Search code examples
databaselaravelamazon-web-servicesone-time-passworduser-registration

Are OTP for user registration supposed to store in session or datbase in laravel?

Are OTP supposed to store in session or database. Can anyone please tell the flow of OTP. As Far as i understood, when a user submits the necessary field the user details and the otp gets stored in database, and after register another form opens to enter otp and then the registration finally success. But I dont get the actual logic. To store the otp we need to store all the data in database, all the data gets stored (user info) only then we can verify the otp. I am using session but I am not sure if the code is correct,

    public function otpVerify(Request $request)
    {
        $data = $request->validate([
            'verification_code' => ['required', 'numeric'],
            'phone_number' => ['required', 'string'],
        ]);
        $otp = $request->session()->get('otp');
        $enteredOtp = $request->session()->get('otp');
        

    if ($otp == $enteredOtp) {
        $user = tap(User::where('phone_number', $data['phone_number']));
        // ->update(['isVerified' => true]);
        return success([
            $success,
            $otp
        ], __('User created successfully'));
 } else {
    return problem([], 500, 'OTP Doesnt Match');
 }


  public function register(RegisterUserRequest $request)
    {
        $user = new User($request->validated());
        $otp = rand(10000, 99999);
        $otp_expires_time = Carbon::now()->addSeconds(20);
    
        if (!env('APP_ENV') === 'local') {

            $sms = AWS::createClient('sns');

            $sms->publish([
                'Message' => 'Your OTP code is:' + $otp,
                'PhoneNumber' => $user->phone_number,
                'MessageAttributes' => [
                    'AWS.SNS.SMS.SMSType'  => [
                        'DataType'    => 'String',
                        'StringValue' => 'Transactional',
                    ]
                ],
            ]);
        } else {
            Log::channel('otplog')->info('Your OTP code is:'. $otp);
        }
        $status = $user->save();
        $user->roles()->attach($request->role_id);
        $user->brands()->attach($request->brand_id);
        $user->appliances()->attach($request->appliance_id);
        $success['token'] =  $user->createToken('MyAuthApp')->plainTextToken;
        $success['name'] =  $user->name;
        Session::put('OTP', $otp, 'expiry_time',$otp_expires_time);
        if ($status) {
            return success([
                $success,
                $otp_expires_time,
                $otp
            ], __('User created successfully'));
        } else {
            return problem([], 500, 'USER_REGISTER_FAIL');
        }
    }
Solution

  • Store in database is a good option