Class EmailVerificationService

java.lang.Object
com.ericbouchut.learndev.auth.EmailVerificationService

@Service public class EmailVerificationService extends Object
Email verification: proves the registered address belongs to the user. Same token discipline as the password reset: a 32-byte random secret sent by email, stored only as its SHA-256 hash, single active token per user, single use, with a TTL (configurable under learndev.email-verification.*). Verification is informational in v1 (a dashboard banner until done); it does not gate any feature yet.
  • Constructor Details

  • Method Details

    • sendVerification

      @Transactional public void sendVerification(User user, String ipAddress, String verifyUrlBase)
      Issue a fresh token for the user (invalidating any open one) and email the verification link. A mail failure is logged and audited but not surfaced: registration must not fail because SMTP hiccuped.
      Parameters:
      user - the account to verify
      ipAddress - requester IP for the audit trail
      verifyUrlBase - absolute URL of the verify endpoint, without the token
    • verify

      @Transactional public boolean verify(String rawToken, String ipAddress)
      Consume a verification token: marks the user verified and burns the token. Unknown, expired, or already-used tokens simply return false (the caller shows a neutral invalid-link message).
      Parameters:
      rawToken - the raw token from the emailed link
      ipAddress - requester IP for the audit trail
      Returns:
      true when the email is now verified