Proper use of Send Verification Email questions

arshs01 · September 30, 2017, 6:55am

Hello,

I’m trying to integrate the Email/Password functionality into my app and am a bit confused on how it all works. Would like to have a solid understanding to get comfortable with security of the app.

In my Accounts.onCreateUser function, I call Accounts.sendVerificationEmail(user._id);
However, the user doesn’t exist in the database yet apparently…so that call throws an exception.

I’d like to ensure the user is in the DB before I send the email…is this possible inside onCreateUser, without the following process: (Accounts.createUser has a callback, and from there I could call a Method that calls the sendVerificationEmail)?
Or is that the intended process?

I currently don’t have a FlowRouter route (to catch the /verify-email/ pattern), but everything (except #3 below) seems to work. How come?
Accounts.onEmailVerificationLink takes a function w/ 2 arguments, and the second argument (doneVerifying) is a function that should be called after the email has been verified. However, in my code below, it doesn’t get called. Am I using this infrastructure properly?


var doneVerifying = function(){
    console.log("in doneVerifying");
    if(Meteor.user() && Meteor.user().emails[0].verified){
        console.log("success");
    }
    else{
        console.log("failed");
    }
}

Accounts.onEmailVerificationLink(function(token, doneVerifying){

    //check token using this Meteor-provided function; logs user in afterwards
    Accounts.verifyEmail(token, function(error){
        if(error){
            console.log("error verifying");
        }
        else{
            console.log("email verified");
            doneVerifying();
        }
    });

});

Many thanks for any help.

jhuenges · September 30, 2017, 9:58am

Try

/*
 * New users with an email address will receive an address verification email.
 */
Accounts.config({sendVerificationEmail: true});

This is how it is used by mdg.

arshs01 · September 30, 2017, 7:23pm

Thanks - that helps with #1. Do you think it belongs in the Server Meteor.startup()?

jhuenges · October 1, 2017, 8:16am

You can import in somewhere on the server side. That is enough. No need for Meteor.startup
For 2 and 3 I don’t see a problem, or maybe I am just stupid. Here is another forum post with a similar issue. Can you check if Accounts.onEmailVerificationLink is called?

arshs01 · October 1, 2017, 8:38am

Gotcha, thanks.

For #1 (not having to put it inside Meteor.startup()) and #2 …yep, they both work, was just trying to understand why. (the only reason I can think of it working properly is if meteor runs through all Accounts.xyz functions during startup by default. (Will have to find this in meteor source code at some point).)

For #3, I can confirm Accounts.onEmailVerificationLink is called. Everything works fine (and the email does get verified), except for the call to doneVerifying() - ie I cannot put post-verification code in a separate function as illustrated initially.

For now I’ve moved all my code inside doneVerifying() to to place I call doneVerifying()…but would prefer not to do that as I add more complex workflow. Thanks for your help!