📧

Building a User Registration System

Jul 11, 2024

Tutorial: Building a User Registration System

Introduction

  • Welcome to Amigos Code tutorial
  • Goal: Build a full registration system
  • Topics covered:
    • Secure endpoints
    • Application user with roles
    • User registration with controllers and service
    • Verification links
    • Sending emails

User Registration Flow

  1. User wants to join the system
  2. User registers via endpoints
  3. Verification email is sent
  4. User verifies email
  5. User becomes an active application user with the role 'USER'

Demo Overview

  • Registration flow demo: registering a user named 'Bilal Ahmed'
  • Sending a confirmation email
  • Activating the account via email link
  • Logging in with the account
  • Observations on not configured paths
  • Source code available in the video description

Project Setup

  • Tools and technologies:
    • Spring Boot
    • Spring Security
    • Spring Data JPA
    • PostgreSQL
    • Lombok
    • Java Mail Sender
  • Steps to setup project with Spring Initializer
  • Dependencies required:
    • Lombok
    • Spring Web
    • Spring Security
    • Spring Data JPA
    • PostgreSQL Driver
    • Java Mail Sender

User Registration Implementation

  1. App User Entity
    • Fields: id, first name, last name, email, password, role, locked, enabled
    • Role Enum: USER and ADMIN
    • Lombok annotations for getters, setters, constructors
    • Indexed columns for user management
  2. Service Layer
    • AppUserService: Manages user operations
    • register method to save user to the database and send confirmation
  3. Repository Layer
    • AppUserRepository: Interface extending JpaRepository for user entity

Security Configuration

  • Configuring Web Security with Spring Security:
    • Custom WebSecurityConfig class
    • Disable CSRF temporarily
    • Permit all requests to registration path
    • Configure password encoding with BCryptPasswordEncoder
    • DAO Authentication Provider setup

Email Confirmation

  1. Confirmation Token Entity
    • Fields: id, token, createdAt, expiredAt, confirmedAt, appUser
  2. Confirmation Service and Repository
    • Methods to save and validate confirmation tokens
  3. Verifying Tokens
    • Confirm email endpoint using RegistrationController
    • Update app user if token is valid and within expiry
  4. Sending Emails
    • Email service setup with JavaMailSender
    • HTML email creation for verification
    • Sending emails asynchronously

Testing the System

  • Using Postman for API requests
  • Local Email server setup with MailDev for testing
  • Demo emails and activations
  • Confirm correct user states in PostgreSQL database

Advanced Considerations

  • Handling expired tokens and resending verification emails
  • Secure the email service with async operations
  • Store email logs for reporting and analysis
  • Potential enhancements:
    • Better exception handling
    • Unit testing and integration testing (covered in other courses)

Conclusion

  • Full walkthrough of building a secure registration system
  • Importance of security, validation, and transactions
  • Encouragement to explore more on Spring Security, databases, and testing
  • Invitation to provide feedback and suggestions for future tutorials

Full transcript