Creating Account Activation Links for User Registration in Vaadin Applications

In a previous article, I explained how to implement a sign-up view to register new users within the application. In this article, I'll show you how to generate activation links that you can send to the users so that they can complete the registration process.

Generating a Random Activation Code

The general idea for implementing account activation codes is to generate a random string and store it in the database. You use that string to create a link to your application and send it to the user, for example via e-mail (covered in the next article). When the user clicks the link, you compare the string (or code) with the one you stored in the database, and if they match, you activate the user. So, you need to store two things per user:

• a hard-to-guess random code, and,
• a boolean that indicates whether the user has activated the account or not.

For example:

x

@Entity

public class User extends AbstractEntity {

    ...

    private String activationCode;

    private boolean active;

    ...

}

The activation code can be generated in the constructor:

x

public User(String username, String password, Role role) {

  ...

  this.activationCode = RandomStringUtils.randomAlphanumeric(32);

}

Implementing the Logic to Activate Users/Accounts

In the service layer, you need a method to activate a user if the codes match. You can query the database and search for a user with the given code, and if it exists, you update the active flag and save it back to the database:

x

@Service

public class AuthService {

    public class AuthException extends Exception { }

    ...

    public void activate(String activationCode) throws AuthException {

        User user = userRepository.getByActivationCode(activationCode);

        if (user != null) {

            user.setActive(true);

            userRepository.save(user);

        } else {

            throw new AuthException();

        }

    }

}

You should either make sure that the activation codes are unique or query the user by user name plus activation code. I'll let that as an exercise.

Implementing the Authentication Logic

You also need to update the authentication logic. You cannot authenticate a user unless it is active:

xxxxxxxxxx

    public void authenticate(String username, String password) throws AuthException {

        User user = userRepository.getByUsername(username);

        if (user != null && user.checkPassword(password) && user.isActive()) {

            VaadinSession.getCurrent().setAttribute(User.class, user);

            createRoutes(user.getRole());

        } else {

            throw new AuthException();

        }

    }

Defining the Activation Link (URL)

For now, and to make testing simpler, we'll send the URL to the standard output. You need to concatenate the URL of the activation view (implemented in the next step) and pass the activation code as a parameter:

x

    public void register(String email, String password) {

        User user = userRepository.save(new User(email, password, Role.USER));

        String text = "http://localhost:8080/activate?code=" + user.getActivationCode();

        System.out.println(text);

    }

Implementing the Activation View

Finally, you have to create the activation view mapped to the URL used in the previous step:

xxxxxxxxxx

@Route("activate")

public class ActivationView extends Composite implements BeforeEnterObserver {

    private VerticalLayout layout;

    private final AuthService authService;

    public ActivationView(AuthService authService) {

        this.authService = authService;

    }

    @Override

    public void beforeEnter(BeforeEnterEvent event) {

        try {

            Map<String, List<String>> params = event.getLocation().getQueryParameters().getParameters();

            String code = params.get("code").get(0);

            authService.activate(code);

            layout.add(

                    new Text("Account activated."),

                    new RouterLink("Login", LoginView.class)

            );

        } catch (AuthService.AuthException e) {

            layout.add(new Text("Invalid link."));

        }

    }

    @Override

    protected Component initContent() {

        layout = new VerticalLayout();

        return layout;

    }

}

This view reads the parameters to get the activation code and attempts to activate the user.

Summary

We learned how to generate a random code that can be used in a URL to activate an account. In the next article, I'll show you how to send that URL via email.