Version 3 (modified by 12 years ago) (diff) | ,
---|
New User Registration Process
Involved Modules
In recent development the following modules have been moved from web_ui
to their own place: register
, and the required component activation changed accordingly.
For AccountManager versions before acct_mgr-0.4
use the following setting instead of the settings mentioned later on:
[components] acct_mgr.web_ui.RegistrationModule = enabled acct_mgr.web_ui.EmailVerificationModule = enabled
RegistrationModule
- Package
- acct_mgr.register
Enables users to register a new account. It adds a “Register” link on the same menu bar as the “Login” link.
Configuration
[components] acct_mgr.register.RegistrationModule = enabled
Warning: You must enable one of the password storage modules for the Registration Module to work.
Note: You must not enable ignore_auth_case
in trac.ini
as otherwise this module won’t work. [Update: This doesn't apply to trunk
branch anymore. Use a revision at changeset [9286] or later to lift this limitation.]
EmailVerificationModule
- Package
- acct_mgr.register
If you enable this, users will be sent an email with a verification code to enter, to approve it is really their own email address:
Configuration
[components] acct_mgr.register.EmailVerificationModule = enabled acct_mgr.notification.AccountChangeListener = enabled
Until they entered the verification code on the URL sent with the email, their permissions will be restricted (even if they have the TRAC_ADMIN privilege, they won't be able to access anything exceeding the standard privileges of authenticated users). Update: After changeset [9304] ACCTMGR_ADMIN (and TRAC_ADMIN, as it inherits it among all other privileges) won't be bothered with the verification procedure.
This has been added as a strict requirement now as suggested by ticket #5509 to trunk
code with changeset [9277], but was not enforced before, so verification only happened, if an email had been specified on registration. In other words, if some user registered w/o specifying an email address, this was possible and an unrestricted account was created without requiring further actions.
Note that if you don't want to enforce entering a valid email on registration, you may want to disable this component. An option
[account-manager] verify_email = false
for switching this off easily, to restore the old behavior of AccountManagerPlugin by default, is available since changeset [9304] as well.
As shown in the configuration above, you'll have to enable the accountchangelistener component as well. Without it, verification emails will be silently ignored (but the web-UI will still say they got sent!).
Registration Checks
Related external resources
There are some 3rd-party extensions to the registration module/process:
- GlobalRegisterPlugin - no check, just adds a hint about user store being shared for all Trac environments at the same host
- RecaptchaRegisterPlugin - reCAPTCHA support for the registration page
- SimpleCaptchaPlugin - captcha driven by Skimpy Gimpy (uses an alternative extension point interface)
- TracCaptchaPlugin - modular reCAPTCHA support, not only for the registration page
Related resources with different focus:
- MathCaptchaPlugin - only for ticket edits and new ticket submission
- TracRecaptchaPlugin? - old (obsolete?) reCAPTCHA support, only for tickets