0
0
Flaskframework~10 mins

Email verification pattern in Flask - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Concept Flow - Email verification pattern
User registers with email
Generate unique token
Send email with verification link
User clicks link
Verify token validity
Activate user
Done
This flow shows how a user registers, receives a verification email, clicks the link, and the system verifies the token to activate the account.
Execution Sample
Flask
from flask import Flask, request, redirect
from itsdangerous import URLSafeTimedSerializer

app = Flask(__name__)
serializer = URLSafeTimedSerializer('secret-key')

@app.route('/verify/<token>')
def verify_email(token):
    try:
        email = serializer.loads(token, max_age=3600)
        # Activate user here
        return 'Email verified for ' + email
    except Exception:
        return 'Invalid or expired token'
This Flask route verifies the email token from the URL, activates the user if valid, or shows an error if invalid.
Execution Table
StepActionInput/StateResultNext Step
1User registersUser email: user@example.comGenerate token for user@example.comSend verification email
2Send emailToken embedded in linkEmail sent with link /verify/<token>User clicks link
3User clicks linkToken received in URLCall verify_email(token)Try to decode token
4Decode tokenToken valid and not expiredExtract email user@example.comActivate user
5Activate userEmail extractedUser marked as verifiedReturn success message
6Return responseUser verifiedShow 'Email verified for user@example.com'End
7If token invalidToken invalid or expiredCatch exceptionReturn error message
8Return errorInvalid tokenShow 'Invalid or expired token'End
💡 Execution stops after returning success or error message based on token validity.
Variable Tracker
VariableStartAfter Step 1After Step 3After Step 4Final
emailNoneuser@example.comuser@example.com (from token)user@example.comuser@example.com
tokenNonetoken string generatedtoken string receivedtoken string decodedtoken string decoded
user_verifiedFalseFalseFalseTrueTrue
Key Moments - 3 Insights
Why do we need to check token expiration?
Because the token might be old or reused. Step 4 in the execution_table shows token decoding with max_age=3600 seconds to ensure it is still valid.
What happens if the token is invalid or tampered?
Step 7 shows catching an exception when decoding fails, leading to an error message in Step 8. This prevents unauthorized activation.
How does the system know which user to activate?
The token encodes the user's email (Step 4). After decoding, the email identifies the user to activate in Step 5.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution_table, what is the result at Step 4 when the token is valid?
AShow error message
BExtract email user@example.com
CGenerate token
DSend verification email
💡 Hint
Check the 'Result' column in Step 4 of the execution_table.
At which step does the system mark the user as verified?
AStep 7
BStep 3
CStep 5
DStep 2
💡 Hint
Look for 'Activate user' action in the execution_table.
If the token expires after 1 hour, what happens at Step 4?
AException is raised and caught
BUser is activated anyway
CToken is decoded successfully
DEmail is sent again
💡 Hint
Refer to the 'Try to decode token' and exception handling in Steps 4 and 7.
Concept Snapshot
Email verification pattern in Flask:
- User registers with email
- Generate unique token with expiration
- Send email with verification link
- User clicks link, token decoded
- If valid, activate user
- If invalid/expired, show error
Use itsdangerous for secure tokens.
Full Transcript
This example shows how Flask handles email verification. When a user registers, the system creates a unique token encoding their email with a time limit. It sends an email containing a link with this token. When the user clicks the link, Flask receives the token and tries to decode it. If the token is valid and not expired, the system activates the user's account and shows a success message. If the token is invalid or expired, it shows an error message. This protects against fake or old verification attempts and ensures only the rightful user can activate their account.