You have been redirected from an outdated version of the article. Below is the content available on this topic. To view the old article click here.

Self Registration

This section describes how to configure double opt-in self-registration for new users in structr.conf.

You can define custom properties to be set on the newly created user at creation time included in the POST request. This only works with the following setting in structr.conf: JsonRestServlet.user.autocreate = true

Registration.customUserAttributes = eMail

Note: The eMail attribute is mandatory and necessary to send out e-mails. It will always be included, so removing it here has no effect. It’s a generally a bad idea to include security-relevant attributes here as they can be set from an unauthenticated, unauthorized source. If unsure or you don’t know what that means, set only eMail.

To allow users to login even before the opt-in confirmation was received, set the following parameter to true. This is typically done when your login workflow allows registering users to set an inital password on the registration page.

Registration.allowLoginBeforeConfirmation = false

You can define a custom class to be created for new users upon registration:

Registration.customUserClass = User

Search results for "Self Registration"

JsonRestServlet

jsonrestservlet.defaultview Default view to use when no view is given in the URL.
jsonrestservlet.outputdepth Maximum nesting depth of JSON output.
jsonrestservlet.user.class User class that is instantiated when new users are created via the servlet.
jsonrestservlet.user.autologin Only works in conjunction with the jsonrestservlet.user.autocreate key. Will log in user after self registration.
jsonrestservlet.user.autocreate Enable this to support user self registration.

User Self Registration

jsonrestservlet.user.autocreate Enable this to support user self registration.
registration.customuserclass Specifies a special user class to be used when creating new users.
registration.allowloginbeforeconfirmation Enables self-registered users to login without clicking the activation link in the registration email.
registration.customeruserattributes Attributes the registering user is allowed to provide. All other attributes are discarded. (eMail is always allowed. It will always be included, so removing it here has no effect. It’s a generally a bad idea to include security-relevant attributes here as they can be set from an unauthenticated, unauthorized source. If unsure or you don’t know what that means, set only eMail.)

Confirmation Key Validity

confirmationkey.passwordreset.validityperiod Validity period (in minutes) of the confirmation key generated when a user resets his password. Default is 30.
confirmationkey.registration.validityperiod Validity period (in minutes) of the confirmation key generated during self registration. Default is 2 days (2880 minutes).
confirmationkey.validwithouttimestamp How to interpret confirmation keys without a timestamp.