diff --git a/_includes/parse-server/compatibility.md b/_includes/parse-server/compatibility.md index cf188bed7..ea92a3d8c 100644 --- a/_includes/parse-server/compatibility.md +++ b/_includes/parse-server/compatibility.md @@ -181,4 +181,78 @@ Facebook, Twitter, and Anonymous logins are supported out of the box. Support fo ## Welcome Emails and Email Verification -This is not supported out of the box. But, you can use a `beforeSave` to send out emails using a provider like Mailgun and add logic for verification. [Subscribe to this issue](https://github.com/parse-community/parse-server/issues/275) to be notified if email verification support is added to Parse Server. +Verifying user email addresses and enabling password reset via email requires an email adapter. As part of the `parse-server` package we provide an adapter for sending email through Mailgun. To use it, sign up for Mailgun, and add this to your initialization code: + +```js +var server = ParseServer({ + ...otherOptions, + // Enable email verification + verifyUserEmails: true, + + // if `verifyUserEmails` is `true` and + // if `emailVerifyTokenValidityDuration` is `undefined` then + // email verify token never expires + // else + // email verify token expires after `emailVerifyTokenValidityDuration` + // + // `emailVerifyTokenValidityDuration` defaults to `undefined` + // + // email verify token below expires in 2 hours (= 2 * 60 * 60 == 7200 seconds) + emailVerifyTokenValidityDuration: 2 * 60 * 60, // in seconds (2 hours = 7200 seconds) + + // set preventLoginWithUnverifiedEmail to false to allow user to login without verifying their email + // set preventLoginWithUnverifiedEmail to true to prevent user from login if their email is not verified + preventLoginWithUnverifiedEmail: false, // defaults to false + + // The public URL of your app. + // This will appear in the link that is used to verify email addresses and reset passwords. + // Set the mount path as it is in serverURL + publicServerURL: 'https://example.com/parse', + // Your apps name. This will appear in the subject and body of the emails that are sent. + appName: 'Parse App', + // The email adapter + emailAdapter: { + module: '@parse/simple-mailgun-adapter', + options: { + // The address that your emails come from + fromAddress: 'parse@example.com', + // Your domain from mailgun.com + domain: 'example.com', + // Your API key from mailgun.com + apiKey: 'key-mykey', + } + }, + + // account lockout policy setting (OPTIONAL) - defaults to undefined + // if the account lockout policy is set and there are more than `threshold` number of failed login attempts then the `login` api call returns error code `Parse.Error.OBJECT_NOT_FOUND` with error message `Your account is locked due to multiple failed login attempts. Please try again after minute(s)`. After `duration` minutes of no login attempts, the application will allow the user to try login again. + accountLockout: { + duration: 5, // duration policy setting determines the number of minutes that a locked-out account remains locked out before automatically becoming unlocked. Set it to a value greater than 0 and less than 100000. + threshold: 3, // threshold policy setting determines the number of failed sign-in attempts that will cause a user account to be locked. Set it to an integer value greater than 0 and less than 1000. + }, + // optional settings to enforce password policies + passwordPolicy: { + // Two optional settings to enforce strong passwords. Either one or both can be specified. + // If both are specified, both checks must pass to accept the password + // 1. a RegExp object or a regex string representing the pattern to enforce + validatorPattern: /^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.{8,})/, // enforce password with at least 8 char with at least 1 lower case, 1 upper case and 1 digit + // 2. a callback function to be invoked to validate the password + validatorCallback: (password) => { return validatePassword(password) }, + doNotAllowUsername: true, // optional setting to disallow username in passwords + maxPasswordAge: 90, // optional setting in days for password expiry. Login fails if user does not reset the password within this period after signup/last reset. + maxPasswordHistory: 5, // optional setting to prevent reuse of previous n passwords. Maximum value that can be specified is 20. Not specifying it or specifying 0 will not enforce history. + //optional setting to set a validity duration for password reset links (in seconds) + resetTokenValidityDuration: 24*60*60, // expire after 24 hours + } +}); +``` + +You can also use other email adapters contributed by the community such as: +- [parse-server-postmark-adapter](https://www.npmjs.com/package/parse-server-postmark-adapter) +- [parse-server-sendgrid-adapter](https://www.npmjs.com/package/parse-server-sendgrid-adapter) +- [parse-server-mandrill-adapter](https://www.npmjs.com/package/parse-server-mandrill-adapter) +- [parse-server-simple-ses-adapter](https://www.npmjs.com/package/parse-server-simple-ses-adapter) +- [parse-server-mailgun-adapter-template](https://www.npmjs.com/package/parse-server-mailgun-adapter-template) +- [parse-server-sendinblue-adapter](https://www.npmjs.com/package/parse-server-sendinblue-adapter) +- [parse-server-mailjet-adapter](https://www.npmjs.com/package/parse-server-mailjet-adapter) +- [simple-parse-smtp-adapter](https://www.npmjs.com/package/simple-parse-smtp-adapter) +- [parse-server-generic-email-adapter](https://www.npmjs.com/package/parse-server-generic-email-adapter)