Issue 12689

post user registration behavior

12689
Reporter: mdoering
Assignee: cvizitiu
Type: Bug
Summary: post user registration behavior
Priority: Major
Resolution: WontFix
Status: Closed
Created: 2013-02-04 12:25:55.015
Updated: 2013-09-02 13:46:31.543
Resolved: 2013-02-19 15:01:49.085
        
Description: After registering a new user account the user should be redirected to his previous referer page (see POR-512).
Also the user needs to be logged in properly via CAS - that might be tricky to do?

]]>
    


Author: cvizitiu@gbif.org
Created: 2013-02-04 12:35:23.596
Updated: 2013-02-04 12:35:33.711
        
What do you mean by "register"? We have two stages of the registration process, when is a user registered?

1. Provide us the details and thus make the request

2. Confirm you're a real person by clicking on the link provided to the email you gave us.

It's only after step 2) that I consider a user to be registered. How should we do that? Store the initial requested URL in the registration request in Drupal? And once the user has confirmed the URL send him to that URL?

As for the logging in properly via CAS... can you please clarify? First login after registration or just ANY login?


    


Author: mdoering@gbif.org
Created: 2013-02-04 12:41:51.143
Updated: 2013-02-04 12:41:51.143
        
True, I forgot about that because we cannot test emailing right now (just with the gbif domain, but I only got one account).

So the redirection issue seems like an invalid one!
The CAS one I cant tell now cause I cannot try a new registration. Can we free the smtp limitation now and test it properly? mailinator.com is brilliant for such tests.

To summarize my expected behavior:

1) user enters details and submits them, a new thanks you page opens, he is still not logged in
2) click on email link activates the account and logs in the user? That wont work as CAS cannot be logged into via a simple link. So we need to activate the account and present the user with a login link instead
    


Author: cvizitiu@gbif.org
Created: 2013-02-04 12:56:21.259
Updated: 2013-02-04 12:56:21.259
        
First an observation: An underlying assumption of your (2) is that there should be no confirmation from the regular admin(s) for a user registration.

I'll have to dig into the option of activating an account directly from the email confirmation link. The way Drupal is designed is that user is sent to his page in order to fill in the password first... which in turn means he is already logged in. 
    


Author: mdoering@gbif.org
Comment: yes, we dont need to admin confirmation. And I was actually suspecting that Drupal logs you in automatically - but only within Drupal, not doing a single sign one which will cause us terrible problems!
Created: 2013-02-04 14:34:49.311
Updated: 2013-02-04 14:34:49.311


Author: cvizitiu@gbif.org
Created: 2013-02-06 21:49:45.617
Updated: 2013-02-06 21:49:45.617
        
I've had a look at some redirection modules but it seems as if CAS will not send back ALL the params in the URL. Even if it would, it will eventually help for regular login but registration seems to be limited.

Perhaps we can consider the option of adding an extra param to the random string used for registration confirmation via email? And write a module to act specifically on that, after the confirmation? Yet the confirmation step must be taken as one has to set the password.

I would also like to note that, since the CAPTCHA module seems to have some sort of conflict with CAS, leaving the registration "free" means robots can immediately create accounts.