Medplum

Official

Overview Schema Related Servers Score Discussions

verifyemail.ts•2.48 kB

// SPDX-FileCopyrightText: Copyright Orangebot, Inc. and Medplum contributors // SPDX-License-Identifier: Apache-2.0 import type { WithId } from '@medplum/core'; import { allOk, badRequest, createReference, resolveId } from '@medplum/core'; import type { Reference, User, UserSecurityRequest } from '@medplum/fhirtypes'; import type { Request, Response } from 'express'; import { body } from 'express-validator'; import { sendOutcome } from '../fhir/outcomes'; import { getSystemRepo } from '../fhir/repo'; import { generateSecret } from '../oauth/keys'; import { timingSafeEqualStr } from '../oauth/utils'; import { makeValidationMiddleware } from '../util/validator'; export const verifyEmailValidator = makeValidationMiddleware([ body('id').isUUID().withMessage('Invalid request ID'), body('secret').notEmpty().withMessage('Missing secret'), ]); export async function verifyEmailHandler(req: Request, res: Response): Promise<void> { const systemRepo = getSystemRepo(); const pcr = await systemRepo.readResource<UserSecurityRequest>('UserSecurityRequest', req.body.id); if (pcr.type !== 'verify-email') { sendOutcome(res, badRequest('Invalid user security request type')); return; } if (pcr.used) { sendOutcome(res, badRequest('Already used')); return; } if (!timingSafeEqualStr(pcr.secret as string, req.body.secret)) { sendOutcome(res, badRequest('Incorrect secret')); return; } const user = await systemRepo.readReference(pcr.user as Reference<User>); await systemRepo.withTransaction(async () => { await systemRepo.updateResource<User>({ ...user, emailVerified: true }); await systemRepo.updateResource<UserSecurityRequest>({ ...pcr, used: true }); }); sendOutcome(res, allOk); } /** * Creates a "verify email" for the user. * Returns the URL to the email verification request. * @param user - The user to create the request for. * @param redirectUri - Optional URI for redirection to the client application. * @returns The URL to reset the password. */ export async function verifyEmail(user: User, redirectUri?: string): Promise<WithId<UserSecurityRequest>> { // Create the password change request const systemRepo = getSystemRepo(); return systemRepo.createResource<UserSecurityRequest>({ resourceType: 'UserSecurityRequest', meta: { project: resolveId(user.project) }, type: 'verify-email', user: createReference(user), secret: generateSecret(16), redirectUri, }); }

Latest Blog Posts

What Is Context Bloat in MCP?
By Om-Shree-0709 on December 16, 2025.
mcp
Context Bloat
MCP Moves to the Linux Foundation: Neutral Stewardship for Agentic Infrastructure
By Om-Shree-0709 on December 15, 2025.
mcp
anthropic
Linux Foundation
Code Execution with MCP: Architecting Agentic Efficiency
By Om-Shree-0709 on December 14, 2025.
mcp
Token bloat

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/medplum/medplum'

If you have feedback or need assistance with the MCP directory API, please join our Discord server