如何使用用户帐户处理电子邮件邀请系统
[英]How to handle email invite system with user accounts
问题描述
What's the standard/best way to handle the following situation? 
处理以下情况的标准/最佳方法是什么?
A user enters email address user1@example.com to send an invite to an event on a website. 用户输入电子邮件地址user1@example.com,以发送邀请参加网站上的活动。 The person receiving the invite already has an account at the website but has signed up with user2@example.com as their email address. 接收邀请的人已经在该网站上拥有一个帐户,但已使用user2@example.com进行注册作为其电子邮件地址。
How do I verify that it's the right person while letting the user sign in with their actual account? 在让用户使用其实际帐户登录时,如何验证自己是正确的人? I can use an invite ID to tie that account with that invite but what's stopping any person with access to that ID logging in? 我可以使用邀请ID将该帐户与该邀请绑定,但是什么阻止任何有权访问该ID的人登录?
1 个解决方案
解决方案1
1 已采纳 2012-10-15 13:58:53
It depends on your level of trust. 这取决于您的信任程度。 You have a few choices: 您有几种选择:
- Trust the person sending the invite. 信任发送邀请的人。 Anyone who visits with a valid invite response URL can register with their choice of email, regardless of who was sent the invite. 使用有效的邀请响应URL进行访问的任何人都可以使用他们选择的电子邮件进行注册,而无论向谁发送了邀请。
- Deny invite responses where the recipient and registered user email addresses don't match. 拒绝收件人和注册用户电子邮件地址不匹配的邀请响应。
- Only let users send invites for people already registered and have them choose the right account within the system. 仅允许用户向已经注册的人发送邀请,并让他们在系统中选择合适的帐户。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.