Package com.ericbouchut.learndev.auth
Class EmailVerificationService
java.lang.Object
com.ericbouchut.learndev.auth.EmailVerificationService
Email verification: proves the registered address belongs to the user.
Same token discipline as the password reset: a 32-byte random secret sent
by email, stored only as its SHA-256 hash, single active token per user,
single use, with a TTL (configurable under
learndev.email-verification.*). Verification is informational in
v1 (a dashboard banner until done); it does not gate any feature yet.-
Constructor Summary
ConstructorsConstructorDescriptionEmailVerificationService(EmailTokenRepository tokens, UserRepository users, EmailVerificationMailer mailer, AuditService audit, Duration tokenTtl) -
Method Summary
Modifier and TypeMethodDescriptionvoidsendVerification(User user, String ipAddress, String verifyUrlBase) Issue a fresh token for the user (invalidating any open one) and email the verification link.booleanConsume a verification token: marks the user verified and burns the token.
-
Constructor Details
-
EmailVerificationService
public EmailVerificationService(EmailTokenRepository tokens, UserRepository users, EmailVerificationMailer mailer, AuditService audit, @Value("${learndev.email-verification.token-ttl}") Duration tokenTtl)
-
-
Method Details
-
sendVerification
Issue a fresh token for the user (invalidating any open one) and email the verification link. A mail failure is logged and audited but not surfaced: registration must not fail because SMTP hiccuped.- Parameters:
user- the account to verifyipAddress- requester IP for the audit trailverifyUrlBase- absolute URL of the verify endpoint, without the token
-
verify
Consume a verification token: marks the user verified and burns the token. Unknown, expired, or already-used tokens simply return false (the caller shows a neutral invalid-link message).- Parameters:
rawToken- the raw token from the emailed linkipAddress- requester IP for the audit trail- Returns:
- true when the email is now verified
-