Users should be allowed to register on their own
User should be allowed to self register a new user. Here is the expected workflow:
1.) User clicks on "create new user" and is pointed to a website where he can enter all the required user data (something like the existing user create view but without role permission, enabled and authToken entries).
2.) After entering all user details a new user profile should be created in the database with the "enabled" flag set to false.
3.) A confimation mail is then sent to the mail address of the new user
4.) The mail contains a special url that is basically used as confirmation for the correctness of the mail address.
5.) Opening this url in a web browser activates the user profile by setting the enabled flag to true.
6.) The user can then use the profile though he is not yet assigned any specific roles (this should still be done manually by admins)
Blueprint information
- Status:
- Not started
- Approver:
- Carsten Block
- Priority:
- Low
- Drafter:
- Carsten Block
- Direction:
- Needs approval
- Assignee:
- None
- Definition:
- Approved
- Series goal:
- None
- Implementation:
-
Not started
- Milestone target:
- None
- Started by
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
for generating the confirmation url we can use the already existing and automatically generated authToken stored in each user record.
The url can then look somehow like this: http://
This requires only a new "activate" closure in the existing user controller that basically...
(i) checks that the authToken corresponds to the user id
(ii) sets user.enabled=true
(iii) generates a new authToken in order to avoid a "replay attack" where an admin deactivates the profile eventually and the user just reactivates it using the above url again
