Magic link or story about how we simplified the life of the user
In the article I will share my personal experience in developing and implementing “magic links”. Let me tell you why they are needed in our project, how they function and at the end even burst into tears over the fact that the lack of such functionality in large systems I use makes me angry to tear my hair out.
The code will be only in one place, since The main purpose of the article is to tell about the idea itself, and not to show how beautiful the code is.
Sometimes, reading and studying someone else's experience is much easier than spending hours trying to wrestle yourself and your fellow practitioners in implementing a new “unique” functionality. Unique in our time rarely meet. Often, any functionality has already been used by someone, and you, the button, it remains only to integrate it into your work area.
')
In the project I'm working on, any user can go in to ask a lawyer a question. This is his main task, which I will consider in the article.
Coming to our platform, the user needs only one thing - help. He does not want to register and then log in only to ask a question. He needs an answer here and now.
Initially, we could not ask a question without being logged in. Users have no complaints about this. In the registration form, enter the box and password was not a problem. Initially, lawyers reacted slowly, because There were not many questions, so the client even managed to forget that he had such a question. Having received the answer in the system and a notification to his email, it was time for the client to find out what the lawyer wrote there. And here comes the collapse: most users have not mastered the authorization, because trite password forgotten. And it’s not that we didn’t have a password recovery form, but it didn’t help much. We began to lose customers ...
Decided that we can open the possibility of creating a question for the guests. The client in the form of creating an entity additionally enters the mailbox and that's it. No registration step. The client wanted to ask a question - he asked it.
The lawyer, taking the question asked by the guest into the work,gives an open and extensive answer taking into account all the cases ... ahem ... writes a couple of lines of clever words and that's it - the answer is given.
The system sends the client a notification that his question has been answered. But in the letter a certain link appears - the magic link, when you click on it, the user is authorized and with a satisfied person he appears on the page of his question. Everything.
Here and the fairy tale is over, and who listened well.
Now I will talk about the technical side of this “progress”.
The project consists of 2 parts: front and back. A service was developed on the back-end, which is responsible for the operation of the magic link system.
Initially, the system generates a random set of 6 characters (letters + numbers) - hash, which saves to the base. The hash is, of course, checked for uniqueness.
Each hash has its time of life, which depends on the role of the user for whom it is generated (since later such references began to come to lawyers who have a memory for passwords still full of holes) and the type of operation that resulted in it being generated ( answer to the question, question creation, comment, etc.). We have about 14,000 users in our database, i.e. little and 6-character hash, as practice shows, as long as it behaves itself quite adequately. Hashes that have expired are deleted. We decided that 6 characters is an ideal option for memorizing or self-entering in the address bar, which, by the way, looks very nice - / hash / haSH12.
Each hash is associated with the user for which it is generated. It is also bound to the entity (ID + type), the operation on which caused the generation of hash.
Going over the magic link, the front sends to the back-hash and waits in the reply for instructions on what to do next. If the hash is valid, the user is authorized and then redirected to a detailed view of the entity. If the hash is not valid - the front asks the user to log in.
With the development of the platform, the requirement has arrived that, in the case of a commenting operation, the user, moving along the hash, should scroll to a new comment. Thus, the hash received an additional setting, which we called the “location” and in which we store the route of the front with additional parameters (in this case, the comment ID) to which the user redirects after authorization.
The next development of the platform required the ability to perform a number of operations before the user is authorized. For example, verify a profile or start some kind of deadline timer to answer a question. This gave the hash a setting called alias. The system for processing hashes, finding the desired hash in the database, looks for the presence of an alias — the usual string that stores a text constant. If there is an alias, the system calls the method, in which the necessary operations are performed before the user is authorized
This hash management system has proven itself so well that we have extended it to access files. The situation is simple: the client loads the file in question, the back-up keeps it somewhere in the dark depths of the server, but users (that client, that lawyer) see the beautiful link / storage / hash12 / some_CODE. The system for managing file hashes when loading a file immediately generates a pair of hash code and additionally binds a path to the file to them and stores all this in the database.
We plan to integrate the code for the magic link as well, in order to use it for two-factor authorization in the future. The user, going through the magic link, will receive a code on the phone and enter it in the form proposed by the front.
This system allowed us to configure convenient and flexible user access to the system. Analyzing the situation, we understand that errors with incorrect password entry and the number of letters with a password reminder almost disappeared. We can change the lifetime of each hash separately or generate it for some individual user upon his request.
And in the end I cry. I burst into tears from the fact that sites / platforms that sometimes use such a system are not used or a string of 40 characters is used as a hash, since Sometimes there is a need not to follow the link from the letter, but enter it manually in the address bar. Although, I don’t deny that with the growth of our project sometime we will come to the length of such a hash ...
Thanks for attention.
PS I remind you that this is a personal experience and I leave my pebble in a large garden of information.
The code will be only in one place, since The main purpose of the article is to tell about the idea itself, and not to show how beautiful the code is.
Intro blah bla bla
Sometimes, reading and studying someone else's experience is much easier than spending hours trying to wrestle yourself and your fellow practitioners in implementing a new “unique” functionality. Unique in our time rarely meet. Often, any functionality has already been used by someone, and you, the button, it remains only to integrate it into your work area.
')
In the project I'm working on, any user can go in to ask a lawyer a question. This is his main task, which I will consider in the article.
What is my password?
Coming to our platform, the user needs only one thing - help. He does not want to register and then log in only to ask a question. He needs an answer here and now.
Initially, we could not ask a question without being logged in. Users have no complaints about this. In the registration form, enter the box and password was not a problem. Initially, lawyers reacted slowly, because There were not many questions, so the client even managed to forget that he had such a question. Having received the answer in the system and a notification to his email, it was time for the client to find out what the lawyer wrote there. And here comes the collapse: most users have not mastered the authorization, because trite password forgotten. And it’s not that we didn’t have a password recovery form, but it didn’t help much. We began to lose customers ...
I just want to ask a question
Decided that we can open the possibility of creating a question for the guests. The client in the form of creating an entity additionally enters the mailbox and that's it. No registration step. The client wanted to ask a question - he asked it.
The lawyer, taking the question asked by the guest into the work,
nashproekt.kom alahomora!
The system sends the client a notification that his question has been answered. But in the letter a certain link appears - the magic link, when you click on it, the user is authorized and with a satisfied person he appears on the page of his question. Everything.
Here and the fairy tale is over, and who listened well.
Now I will talk about the technical side of this “progress”.
I washed down the hash
The project consists of 2 parts: front and back. A service was developed on the back-end, which is responsible for the operation of the magic link system.
Initially, the system generates a random set of 6 characters (letters + numbers) - hash, which saves to the base. The hash is, of course, checked for uniqueness.
Each hash has its time of life, which depends on the role of the user for whom it is generated (since later such references began to come to lawyers who have a memory for passwords still full of holes) and the type of operation that resulted in it being generated ( answer to the question, question creation, comment, etc.). We have about 14,000 users in our database, i.e. little and 6-character hash, as practice shows, as long as it behaves itself quite adequately. Hashes that have expired are deleted. We decided that 6 characters is an ideal option for memorizing or self-entering in the address bar, which, by the way, looks very nice - / hash / haSH12.
Each hash is associated with the user for which it is generated. It is also bound to the entity (ID + type), the operation on which caused the generation of hash.
Going over the magic link, the front sends to the back-hash and waits in the reply for instructions on what to do next. If the hash is valid, the user is authorized and then redirected to a detailed view of the entity. If the hash is not valid - the front asks the user to log in.
With the development of the platform, the requirement has arrived that, in the case of a commenting operation, the user, moving along the hash, should scroll to a new comment. Thus, the hash received an additional setting, which we called the “location” and in which we store the route of the front with additional parameters (in this case, the comment ID) to which the user redirects after authorization.
The next development of the platform required the ability to perform a number of operations before the user is authorized. For example, verify a profile or start some kind of deadline timer to answer a question. This gave the hash a setting called alias. The system for processing hashes, finding the desired hash in the database, looks for the presence of an alias — the usual string that stores a text constant. If there is an alias, the system calls the method, in which the necessary operations are performed before the user is authorized
public function executeAlias() { if(!$this->hash->alias){ return $this; } //camelCase alias $aliasMethod = Str::camel($this->hash->alias); if(!method_exists($this, $aliasMethod)){ return $this; } return $this->{$aliasMethod}(); } This hash management system has proven itself so well that we have extended it to access files. The situation is simple: the client loads the file in question, the back-up keeps it somewhere in the dark depths of the server, but users (that client, that lawyer) see the beautiful link / storage / hash12 / some_CODE. The system for managing file hashes when loading a file immediately generates a pair of hash code and additionally binds a path to the file to them and stores all this in the database.
We plan to integrate the code for the magic link as well, in order to use it for two-factor authorization in the future. The user, going through the magic link, will receive a code on the phone and enter it in the form proposed by the front.
This system allowed us to configure convenient and flexible user access to the system. Analyzing the situation, we understand that errors with incorrect password entry and the number of letters with a password reminder almost disappeared. We can change the lifetime of each hash separately or generate it for some individual user upon his request.
Plak, poster
And in the end I cry. I burst into tears from the fact that sites / platforms that sometimes use such a system are not used or a string of 40 characters is used as a hash, since Sometimes there is a need not to follow the link from the letter, but enter it manually in the address bar. Although, I don’t deny that with the growth of our project sometime we will come to the length of such a hash ...
Thanks for attention.
PS I remind you that this is a personal experience and I leave my pebble in a large garden of information.
Source: https://habr.com/ru/post/358874/
All Articles