Pre-registering users

[Horst Horst]

I'd like to implement a feature similar to sharing Google docs or Dropbox: If you share something with a non-registered user, he gets a notification email, but once he signed up, the permissions are already in place.

Programmatically registering users should be no problem, but how can I show the registration form on their first visit, and have it not complain about the email being already present?

[Jim S]

I would play around with this:

auth.settings.register_next

First off, I wouldn't 'pre-register' my users.  Rather, I would put their email address in a table and have it sit there until they register.  In the controller pointed to by the statement above I'd then check to see if the email for the new registration was in the table.  If so, setup the required permissions then.  Once that controller is done, redirect them where they need to go.

...just my thoughts on your issue.

-Jim

[Horst Horst]

I'd prefer to use the auth tables which are already in place, because eventually not only permissions, but also group membership of the invited user should be pre-arranged depending on the permissions and memberships of the inviting user.

It seems rather simple to me: Instead of creating a new user, the existing placeholder user (who has only the email address field filled in) would be updated on registration.

[Jim Steil]

I'm in agreement that you should use the web2py auth tables.  What I was suggesting is the you don't 'pre-register' the user in the auth tables until they actually sign in and create their account.  After the user actually registers, intercept the next page they are going to and setup the permissions then based on the email that you cached in a table when the initial notification came out.

Does that make any sense, or am I misunderstanding or not articulating my point well enough?

-Jim

--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to a topic in the Google Groups "web2py-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/da8gqfLFoYU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to web2py+un...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Massimo Di Pierro]

One way is to create accounts in auth.auth_user and the call

for user in newly_registered_users:

     auth.messages.reset_password = "I have shared a document with you click on the link %(link)s to reset your password, your document is ..... bla bla bla"

     auth.email_reset_password(user)

[Horst Horst]

Thanks, Massimo, what I ended up doing so far is:

 1. Pre-registering users with register_bare(), using a random password and an empty user name

 2. Sending out a password reset mail like you wrote

 3. After the user changed the password, on the subsequent call of index(), having the app check whether the user name is empty and redirect to user/profile

This works, but the user experience for new users is less than ideal, as they get to see two forms in a row. In addition, the reset_password form lacks the nice password strength coloring feature - and the new users choose their first password here. 

Do you see a way to present them with the actual register form or an equivalent single form?

[Massimo Di Pierro]

Please open a ticket:

- the reset password should display password strenght

- there should be an option to automatically login after reset password.

[Horst Horst]

I've opened a ticket for the password strength issue, but I don't get the second part: Users *are* already logged in after they clicked on "Request Reset Password".

What I'd wish for is something like a function 

  auth.email_complete_registration(user)

or perhaps

  auth.email_reset_password(user, updateProfile=True)

which presents a user with the full registration form after clicking the link, including the password fields.

Unless there's a better way to achieve this, shall I open an enhancement request?

[Massimo Di Pierro]

I do not think it can work that way. It has to be token based (a url uuid?) that allows a pre-registered user to complete registration without ability to change email.