[SOLVED] Restrict access to confirmation page

How can i restrict the access to the confirmation page which is opened by clicking the link from the email? This page, http://noah-watch.com/version-test/confirmation should only be available for users who’s link comes from the email received.

I can see that the URL looks like this:
http://noah-watch.com/version-test/confirmation?confirmation_email=1473857091513x794421913567930500

Any ideas?

Thank you

You could run a workflow on page load that checks if the parameter sent to the page in the URL contains a valid ID? I’m not sure what this ID refers to, but it’s probably to a “User” object. So you could do a search for Users with that unique ID and only allow the page to be displayed if the user exists.

Hi Soeren

That was the thing, i didn’t know where does this id belongs to, but could find out if its the user. Then your advice could work :slight_smile:

Thank you

nope, is not the user unique id:
Maybe @emmanuel can tell us where this id comes from? and how we can work with it?

http://noah-watch.com/version-test/confirmation?confirmation_email=1473888013402x937705735908821200

This is what we use to track which user is confirming the email. You shouldn’t do anything with it, that’s a behind the scene thing.

So if you open this link http://noah-watch.com/version-test/confirmation?confirmation_email=1473889032425x874554027803242200 and press the button Confirm email, to which user applies this:

Sholdn’t this page be restricted only to user you accessed it by clicking on the link from email sent to him?

It does it automatically for you.

No, because if you pick “home” as the confirmation page, we can’t restrict it.

but feel free to add some events to redirect users.

now i got it. We do not need to create any field under user type. It already exists

1 Like

I know it’s been a while but this is still valid and I’ve been testing this out, with a few problems and a workaround.

The email confirmation link from the email goes to a “behind the scenes thing” that confirms the user’s email then redirects to the page specified in the initial action (ie “send confirmation email” in login page for example). So for this example, I created a page “setup” as the redirect page after email confirmation.

Problem is, after bubble updates the “email confirmed” flag on the user and redirects to page “setup”, it takes some time for the “Current User” object to reflect the confirmed email status. And so when the “status” page is loaded and the “Page Loaded” event fires, the flag still says the user’s email is not confirmed.

One solution is to add an event “Do every x seconds…” to trigger your workflow. Put all your steps into a custom event and trigger that when the email confirmed flag on the current user is true. In my test, it was taking between 4 and10 seconds for this to fire.

So I ended up with 3 Workflow events:

  1. Custom Event with the steps I want to run when a user confirms their email

  2. “Do every 1 second” event with a single action that triggers the custom event only when the current user’s email confirmed flag is true

  3. “Page is loaded” event with a 15 second wait time before redirecting back to the login page.

Good: If a user goes to page “setup” without using the email link then they cannot acces the app and they can be redirected back to the login page.

Not so good: It’s not immediate, but it does work.

Might be better if the “behind the scenes” action passed the updated Current User as an object to the page, then it could be checked immediately.

Hope it helps? Thoughts?

2 Likes