user registration workflow

[Harmonym]

Following user registration through the web client, it sends an e-mail message requesting that the user click the link to authenticate. However, the user can log in to the site and register themselves for volunteer shifts without authenticating. Is this the desired flow or is there a need to require authentication before the user can be active in the tool?

[BillWagner]

I'd like @jmcgowan8811 and @tonysurma to weigh in. I think this is a feature, because we want volunteers to get involved quickly.

However, we might want to note which volunteers have not validated emails when the system sends email.

Thoughts?

[tonysurma]

I think we want this as above but we want an indication of user validation status when viewed by the various owners/admins who see 'registrations/checkins' so they know status

And also a feature to remove/block a user by overall admin would close the loop on this

[TravCav]

is this saying they can login before activating the account with the email link? I can't reproduce this in https://crisischeckin-d.azurewebsites.net or the current dev version. Is this a request to make that possible?

I'm not well versed in the WebSecurity class, and someone correct me if i'm wrong, but looking through the docs it looks like you can't login if there's a confirmation waiting. We can toggle it to not require email confirmation and have everyone able to login immediately and identify them as not confirmed as described above. But they'd have to take an extra step to kick off the confirmation process and they wouldn't be able to login until they did. And I don't currently see a way to do that outside of account creation or password reset. worst case scenario we could just shove a generated token into the table, put together an email, and send it out manually if it can't be done through websecurity.

thoughts?

[BillWagner]

I'll bump to @tonysurma He's been slammed today, but will answer later this week.