wiki:AccountManagerPlugin/RegistrationInspector

Version 3 (modified by Steffen Hoffmann, 12 years ago) (diff)

start a list of available 3rd-party registration checks

New User Registration Process

Involved Modules

In recent development the following modules have been moved from web_ui to their own place: register, and the required component activation changed accordingly.

For AccountManager versions before acct_mgr-0.4 use the following setting instead of the settings mentioned later on:

[components]
acct_mgr.web_ui.RegistrationModule = enabled
acct_mgr.web_ui.EmailVerificationModule = enabled

RegistrationModule

Package
acct_mgr.register

Enables users to register a new account. It adds a “Register” link on the same menu bar as the “Login” link.

screenshot of registration page

Configuration

[components]
acct_mgr.register.RegistrationModule = enabled

Warning: You must enable one of the password storage modules for the Registration Module to work.

Note: You must not enable ignore_auth_case in trac.ini as otherwise this module won’t work. [Update: This doesn't apply to trunk branch anymore. Use a revision at changeset [9286] or later to lift this limitation.]

EmailVerificationModule

Package
acct_mgr.register

If you enable this, users will be sent an email with a verification code to enter, to approve it is really their own email address:

Configuration

[components]
acct_mgr.register.EmailVerificationModule = enabled
acct_mgr.notification.AccountChangeListener = enabled

Until they entered the verification code on the URL sent with the email, their permissions will be restricted (even if they have the TRAC_ADMIN privilege, they won't be able to access anything exceeding the standard privileges of authenticated users). Update: After changeset [9304] ACCTMGR_ADMIN (and TRAC_ADMIN, as it inherits it among all other privileges) won't be bothered with the verification procedure.

This has been added as a strict requirement now as suggested by ticket #5509 to trunk code with changeset [9277], but was not enforced before, so verification only happened, if an email had been specified on registration. In other words, if some user registered w/o specifying an email address, this was possible and an unrestricted account was created without requiring further actions.

Note that if you don't want to enforce entering a valid email on registration, you may want to disable this component. An option

[account-manager]
verify_email = false

for switching this off easily, to restore the old behavior of AccountManagerPlugin by default, is available since changeset [9304] as well.

As shown in the configuration above, you'll have to enable the accountchangelistener component as well. Without it, verification emails will be silently ignored (but the web-UI will still say they got sent!).

Registration Checks

Related external resources

There are some 3rd-party extensions to the registration module/process:

Related resources with different focus: