How can I allow users to create an account on the page?
Application Type
Reactive

I'm trying to make an app where users can create an account themselves. I consumed the User_Create action from the built-in Users module, but when I try using that action I get an error because the UserManager role is required to use it. I'm not sure how to set this up so that anonymous users can create an account without this UserManager role (or any other role) required, since they're a new user.

Hello Joseph 

Greetings!

The process of allowing users to register is quite easy. Without going into the Technical Details I will suggest you to look into this App that shares the flow and will help you to see how it works. 


https://www.outsystems.com/forge/component-overview/10209/user-registration-flow-reactive 


Please feel free to ask in case you face any further challenges 


Regards,

Manish Gupta

This helped guide me a lot. Thank you! One minor follow-up question I have is, how can I set an image for a user/allow users to set their own image instead of using the default one?

Champion

Hi Joseph,


Is this related to Manish answer or mine ?


If it mine, then you must create new table, UserPicture (see image below)

Then when you aggregate get User data, you also joined with UserPicture, so the picture can be loaded (or upload image from the user themselves)


@Joseph Kuhn, To add the users images you will need to create one additional field into the registration field with the Upload Image or Camera Capture Ability. You can use Camera Plugin for this.


Then user will get the additional option in the Registration Form to upload the Photo. Then you can save the Photo using the approach that ToTo shared in the above response. (By creating the Entity and assigning the User ID) 


I hope you got this and able to implement. Please feel free to ask in case of any questions.


@Toto your response doesn't matter with whose comment helped to Joseph. In both cases you idea is correct at the Data Modelling level. 


Many Thanks

Champion

Hi Manish,


The reason I ask not for what you thinking of.

Because I never use the plugin you suggested, so I'm checking is Joseph using the one I told him or your plugin.


Thanks

Champion

Hi Joseph,


You should grant user manager role to user "0" and revoke it after finish creating user.

mvp_badge
MVP

I legitimately don't understand why you would want or need to do this. Can you please explain why you think this is necessary, and where you got this information from?

Champion

Hi Kilian,


The Server action "User_Create" from "Users" module, need user manager role for access.

Because the need is for user to self register so User_Create cannot be called if the user is not with user manager role.


Do you have any suggestion ?


mvp_badge
MVP

If the user manager role is a persistent role (and I assume it is), when granting that access to the anonymous user, all anonymous users from that point on will have that role. So this creates a huge security gap, even if only for a short amount of time.

However, the User_Role table has UserId as Mandatory, so it doesn't even seem possible to assign a Role to an anonymous user (unless the system would somehow grant a non-persistent role to the anonymous user, in which case my first comment above doesn't hold).

Regardless, it seems that Manish Gupta's answer already provided what Joseph was looking for (I haven't looked at that component myself).

Champion

Hi Killian,


Yes, there will be security risk for a moment.

What you told above bugged me, so I installed the plugin  (:D)

After checking this, it seems the plugin is not using server action "User_Create" for creating user, and using "Create_user" directly to the Entity.


And this make me asking a question, why server action "User_create" is there ?


And for "However, the User_Role table has UserId as Mandatory, so it doesn't even seem possible to assign a Role to an anonymous user (unless the system would somehow grant a non-persistent role to the anonymous user, in which case my first comment above doesn't hold). ", the grant role can be used with userId = 0 (yes security risk), but this will put as anonymous user as Role Manager.


Anyway, thank for info Killian, make me considering the security risk.


Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.