问题
I installed a process of email address verification using Meteor Accounts. It works fine, but when Accounts.sendVerificationEmail() is called a second time, the Account.verifyEmail() method always refuse with a 403: Verify email link expired when called on the new token.
The email verification token set in Meteor.users by the first call to Accounts.sendVerificationEmail() is not changed when calling that method again: It's still the link sent with the first email that will work.
I can't find any info related to this in the Meteor documentation or on the internet. Is there something to do before beeing able to call Accounts.sendVerificationEmail() a second time (like cleanup or something?).
回答1:
I had the same issue implementing the resend link to my website. I got around this by removing all the previous verficationTokens.
Here are two methods of applying a fix to this problem:
- This is the preferred method if you already have an active database with n amount of users having trouble verifying their accounts. Place this code in a separate
Meteor.call()method after you call theAccounts.sendVerificationEmail()method:Meteor.users.update({_id: Meteor.userId()}, {'$push': services.email.verificationTokens": {$each: [], $slice: -1}}});
This will empty all the other tokens except for the last token created by the latest call to Accounts.sendVerificationEmail() method.
- This method may be quicker for implementing newer projects or when implementing
meteor-accountsin a new project. Similar to step 1) place this code in a newMeteor.call()method and call it after callingAccounts.sendVerificationEmail()method:Meteor.users.update({_id: Meteor.userId()}, {'$pop': {"services.email.verificationTokens": -1}});
This will pop the first entry of the verificationTokens and thus the only entry is left with the latest token generated in Accounts.sendVerificationEmail() method.
Hope this helps.
回答2:
When you use sendVerificationEmail(), a new entry appears in users collection : 'services.email.verificationTokens' and you'll see in 'emails.[x].verified' is false. When you use verifyEmail(), the 'emails.[x].verified' go to true, and values in 'services.email.verificationTokens' disappear. So, if you try to use a second time verifyEmail(), it can't because email still verified and verification token is delete. If you send a second time sendVerificationEmail() with a new token, the new link allows you to use verifyEmail() without error message.
来源:https://stackoverflow.com/questions/35780001/cant-validate-email-token-when-calling-accounts-sendverificationemail-a-second