Skip to content
Last update: April 25, 2024

User Email Verification

To protect user accounts and prevent fraud, users can be asked to verify and confirm their identity via email. This feature, known as user email verification, can be activated or deactivated. The default setting is off.

Users can verify their email address by clicking a verification link sent to their email address. Verification emails can be sent in the following scenarios:

  • Administrator clicks Verify email in the Platform UI (users/{userId}/sendVerificationEmail endpoint requested).
  • Administrator calls the users/{userId}/sendVerificationEmail endpoint.
  • New user is created in xAPI.
  • New user registers in the Storefront UI.

Email Verification in Platform API

Email verification in Platform

  1. A SendVerificationEmail endpoint is activated. It publishes UserVerificationEmailEvent via IEventPublisher.Publish().
  2. UserVerificationEmailEvent event is received in VirtoCommerce.StoreModule.
  3. The received ApplicationUser is passed to IStoreNotificationSender.SendUserEmailVerificationAsync() (as a background job).
  4. If e-mail verification is not enabled for the particular store, stop processing and exit.
  5. ConfirmationEmailNotification notification template is retrieved and filled.
  6. Notification is passed to INotificationSender.SendNotificationAsync() for dispatching.

Email Verification in xAPI

Email verification in xAPI

  1. A sendVerifyEmail mutation is activated. It creates and publishes SendVerifyEmailCommand via IMediator.Send().
  2. SendVerifyEmailCommand command is received in SendVerifyEmailCommandHandler.
  3. The associated ApplicationUser is retrieved and passed to IStoreNotificationSender.SendUserEmailVerificationAsync().
  4. The processing is requested in SendUserEmailVerificationAsync() as described in the scenario above.

Alternative Scenario

  1. A createUser mutation is activated. It creates and publishes CreateUserCommand via IMediator.Send().
  2. CreateUserCommand command is received in SendVerifyEmailCommandHandler.
  3. The newly created user is retrieved and passed to IStoreNotificationSender.SendUserEmailVerificationAsync().
  4. The processing is requested in SendUserEmailVerificationAsync() as described in the scenario above.

Email Verification in Storefront Kit

The Storefront kit is an example of Platform API clients.

Email verification in Storefront

  1. A Register endpoint activated in AccountController. A new user is created (via Virto Platform API).
  2. If e-mail verification is not enabled for the particular store, stop processing and exit.
  3. EmailConfirmationNotification notification is created and filled.
  4. The notification is dispatched via SendNotificationByRequest endpoint (Notifications module).