Create an invitation signup for your SaaS

Using the Validator component of Symfony

Before launching our SaaS project, we’ve plan a closed beta for few selected users, to retrieve our first feedbacks.

We decide to allow new sign up with an invitation secret code.

The main idea was to generate secret code that will allow sign-up form validation and we doesn’t wan’t to manage the storage of those codes. At least, we should be able to identify already used code to avoid duplicate sign-up.

Our sign-up form

Validation is a very common task in web applications. Data entered in forms needs to be validated. Symfony provides a Validator component that makes this task easy and transparent: the Symfony Validator component.

Let’s create this two files required by the validator:

The SecretContraint.php file contain the two case that domain could meet.

Then the validator who have the “CouponCodeGenerator” service thanks to Symfony autowiring.
First step is to check if the value have the correct length to be a valid invitation code. Then, we ask to the secredCodeGenerator service if the code is valid, or not. And Finaly, we check if an user already have used this invitation code.

Pretty easy no? Now let see the CouponCodeGenerator code:

Invitation code generator

This service have one constant, it is the code length that we wan’t. Is our case, it’s about 10 characters.

The most important function of this service is the getSecretString(): It generate a very long string (called “secretString”).

To generate a code, it will extract from this string, a new code composed of CouponCodeGenerator::CODE_LENGTH characters from the “secretString”. 
This way, if the code could be found in the secretString, it mean that the code is valid.

To generate this string we use this line:

implode('', array_map('sha1', range(1, 20)))

Quickly, it generate an array of numbers that will be turned into sha1 to have an array of strings. Glue with nothing, it will generate a string that will be always the same.

The getCouponPossibility() return the number of possibility you will get. If you need to send some secret code, the generate() function will return you many codes as you need to.

Our administration tool with fake invitation code

The form validation directly manage form error and display an error message if there’s an issue:


This invitation workflow is great but after few weeks, we have replace it by a waiting list form to get users email.

Invitation requests are better!

🌶Quickly identify which of your web services are underperforming in terms of speed and availability with our detailed performance reports. 🔥