Update use case 'self registration': Add form 'registration'. Check that all forms are running: ok

91a2ff7d · Carsten Rose · 272f37e2 · 91a2ff7d
Commit 91a2ff7d authored 3 years ago by Carsten Rose
--- a/Documentation/UseCase.rst
+++ b/Documentation/UseCase.rst
@@ -50,28 +50,37 @@ Self Registration

 Concept:

+Remark: The FE User record will be created on the fly in the last step, when the user set's the password.
+
+* Form 'Registration'
+
+  * Input: last name, first name, email
+  * Create record in table `Person`, if no name or email sibling is found. Else offer a password reset link.
+  * Create a new ``Person.auth`` token.
+  * Set ``Person.authExpired = NOW() + INTERVAL 4 DAY``.
+  * Send an email to the given email address with a password reset URL (incl. a token) which is time limited.
+  * Further steps: See 'Set password'
+
 * Form 'Request password reset link'

+  * This is optional, but very useful to offer the opportunity to reset the own password.
  * Input: email address.
-  * Send a mail to the given email address with a password reset URL (incl. a token) which is time limited.
+  * Send an email to the given email address with a password reset link (incl. a token) which is time limited.

-    * Only send mail if the mail address is known!
+    * Only send email if the email address is known!
    * If email is not found, the user should not be noticed.
    * Create a new ``Person.auth`` token.
    * Set ``Person.authExpired = NOW() + INTERVAL 4 DAY``.

-* When the user opens the URL, the form 'Set password' is shown.
+* Form 'Set password'

  * The user types in the new password.
-  * On Save:
+  * On save:

    * If the FE account does not exist, it will be created.
    * Set the FE user password.
    * Clear ``Person.authExpired``.

-Request password reset link
-^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
 Table: Person
 """""""""""""

@@ -87,10 +96,106 @@ Person::
      `authExpire` datetime NOT NULL,
    ) ENGINE=InnoDB DEFAULT CHARSET=utf8 PACK_KEYS=1;

+Registration
+^^^^^^^^^^^^
+
+Page: Registration
+""""""""""""""""""
+
+* Page Alias: registration
+
+QFQ content record::
+
+    #
+    # {{action:SE}}: thanksRegistration
+    #
+
+
+    form={{SELECT IF('{{action:SE}}' = '','registration','') }}
+
+    20.sql = SELECT "<p>Thank you for your registration.</p><p>An email with further instructions has been sent to you.</p>"
+                    , "<p>You should receive the mail during the next 5 minutes. If not, please check your SPAM folder.</p>"
+
+                FROM (SELECT '') AS fake
+                WHERE '{{action:SE}}' = 'thanksRegistration'
+                  AND '{{form:SE}}'=''
+
+
+Form: registration
+""""""""""""""""""
+
+Form 'registration'::
+
+    {
+        "title": "Registration",
+        "tableName": "Person",
+        "permitNew": "always",
+        "permitEdit": "never",
+        "showButton": "close,save",
+        "forwardMode": "url-sip-skip-history",
+        "forwardPage": "?id=registration&action=thanksRegistration",
+        "parameter": "submitButtonText=Register",
+        "FormElement_ff": [
+            {
+                "enabled": "yes",
+                "name": "firstName",
+                "label": "First name",
+                "mode": "required",
+                "type": "text"
+            },
+            {
+                "enabled": "yes",
+                "name": "lastName",
+                "label": "Last name",
+                "mode": "required",
+                "type": "text"
+            },
+            {
+                "enabled": "yes",
+                "name": "email",
+                "label": "Email",
+                "mode": "required",
+                "class": "native",
+                "type": "text",
+                "checkType": "email",
+                "parameter": "retype\r\nretypeLabel=Retype email"
+            },
+            {
+                "enabled": "yes",
+                "label": "Check for double registration",
+                "mode": "show",
+                "modeSql": "",
+                "class": "action",
+                "type": "beforeSave",
+                "parameter": "sqlValidate={{!SELECT p.id FROM Person AS p WHERE p.email='{{email:F:alnumx}}'  OR ('{{firstName:F:allbut}}'=p.firstName AND  '{{lastName:F:allbut}}'=p.lastName ) LIMIT 1 }}\r\n expectRecords=0\r\nmessageFail=Sorry, person already registered by name or email. Please just reset the password under <a href='?id=reset'>reset</a>"
+            },
+            {
+                "enabled": "yes",
+                "label": "auth, deadline",
+                "class": "action",
+                "type": "afterSave",
+                "parameter": "# Set token & expiration\r\nsqlBefore={{UPDATE Person SET auth='{{random:V}}', authExpire=DATE_ADD(NOW(), INTERVAL 1 DAY) WHERE id={{id:R}} }}"
+            },
+            {
+                "enabled": "yes",
+                "label": "a) sendEmail, b) fe user",
+                "mode": "show",
+                "class": "action",
+                "type": "sendMail",
+                "value": "Dear new user\r\nPlease set a new password under {{baseUrl:Y}}?id=set&auth={{auth:R}}\r\nRegards.",
+                "parameter": "sendMailTo={{email:R}}\r\nsendMailSubject=Registration confirmation\r\nsendMailFrom={{ADMINISTRATIVE_EMAIL:Y}}\r\n\r\n# Create User in T3\r\nsqlAfter={{INSERT INTO {{dbNameT3:Y}}.fe_users (pid, usergroup, username, password, first_name, last_name, name, email) VALUES (6, '1', '{{email:F:alnumx}}','$p$initial invalid hash',  '{{firstName:R}}', '{{lastName:R}}', '{{first_name:R}} {{last_name:R}}', '{{email:F:alnumx}}') }}"
+            }
+        ]
+    }
+
+
+Request password reset link
+^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
 Page: reset
 """""""""""

-Page Alias: reset
+* Page Alias: reset

 QFQ content record::

@@ -116,7 +221,9 @@ QFQ content record::
 Form: passwordReset
 """""""""""""""""""

-* Take care that there is one dummy person record with person.id=1
+.. note::
+
+  Take care that there is one dummy person record with person.id=1

 Form 'passwordReset'::

@@ -133,7 +240,7 @@ Form 'passwordReset'::
        "forwardMode": "url-sip-skip-history",
        "forwardPage": "?id={{pageAlias:T}}&action=confirmation",
        "labelAlign": "default",
-        "parameter": "submitButtonText = Send passwort reset email",
+        "parameter": "submitButtonText = Send password reset email",
        "deleted": "no",
        "FormElement_ff": [
            {
@@ -145,7 +252,7 @@ Form 'passwordReset'::
                "type": "text",
                "encode": "specialchar",
                "checkType": "email",
-                "ord": 10,
+                "ord": 10
            },
            {
                "enabled": "yes",
@@ -154,7 +261,7 @@ Form 'passwordReset'::
                "class": "action",
                "type": "beforeSave",
                "ord": 20,
-                "parameter": "sqlValidate={{!SELECT 'fake' FROM (SELECT '')  AS fake WHERE '{{email:F:alnumx}}' LIKE '%example.com'  }}\r\n expectRecords=0\r\nmessageFail=Sorry, Password reset is not possible for *example.com.",
+                "parameter": "sqlValidate={{!SELECT 'fake' FROM (SELECT '')  AS fake WHERE '{{email:F:alnumx}}' LIKE '%example.com'  }}\r\n expectRecords=0\r\nmessageFail=Sorry, Password reset is not possible for *example.com."
            },
            {
                "enabled": "yes",
@@ -165,8 +272,8 @@ Form 'passwordReset'::
                "encode": "specialchar",
                "checkType": "auto",
                "ord": 50,
-                "value": "{{body:V::-}}",
-                "parameter": "fillStoreVar={{!SELECT CONCAT(p.firstName , ' ', p.lastName) AS name, p.id AS _pId, @expire:=DATE_ADD(NOW(), INTERVAL 4 DAY) AS expireTs, QDATE_FORMAT(@expire) AS expire, p.email, '{{random:V}}' AS auth FROM Person AS p WHERE p.email='{{email:F:alnumx}}' AND p.email!='' LIMIT 1}}\r\n\r\nsendMailTo={{email:VE}}\r\nsendMailSubject=Password Reset\r\nsendMailFrom=webmaster@example.com\r\nsendMailGrId=123\r\nsendMailXId=456\r\nsendMailMode = html\r\n\r\n# Set token & expiration\r\nsqlAfter = {{UPDATE Person SET auth='{{auth:V}}', authExpire='{{expireTs:V}}' WHERE email='{{email:F:alnumx}}' AND email!='' LIMIT 1}}",
+                "value": "Dear new user\r\nPlease set a new password under {{baseUrl:Y}}?id=set&auth={{auth:R}}\r\nRegards.",
+                "parameter": "fillStoreVar={{!SELECT CONCAT(p.firstName , ' ', p.lastName) AS name, p.id AS _pId, @expire:=DATE_ADD(NOW(), INTERVAL 4 DAY) AS expireTs, QDATE_FORMAT(@expire) AS expire, p.email, '{{random:V}}' AS auth FROM Person AS p WHERE p.email='{{email:F:alnumx}}' AND p.email!='' LIMIT 1}}\r\n\r\nsendMailTo={{email:VE}}\r\nsendMailSubject=Password Reset\r\nsendMailFrom=webmaster@example.com\r\nsendMailGrId=123\r\nsendMailXId=456\r\n\r\n# Set token & expiration\r\nsqlAfter = {{UPDATE Person SET auth='{{auth:V}}', authExpire='{{expireTs:V}}' WHERE email='{{email:F:alnumx}}' AND email!='' LIMIT 1}}"
            }
        ]
    }
@@ -177,7 +284,10 @@ Set new password
 Page: set
 """""""""

-Page Alias: set
+* Page
+
+  * Alias: set
+  * HideInMenu: yes

 QFQ content record::

@@ -222,6 +332,11 @@ QFQ content record::
 Form: passwordSet
 """""""""""""""""

+.. note::
+
+    Please adjust the numbers for ``usergroup`` and ``pid`` in FormElement `Update fe_user.password > parameter > sqlInsert`
+    to your needs. Remember that every FE-User needs at least one FE-Group to log in successfully.
+
 Form 'passwordSet'::

    {
@@ -248,7 +363,7 @@ Form 'passwordSet'::
                "checkType": "pattern",
                "checkPattern": "[a-zA-Z0-9-_+ *\\\/.,:;]{10,}",
                "ord": 10,
-                "parameter": "retype\r\nretypeLabel=Retype password\r\ndata-pattern-error=At least 10 characters are required. Valid characters: a-z A-Z 0-9 -_+*\/.,:;\r\nextraButtonPassword",
+                "parameter": "retype\r\nretypeLabel=Retype password\r\ndata-pattern-error=At least 10 characters are required. Valid characters: a-z A-Z 0-9 -_+*\/.,:;\r\nextraButtonPassword"
            },
            {
                "enabled": "yes",
@@ -258,7 +373,7 @@ Form 'passwordSet'::
                "type": "afterSave",
                "encode": "specialchar",
                "ord": 20,
-                "parameter": "slaveId={{SELECT fe.uid FROM {{dbNameT3:Y}}.fe_users AS fe WHERE fe.username='{{email:RE}}' AND fe.username!='' AND fe.deleted=0 LIMIT 1}}\r\n\r\n# Create FE User. Please update values of `pid`, `usergroup` to your setup.\r\nsqlInsert = {{INSERT INTO {{dbNameT3:Y}}.fe_users ( `pid`, `usergroup`, `username`, `email`, `name`, `password`,`crdate`) VALUES ( 5 , 1 , '{{email:RE}}', '{{email:RE}}', '{{lastName:RE}}, {{firstName:RE}}', '{{myValue:FE:all:p}}',  UNIX_TIMESTAMP() ) }}\r\n\r\nsqlUpdate = {{UPDATE {{dbNameT3:Y}}.fe_users SET password='{{myValue:FE:all:p}}' WHERE uid={{slaveId:V0}}  }}\r\n\r\nsqlAfter={{UPDATE Person SET authExpire=0 WHERE id={{id:R}} }}",
+                "parameter": "slaveId={{SELECT fe.uid FROM {{dbNameT3:Y}}.fe_users AS fe WHERE fe.username='{{email:RE}}' AND fe.username!='' AND fe.deleted=0 LIMIT 1}}\r\n\r\n# Create FE User. Please update values of `pid`, `usergroup` to your setup.\r\nsqlInsert = {{INSERT INTO {{dbNameT3:Y}}.fe_users ( `pid`, `usergroup`, `username`, `email`, `name`, `password`,`crdate`) VALUES ( 5 , 1 , '{{email:RE}}', '{{email:RE}}', '{{lastName:RE}}, {{firstName:RE}}', '{{myValue:FE:all:p}}',  UNIX_TIMESTAMP() ) }}\r\n\r\nsqlUpdate = {{UPDATE {{dbNameT3:Y}}.fe_users SET password='{{myValue:FE:all:p}}' WHERE uid={{slaveId:V0}}  }}\r\n\r\nsqlAfter={{UPDATE Person SET authExpire=0 WHERE id={{id:R}} }}"
            }
        ]
    }
\ No newline at end of file