seconds that should have passed to resendConfirmation.
from php-auth.
ocram
commented on May 18, 2024
Implemented in:
This is available in a new major version, v6.0.0, which comes with a few breaking changes. For a guide on how to upgrade, please see the migration notes in Migration.md.
from php-auth.
Related Issues (20)
- Normalize users table to reference email addresses in another table? HOT 3
- User "verified" status does not change HOT 4
- How to attach to already started session? HOT 3
- How to avoid resendConfirmationForEmail if user is already verified? HOT 1
- How do I remember the user after calling admin()->logInAsUserById? HOT 1
- Compatibility with Redis for User Sessions
- Random User Logout and Cookie Anomalies HOT 4
- $auth->forgotPassword creates fatal error HOT 2
- Use PHPAuth for a REST API ? HOT 1
- InvalidSelectorTokenPairException on every attempt to change password HOT 7
- periods in email addresses HOT 2
- Is compatible with php 8.1 ? HOT 2
- [php 8.2.4] - Deprecated: Automatic conversion of false to array is deprecated / multi-projects
- oAuth2 + PHP-auth implementation HOT 1
- The best way to send a re-confirmation email? HOT 5
- Encryption of PII HOT 1
- More documentation is required
- session is empty after redirect HOT 7
- Why use selector/token pair for password reset? HOT 1
- [Question] Logout everywhere after password reset. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from php-auth.