Subscription required

We're contionusly adding new episodes to IHP Casts. Continue your journey into real-world functional programming by subscribing to IHP Casts!

Watch all of IHP Casts for 10 € / Mo

IHP Casts is made by digitally induced, the company making IHP. By using a paid plan you're supporting our mission to drive the adoption of haskell in the software industry.

Episode completed

Next epsiode starting in 3 seconds

Published at


To confirm that a user can access the E-Mail that is provided, we need to send an E-Mail with a confirmation link to that E-Mail, which the user has to click. To create a Template for the Mail, we can use the Code Generator. After generating the Mail Template, we need to adjust the subject and the email of the sender, usually an email with your domain. We also need to change the recipients email to the email of the user. Also, let’s add the name of the user to the address name. Now, we need to adjust the mail’s content. Since this is an email for confirming your email address, we need some text explaining the mail and a link for confirmation. To make the confirmation work though, we need two things: a field for the verification status and a verification key. That key is needed to confirm the access to the provided email. To generate a verification key, we can use generateAuthenticationToken to generate a random token. Next, we need an action to verify a user with a token. This takes a token as a parameter and checks if a user with that verification key exists. If so, the user’s verification is set to true. If the verification has already been completed, we can set another success message for that. All that’s left is to add a link with the verification key to the action we just created. Now, you can use the verification status of the user to restrict certain actions. Let’s enforce email verification for post creation. For that, we just need to check the verification value of the user that is currently logged in. Now, users need to verify their E-Mail address to create a post on your website. Alternatively you could prevent the login altogether if the user hasn’t confirmed their email yet by adding a beforeLogin to the SessionsController config where we check if the user is confirmed.