User e-mail verification
To protect user’s account and prevent fraud, he/she can be asked to verify and confirm their identity via e-mail. This feature is called user email verification. It can be activated (switched on) or deactivated (off). The default value is “off”.
Microsoft.AspNetCore.Identity.UserManager
is the component for user management. Its IsEmailConfirmedAsync(TUser user)
method provides a flag indicating whether the email address for the specified user has been confirmed or not.
E-mail verification feature Components
User can verify his email by clicking a verification link in the email sent to the address being verified. The verification email can be sent when:
- Administrator (user manager) clicks "Verify email" in Platform UI (
users/{userId}/sendVerificationEmail
endpoint requested); - Administrator calls
users/{userId}/sendVerificationEmail
endpoint explicitly e.g., via Swagger UI; - New user created in xAPI;
- New user self-registered in Storefront UI.
E-mail verification in Platform API
- SendVerificationEmail endpoint activated. It publishes
UserVerificationEmailEvent
viaIEventPublisher.Publish()
. UserVerificationEmailEvent
event received in VirtoCommerce.StoreModule.- Received
ApplicationUser
passed toIStoreNotificationSender.SendUserEmailVerificationAsync()
(in Background Job). - Stop processing and exit, if e-mail verification is not enabled for the particular store.
ConfirmationEmailNotification
notification template retrieved and filled.- Notification passed to
INotificationSender.SendNotificationAsync()
for dispatching.
E-mail verification in xAPI
- A sendVerifyEmail mutation activated. It creates and publishes
SendVerifyEmailCommand
viaIMediator.Send()
. SendVerifyEmailCommand
command received inSendVerifyEmailCommandHandler
.- An associated
ApplicationUser
retrieved and passed toIStoreNotificationSender.SendUserEmailVerificationAsync()
. - Request processing in
SendUserEmailVerificationAsync()
as described in previous scenario.
Alternative scenario
- A createUser mutation activated. It creates and publishes
CreateUserCommand
viaIMediator.Send()
. CreateUserCommand
command received inSendVerifyEmailCommandHandler
.- Newly created user retrieved and passed to
IStoreNotificationSender.SendUserEmailVerificationAsync()
. - Request processing in
SendUserEmailVerificationAsync()
as described in previous scenario.
E-mail verification in Storefront kit
Storefront kit is one example of Platform API clients.
- A Register endpoint activated in
AccountController
. A new user is created (via Virto Platform API). - Stop processing and exit, if e-mail verification is not enabled for the particular store.
EmailConfirmationNotification
notification created and filled.- Dispatch the notification via
SendNotificationByRequest
endpoint (Notifications module).
Last update:
June 16, 2021