Table of Contents | ||||
---|---|---|---|---|
|
Design
...
How it works
Sign up page composition
Title of the page : “Sign up”
Introductory text : “
Sign up Form
...
Firstname field*
Lastname field *
Email field *
Plus a tooltip : “Your email will not be shared”
Password Field *
Plus a tooltip a tooltip : “At least 8 characters, including 1 number, 1 capital letter and 1 punctuation mark.”
Company
Terms of use Checkbox*
Sign up button
I already have an account link that redirect user to the login page
*Mandatory fields
...
Sign up
...
process
When users clicks on the sign up button after filling the sign up form :
A popin message appear to confirm the registration is made with successAn email is sent to all administrators to let them know a user is requesting accessconfirmation message display
The user for whom the sign up request was made receives an email informing him that he must validate his email address to confirm his account creation request. At this stage the user appears is not visible in the list of users to be approved by administrators in the administration interface, but in an inactive status.When the user's email is confirmed, the user to be approved becomes active in the administration interfacethe backoffice.
As soon as the user confirmed his email, the pending account display in administrators’s dashboards in the backoffice.
A confirmation email is sent to the user to let him know his account request is pending validation.
Administrators can approve the account or not.
As soon as the user awaiting validation account is validated approved by an administrator (from the back office), then the user's account becomes active, and he the user receives a confirmation by email.
...
I already have an account link :
signup.signupForm.cancelButton
(i18n)Sign up button :
signup.signupForm.inscriptionButton
(i18n)Sign up title :
page.title.signup
(i18n)Introductory text :
signup.description
(i18n)
Migration from a pre-2022.1
The issue :
Info |
---|
The process of creating a new user has been revised in 2022.1 sends to new users an email asking them to validate their account. When the user clicks on the button to validate their account the /verify action ends in error 500 with the following exception: |
Code Block |
---|
LOGGER:applicatif
Class: java.lang.RuntimeException Msg: java.lang.RuntimeException: noheto.BusinessException: You do not have the right to create an authority of this object: user.
source: website
remoteaddr: 52.47.89.117
uri: /api/packaged/register/verify/pX1sSnSb31qaQF1w1CC3pnNGALmkdCAjtF7-tt67ieRJTnDS8SJGSyfimxdsmP4jecoPTM6ue6A
referer: -
user_agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:96.0) Gecko/20100101 Firefox/96.0
-------------
Throwable information:
Class: java.lang.RuntimeException Msg: java.lang.RuntimeException: noheto.BusinessException: You do not have the right to create an authority of this object: user.
noheto.workflow.standard.Workflow.doAction(Workflow.java:346)
noheto.workflow.standard.Workflow.execute(Workflow.java:231)
wsnoheto.engine.ObjectWritable.processWorkflowAction(ObjectWritable.java:3518)
wsnoheto.engine.ObjectWritable.processWorkflowAction(ObjectWritable.java:3472) |
Explanation : when the systems sends an email to validate the email address, the link that is provided executes an action on the temporary
Status | ||
---|---|---|
|
In previous versions, the validate action was creating a user, and when the application is correctly secured, a non connected surfer is not allowed to create a user.
The purpose of the action should be to validate the email address entered and thus allow the administrators to approve the creation of the final account.
How to solve :
Create a new step in the workflow of the userregistration object: unverified email
Add a verify action from unverified email to inactive
Inactive status must be published true
Change the default status of userregistration to have the ID of unverified email
Change the activated value of userregistration to 2
Set the validate_email_workflow_action of the PACKAGED_RegistrationEmails to verify
In starter-kit, we have chosen not to go through the workflow to approve the creation of an account: by going through the workflow, it is not possible to send the user back to the account finally created. So we have a button that appears in the toolbar if enable_create_account_from_request is set to true. To keep your existing operation, you'll have to set this parameter to false (to not have the button)
Some notes:
By creating a new status and setting the default value of status, non-validated accounts created before the update can still be approved even if they haven't validated their email address (as before). The following ones on the other hand will have to go through this address.
You will have to customize the email template, but... it's documented → https://crossmedia.atlassian.net/wiki/spaces/WD/pages/2160427009/UI+configuration+checklist#Registration-related
Depending on how the account creation trigger is written (validate in your workflow), you may be able to name the action that changes from unverified email to inactive validate → advantage, no need to change the default value of validate_email_workflow_action (a rather limited advantage, I agree)
you can prevent admins to see userregistration with unverified email status → avoid creating accounts with unvalidated email