- Issue created by @alex.amtr
- π©πͺGermany jurgenhaas Gottmadingen
Well, ECA provides granular actions, and the developer of the model is responsible to take all the steps required for any given workflow.
So, in this case, after creating the account, the same ECA model should just add another step to send an email, and the model needs to decide what goes into that email.
What I don't understand is what you mean by activating the account? Drupal's registration process doesn't have anything like inactive accounts that a user can activate with a link. Instead, you need to create that account and make it active. Then, when you send the email with a link, there the user can reset the password and then login.
- π«π·France alex.amtr
Sorry for being unclear.
I'm talking about the email that verifies the validity of an account's email address and displays a link to reset your password.
In this email you have a link [user:one-time-login-url].
I can't manage to get this link to send it to my new users. The token is empty in ECA. Then users can't activate their accounts. - π©πͺGermany jurgenhaas Gottmadingen
There have been a few discussions around that token here in the issue queue and also on Slack: it is not a public token that's available like other tokens. Drupal core has implemented that token in an isolated context such that it's only available in the Drupal core context. That's for security reasons. Imagine that token where generally available and somebody puts that into a comment. That would output that link to reset a password in public for everyone to us it.
Therefore, if you want to implement a user creation workflow which is different from Drupal core, you have to build the whole workflow yourself, including the email text that's being sent. You can e.g. send people to
https://www.example.com/user/resetand ask them to use that form to receive the password reset link from there. - π«π·France alex.amtr
I am wondering...
Perhaps, it would be possible to set a temporary password to users and to send this password by email ? - π©πͺGermany jurgenhaas Gottmadingen
That's technically possible, but I advise strongly against it. That's very bad practice and diggs a massive security issue into the Drupal site that does this.
- π«π·France alex.amtr
I convince it is not an ideal solution.
Perhaps it is possible to force the user to change their password upon first login. This would help limit security issues.
I have not the choice anyway.
Thank you very much for your help. - π«π·France PhilY πͺπΊπ«π· Paris, France
As a workaround, sending email using Easy Email module β allows the use of the one-time-login-url token.
In your ECA process where you're creating the user account, you'll need to add some actions to send the email using Easy Email templates.Checkout the ECA videos library on PeerTube, there is a video about Easy Email integration: https://tube.tchncs.de/w/vPY3MUtLV7FWWB2y5vFaCc
