I'm working on a free iOS app; at the end of the registration (when the user has registered a good phone number and good email address) I want the user to enter a code which he has received on his phone or email.
But the problem is how to send automatically a SMS or an e-mail programmatically that contains the code?
I don't want the user to be redirected to a specific view controller to compose a message by himself (like with MFMessageComposeViewController or MFEmailComposeViewController)
just and only just the same appearance of SMS or email sent to users but with a different activation key (for the keys, I think about auto generated keys stored in a database).
And I think about the same way for forgotten identifiers, the user enter his email address or his phone number in a text field, and a message is automatically sent with the password and the username of the user, if the email address or the phone number entered is already existing in the database, if it is not, it shows an alert view with an error.
Does anyone have an idea for how to do this?
You can use the following services Parse.com + mailgun. Search on Parse.com for a tutorial using mailgun and it should accomplish what you are trying to do. On a side not, be careful when creating an app which does not allow the user to use it until they enter some access code, it is against the Apple rules and could lead to rejection.
I assume you have a server that generates this activation code that is sent to the user.
When the user enters the text field with the code he got it should be sent back to the server with an http request (use NSURLConnection ). The server should response to the http request with approval or error whether the code is right, or send the username and password and any other data the user needs to continue.
Related
It is possible to use email verification with firebase but instead of sending a link they have to click, it should send a code like a sms verification code and i have to check in my ios app (swift based) if they match.
Email verification ensures that the user has access to the email address they claim. Setting an email address to verified by sending a text message is not the same, as you can't know from the receipt of the text message that they have access to the email address.
But as A. Welch commented, you can verify that the user has access to a specific phone number by using Firebase's phone number authentication as documented here: https://firebase.google.com/docs/auth/ios/phone-auth
If neither of those does precisely what you want, you can also roll your own. Send a text message or email with whatever information you want, and use the Firebase Admin SDK to update the user profile.
I am just starting to work with, and learn AWS. I am using the services in the AWS Mobile Hub and so far have set up the Sign In & Sign Up methods.
Everything works fine, and now I am working on the Forgot Password and Update Password.
Problem:
The problem is, is that the way AWS has set up the Forgot Password is that:
You first enter a username and then after the user enters a username AWS sends a verification code via SMS to the phone number associated
with that username.
That's an issue because it means that anyone can enter any username and a text message will be sent, resulting in my SMS payments increasing and to be honest it just looks sloppy.
What I want to have done is that:
After a user enters a username, they then have to enter the phone number associated with the account
Then if it matches, it sends the SMS.
Question
How do I check if a user exists in a userpool?
And then if it does, how do I get the user attribute associated with the phone number to check if it matches the phone number that the user enters?
Is this even possible? Can I even get the credentials of a user who isn't the one logged in?
Thanks in advance!
Cognito User Pools does not currently allow you to get attributes for a user (such as phone number) without that user having signed in and gotten an access token.
The admin apis can do the lookup you're looking for, but they shouldn't be called from the client as that would mean you have to embed credentials. If this is a must have for you, you could potentially secure those credentials by wrapping it in API Gateway or something along those lines and then call that from your client.
Here is how you should do it:
1) Create a web API using the APIGateway. Ideally you want to restrict access with an API Key, which you should bundle with your application.
2) Connect a POST method to a Lambda function, which will
(a) perform the necessary checks (whether the phone number specified is indeed the correct one, etc), calling the admin_* functions.
(b) issue the client version of the password reset, which will trigger the sending of the SMS code.
In my app, there is an email functionality which should send email from an id, which is not configured with mail app. From address will be like noreplyATgmail.com .. some thing like that.
How can I hard code the from address of an email ?
It's impossible to send email from account where user isn't authorised in.
For your aims it's better implement email functionality on server side that could be authorised to send emails from address that you specified.
As per my comment - you can't, you should use reply-to for that, or send a request to a server to send the email. The from gets set from the selected email address you eventually chose to send the email with.
For example:
mailto:email#email.com?subject=Subject&reply-to=noreply#something.com
I don't think there's anyway to do this using MFMailComposeViewController.
I am building an email app in ruby on rails and I had a basic version which just used to send emails using AWS SES but recently I received a mail from AWS team saying that most of the email which I have sent had bounced back and they will discontinue my account if I send emails to the bounced email ids.
Is there any way to verify before sending email to any address that whether that email exists or not and valid or not.
Any gem or work around will help me a lot
The general way to do this is purely from a system design point of view. If you are going to collect an email address from one of your users and send them email periodically, or as events happen etc, then you should first ask them to "verify their email address". This typically involves generating a unique token, putting that into your database, linked with the user, then sending an email containing a URL with that unique token in it. The user clicks the link, which goes to a controller in your Rails application that matches the token against the user. If they can't follow that link, they can't read your emails, so don't send further email to that address.
If you obtained the email addresses through "other means", you're down to setting a Return-Path address on the outgoing email (bounces will be sent here), then checking that mailbox for bounces. I'm also often suspicious of how people happen upon a list of email addresses that didn't come from users consenting to an agreement with your website.
You could use the Mail gem to do this, but you need to know how to set up an SMTP server that pipes the email into your Rails application, which is not straightforward without prior experience. You can also use a variable Return-Path address (VERP), such as <some unique hash>+bounces#your-domain.com, where <some unique hash> references the email address in your system. This takes away the pain of trying to parse and interpret the bounce email, since the address it is sent to tells you who the bounced recipient is.
I have an application that allows users to send an invitation to a friend. Emails are being sent out using SendGrid. I am wondering if it's possible to forward the mailer-daemon emails back to the user in an event they type in an email address that doesn't exist.
So for example a user enters in the email 'thisisnotreal#fakedomain1234.com' to send the invitation. I want to be able to notify the user that the email they have entered doesn't exist. Usually when you just send an email from an email client the server lets you know right away that the email is not able to be delivered. I am wondering if it's possible to do this as well through SendGrid.
Take a look at the event notification section of the SendGrid API. You can add a page to your application that accepts POST requests from SendGrid, and then you'll get event notifications in real-time.
When a bounce event is posted to that listener from SendGrid, you could then lookup the user that needs to be notified via the recipient email. If you don't have this relationship available in your local store, you could pass a unique argument to SendGrid at send time that contains information you can use for the lookup - unique arg information is included with event notifications. Then it's just a matter of taking the appropriate action required to notify your user - either with an email or via a notice on your website or a text message or whatever is best for your application.
This maintains asynchronous communication. You'll be alerted when something goes wrong without having to add blocking code, and you can send your users a nice branded message (using SendGrid, of course) rather than just forwarding a mailer-daemon response .