Search code examples
node.jsexpress

How to confirm email address using express/node?

I'm trying to build verification of email address for users, to verify their email is real. What package should I use to confirm the email address of the user? So far Im using mongoose and express

Code Example

var UserSchema = new mongoose.Schema({
    email: { type: String, unique: true, lowercase: true }
    password: String
});

var User = mongoose.model('User', UserSchema);

app.post('/signup', function(req, res, next) {
   // Create a new User
   var user = new User();
   user.email = req.body.email;
   user.password = req.body.password;
   user.save();
});

In the app.post codes, how do i confirm the email address of the user?

Solution

  • What you're looking for is called "account verification" or "email verification". There are plenty of Node modules that can perform this, but the principle goes like this:

    • Your User model should have an active attribute that is false by default
    • When the user submits a valid signup form, create a new User (who's active will be false initially)
    • Create a long random string (128 characters is usually good) with a crypto library and store it in your database with a reference to the User ID
    • Send an email to the supplied email address with the randomly generated string as part of a link pointing back to a route on your server
    • When a user clicks the link and hits your route, check for the string passed in the URL
    • If the string exists in the database, get the related user and set their active property to true
    • Delete the string from the database, it is no longer needed

    Your user is now verified.