Comments (6)
As a first step, I wonder if we can set a JWT-based session cookie containing the formId, the verified contents of the field (e.g. email or phone number), and an expiry time when a verification request succeeds.
The next time the user enters the same verified contents and tries to do verification, we immediately considers the verification to succeed if the JWT cookie is present and not send any verification emails or SMS. The session ends when the user closes the browser window or tab.
Next, we can get the client to read the JWT and pre-fill the relevant fields if possible.
from formsg.
Discussion
- Figure out how to have this work with E2EE and webhooks
- To cater for public library use case
from formsg.
For my own reference, most of the logic for verification is in https://github.com/opengovsg/FormSG/blob/develop/src/app/modules/verification/verification.service.ts
from formsg.
An implementation might be:
- Upon request in
verifyOtp
, we generate a signed and encrypted cookie containing the verified recipient string and type (i.e. a phone # or an email) and an expiration time, and we store that cookie on the client. - When the client next requests an OTP with
sendOtp
, we check whether that cookie exists, and if it does, decrypt it and compare the verified recipient string to the new recipient. If it all checks out, we return the signedData immediately instead of sending the SMS. If it doesn't, we proceed as usual.
We will need an additional checkbox after the user clicks "Send SMS" etc to ask the user whether they want to persist their "verification" for the browser session or next 30 minutes.
from formsg.
Here is a more detailed doc describing a potential workflow: https://docs.google.com/document/d/1tayeHx1oBJbsgw0uKhuZB9RQ7xaSrpVKo8UnICwTCUk/edit?usp=sharing
from formsg.
Moved to linear
from formsg.
Related Issues (20)
- When payment is not enabled on a form, a white box is still rendered where the payment preview usually is HOT 1
- Make responseMetadata required for submission controllers
- MongoDB host with srv scheme is not supported
- Dropdown options rendering outside of form creation tab HOT 5
- [FRM-1363] Test Issue | Public Label HOT 2
- [FRM-1364] Creating a new issue on github. Should appear on linear.
- [FRM-1365] Test open issue on GH
- [FRM-1387] wanling test issue for synclinear
- [FRM-1389] [FRM-1386] Ken test issue for synclinear
- [FRM-1390] [FRM-1388] Huiqing test synclinear issue!!
- [FRM-1393] [FRM-1392] [CF] Testing synclinear HOT 1
- [FRM-1394] ken test issue for synclinear HOT 2
- [FRM-1395] [FRM-1391] Sebastian test sync linear
- [FRM-1396] wanling test synclinear again HOT 1
- GOV.UK Forms
- [Feature Request] Request for REGEX validation
- Feature: Easier whitelisting of email domains (simple patterns or flags)
- Removal of all references to Singapore entities and proprietary services
- Difficulty in translating hardcoded text within nested React tags using i18next HOT 2
- feat: allow drag-and-drop of storage mode secret key HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from formsg.