How you create confirmation link for email?

In my project I need to send letter to user email with confirmation link. My solution:

1. Add string column “code” and boolean column “is_active” (with default value false) to user table.
2. When user register, generate unique string key and save to database. Send to email link, for example host.com/user/email/{code}/confirm
3. Then find by the code (generated string value) user and set flag “is_active” – true.
4. Clear value of column “code”.

How are you create confirmation link for email?

Answer

I use similar practice, with the following differences:

1. I would make the URL, i.e. host.com/user/email/{code}/confirm secure, so that the user must login to verify himself. This ensures a bit more security. For example, if the user had typed a wrong email id while registering, that wrong person shouldn’t be able to verify even after getting the mail.
2. Instead of searching by code, I would thus fetch the user by id (the id of the currently logged in user).
3. For the code, I use UUID.randomUUID().toString().

Also, it depends on personal choice, but I don’t use an is_active flag. Instead, I have a roles set, in which I put “UNVERIFIED” role. That helps me populating the authorities of the user a bit more easily while using Spring Security. Another way would be just to check if the code is null or not.