|Version 3 (modified by hasienda, 2 years ago) (diff)|
New User Registration Process
In recent development the following modules have been moved from web_ui to their own place: register, and the required component activation changed accordingly.
For AccountManager versions before acct_mgr-0.4 use the following setting instead of the settings mentioned later on:
[components] acct_mgr.web_ui.RegistrationModule = enabled acct_mgr.web_ui.EmailVerificationModule = enabled
Enables users to register a new account. It adds a “Register” link on the same menu bar as the “Login” link.
[components] acct_mgr.register.RegistrationModule = enabled
Warning: You must enable one of the password storage modules for the Registration Module to work.
Note: You must not enable ignore_auth_case in trac.ini as otherwise this module won’t work. [Update: This doesn't apply to trunk branch anymore. Use a revision at changeset  or later to lift this limitation.]
If you enable this, users will be sent an email with a verification code to enter, to approve it is really their own email address:
[components] acct_mgr.register.EmailVerificationModule = enabled acct_mgr.notification.AccountChangeListener = enabled
Until they entered the verification code on the URL sent with the email, their permissions will be restricted (even if they have the TRAC_ADMIN privilege, they won't be able to access anything exceeding the standard privileges of authenticated users). Update: After changeset  ACCTMGR_ADMIN (and TRAC_ADMIN, as it inherits it among all other privileges) won't be bothered with the verification procedure.
This has been added as a strict requirement now as suggested by ticket #5509 to trunk code with changeset , but was not enforced before, so verification only happened, if an email had been specified on registration. In other words, if some user registered w/o specifying an email address, this was possible and an unrestricted account was created without requiring further actions.
Note that if you don't want to enforce entering a valid email on registration, you may want to disable this component. An option
[account-manager] verify_email = false
As shown in the configuration above, you'll have to enable the accountchangelistener component as well. Without it, verification emails will be silently ignored (but the web-UI will still say they got sent!).
Related external resources
There are some 3rd-party extensions to the registration module/process:
- GlobalRegisterPlugin - no check, just adds a hint about user store being shared for all Trac environments at the same host
- RecaptchaRegisterPlugin - reCAPTCHA support for the registration page
- SimpleCaptchaPlugin - captcha driven by Skimpy Gimpy (uses an alternative extension point interface)
- TracCaptchaPlugin - modular reCAPTCHA support, not only for the registration page
Related resources with different focus: