Ability to customise user registration mutation and validation of user fields

[Stalex89]

Hello,

I have a specific scenario for a user registration process. In Craft I have an entry type which contains field with activation code. On the frontend (not a twig template but decoupled frontend, so no twig solution applicable) I have a user register page with user registration form. In one of the fields in the form user should enter the activation code. Before the user is registered I need a way to validate this field if the code matches the code from one of entries. If the activation code provided by user is matching none of codes from entries, it should throw a validation error.

So basically I need the following registration flow:

1. User goes to /register page on the decoupled frontend
2. User fills in email, password, confirm_password and activation code in the registration form
3. User presses "register button"
4. Mutation from the graphql-authentication plugin is called with (username, password, activation_code [String]!) params
5. Plugin validates activation_code by checking if there is an entry with the matching code exists.
6. If code activation_code validation failed, the error is thrown with the message "Invalid activation code"
7. If code activation_code validation succeed, the user is registered and respective entry is added to a user custom field

As I read from documentation it is possible to provide additional values in register mutation for user custom fields, but there is no hook that can be used to modify user registration/validation logic in mutation. Also it's not quite suitable for my case as I need either to add entry ID field to the User (I would prefer to add an entry relation itself and not the id text field), or pass the entry id directly from the frontend (which is not suitable because user should know activation code but not an entry id).

Can you pls tell if there's a way to extend/modify the user register mutation inside the plugin to handle this scenario (maybe some hook like EVENT_BEFORE_USER_REGISTER in UserService which can alter the custom field validation and saving)?

Thank you in advance!

[jamesedmonston]

@Stalex89 sorry for the delay on getting back to you on this one.

I think this is achievable (albeit with a few extra steps) without needing to update anything in the plugin:

• Make the code entries available on the public schema, but make the field private from the plugin's field settings
• User submits form, front-end runs a query query Code { entry(section: "code", code: $code) { id } }) and throws an error if it can't find a matching entry
• Authenticates user
• Run updateViewer mutation and populate the entry field with the ID returned from the query

Does that make sense?

[Stalex89]

@jamesedmonston thank you very much for your response, idd this can be achieved this way, however there is one small drawback of this solution. As we leave the validation logic on the frontend, the code validation step can be easily bypassed if you will call user registration mutation for example from the Postman app. The registration mutation will just create a user account thus the user can get access to the portal without passing the code validation step. What I need is to make the user registration through the GraphQL impossible without providing the valid activation code (sorry that I didn't mention this as the requirement before).

Thus would be really nice to have a way to modify logic from the backend module/plugin by passing extra code with hooks like EVENT_BEFORE_USER_REGISTER and EVENT_AFTER_USER_REGISTER.

[jamesedmonston]

@Stalex89 that's a very good point – bit of an oversight by me! I'll look at implementing some events as you suggested

[CAIDcreative]

Just poking this thread to say I basically require the exact same thing. Ideally the solution I require would only allow certain user groups access to certain register mutations: so like if there was checkboxes userGroup1 could be allowed publicly, and userGroup2 can only be created by userGroup3, and no register for userGroup3 via graphql (only admin cp access).

Adding those events would be useful though and probably allow us to make a solution via a module.

[Stalex89]

@jamesedmonston hello, are there any plans to release it in the nearest future? 👀