Table of Contents
Preview #
About #
GraffitiVerificationKit allows you to easily add email address validation and verification to your own Xojo Web applications.
Features #
- Email domain blocking
- Automatic sending of verification emails via SMTP
- Automatic validation of verification codes
- Automatic user database table updates
- Global rate limiting
- Per-email or IP address rate limiting
- Email subject, body HTML and body Text customization
- Sender email and name customization (where supported by the SMTP server)
Installation #
- Add the GraffitiVerificationKit module to your project
- Setup the instance in the App.Opening event
- Setup code link handling in the Session.Opening event
- Implement a UI for user email and code input
Requirements #
This class has no requirements from GraffitiSuite Web Edition and can be used entirely separately and may be adapted for other platforms.Enumerations #
| Name | Values |
|---|---|
| EmailEncryptions | SSL TLS |
Constants #
This class exposes no constants.
Events #
This class exposes no events.
Methods #
| Name | Parameters | Return Type | Description |
|---|---|---|---|
| Constructor | None | None | Creates a new instance of the class. |
| VerifyCode | code as String | GraffitiVerificationKit.EmailData | Attempts to link the code to a specific user. |
| VerifyEmail | emailAddress as String ipAddress as String | GraffitiVerificationKit.EmailData | Validates the emailAddress then attempts to send a verification email with a generated code. |
Properties #
| Name | Type | Default Value | Description |
|---|---|---|---|
| AddUserRow | Boolean | True | If True and UserDatabase properties are set, will attempt to add a new user row to the database. Otherwise will attempt to update an existing, matching user row. |
| BlockedDomains | String() | Array( “example.com” ) | Email domains that are not permitted to attempt verification. |
| EmailAuthEnabled | Boolean | True | Determines whether EmailAuthUsername and EmailAuthPassword must be sent to the SMTP server to authenticate the user sending mail. |
| EmailAuthEncryption | EmailEncryptions | EmailEncryptions.SSL | Encryption type required for SMTP server. |
| EmailAuthPassword | String | “” | SMTP server authorization password. |
| EmailAuthPort | Integer | 465 | SMTP server listening port. |
| EmailAuthServerAddress | String | “” | SMTP server address. |
| EmailAuthUsername | String | “” | SMTP server authorization username. |
| EmailBatchInterval | Integer | 10 | Number of seconds between sending email batches. |
| EmailBodyTemplateHTML | String | <HTML String> | Email body HTML code. Use %code% to replace with generated code. |
| EmailBodyTemplateText | String | <String> | Email body plain text. Use %code% to replace with generated code. |
| EmailSenderAddress | String | “” | Sender email address displayed in user’s inbox. |
| EmailSenderName | String | “” | Sender name displayed in user’s inbox. |
| EmailSubject | String | “Account Verification” | Email subject line. |
| EnableRateLimiting | Boolean | True | Determines whether GraffitiVerificationKit will attempt to limit how often verifications are attempted. |
| MaximumEmailsPerBatch | Integer | 10 | Determines how many emails from the queue are sent per batch. |
| MaximumGlobalAttemptsCount | Integer | 500 | Global maximum number of attempts to allow within MaximumGlobalAttemptsPeriod. |
| MaximumGlobalAttemptsPeriod | Integer | 300 | Length of time, in seconds, to track attempts. |
| MaximumUserAttemptsCount | Integer | 5 | User maximum number of attempts to allow within MaximumUserAttemptsPeriod. Tracked by IP Address and Email Address. |
| MaximumUserAttemptsPeriod | Integer | 300 | Length of time, in seconds, to track attempts. |
| UserDatabase | Database | Nil | Reference to database for adding rows or updating verification status. It is your responsibility to ensure the database is connected, setup properly, and ready before verifications occur. |
| UserDatabaseCodeField | String | “” | Database field to store the code for checking later. Should be a text type field with a minimum length of 20 characters. |
| UserDatabaseEmailField | String | “” | Field in the database’s Users table where the user’s email is stored. |
| UserDatabaseTableName | String | “” | Name of the database table where user information is stored. |
| UserDatabaseVerifiedField | String | “” | Name of the field in the users database where the verification status will be stored |
Notes #
Database Tables #
It is not required that the verification data exist on your permanent users table. You may provide properties pointing to a table that is purely used for verification then check that table during your application’s login and other processes to ensure the user has verified their email address.