0

Here's my workflow:

  1. Ember action on new user signup is to send Express the user data.
  2. Express then creates a web token, encrypts the contents, and puts a link in an email that it sends with Nodemailer.
  3. The email is sent successfully.
  4. User goes to their email and clicks on the link.
  5. On clicking the link, Express gets the token from the query params decrypts and decodes the token, and creates a New User.

All of the above works ok, but here is where I'm stuck. I'd like for the user to be redirected back to the Ember frontend, and automatically logged in. This is the bit I'm stuck on. Here is the Server code:

<!-- language: lang-js -->
signUpUser.save().then(function(model) {
        res.set('location', 'http://localhost:4200/login');
        res.status(302).json({user:model})
});

I'm able to successfully redirect back but I'm not able to capture the json data in my ember code, and I'm not sure where or how in Ember I can call a login action in the given scenario.

I have a feeling my approach may be wrong? Because email verification is a common thing. Also, I'd rather not have to make users input their form information more than once.

kaustubhb
  • 399
  • 1
  • 5
  • 19

2 Answers2

1

Here's how I'm doing this:

  1. In Express, add query params to the response url after saving user:
signUpUser.save().then(function(model) {
    res.set('location', 'http://localhost:4200/login?token=' + token + 'id=' + id);
    res.status(302).json({user:model})
});
  1. In Ember, in the /login route beforeModel hook, grab the query params:
beforeModel: function(transition) {
    console.log(transition.queryParams.token);
    if (transition.queryParams.token) {
        this.controllerFor('login').send('assignTokenToUser', transition.queryParams.token, transition.queryParams.id);
    };

    if (!Ember.isEmpty(this.controllerFor('login').get('token'))) {
        return this.transitionTo('courses');
    }
}

I'm not sure this is the Ember Way, but the key here is being able to grab queryParams of the transition object.

kaustubhb
  • 399
  • 1
  • 5
  • 19
0

Can you provide some more information about the authentication system you are using? It sounds like you are using a JWT to convey some information about email verification, but how do you authenticate API requests? Do you use another JWT that is stored in a cookie? If so you want to create this cookie when they arrive with their verification JWT.

Disclaimer: I work at Stormpath and we have a fully-featured email verification workflow in our service. While we don’t have an integration for Ember.js, we do have a good overview of JWTs and Single Page Applications, it may be useful at a high level: Token Based Authentication for Single Page Apps

We do have an Angular integration, if you have the option to switch frameworks: Stormpath AngularJS SDK

robertjd
  • 4,723
  • 1
  • 25
  • 29
  • That's right, I use 2 different JWTs. One I use for authenticating API requests. I store it in local storage but recently read a Stormpath post about why cookies are more secure. And the token goes in the authorization header on every request. The other JWT is the one I pass encrypted information in, for the user to create a New User account when clicking the link in their email. – kaustubhb Mar 09 '15 at 18:09