Hello, I’ve been trying to setup a registration/sign up functionality in the main login page of my app. When anonymous users open my app, they’ll be prompted to either login with an already existing account or create a new account. If they choose to create a new account, they have to input their username, email address and password. When they click “Save” they receive an email with a deep link they can click to finish their registration. This deep link will validate their account and allow them to login with their newly created account next time they want to login to the app. So, the way I’ve setup the logic behind the scenes is like this. In the main login page there is a data view of entity “NewAccount” which contains the form that new users have to fill to create a new account. When users click “Save” they trigger a microflow that commits the NewAccount object, creates a Deep Link, and sends the email with the deep link in it to the user. When the user clicks the deep link, another microflow is triggered that will create an “Account” object (from the Administration module) and fill it with the attributes of the “NewAccount” object. This microflow receives “NewAccount” as an input parameter, which is input by the deep link. The microflow ends by showing the original login page, which should now have the newly created account as an account the user can login with. But here’s the problem. When I test all of this, it all goes alright until the final microflow that creates the “Account” object (from Administration module). In other words, when I click the deep link that is sent to my email address, it brings me to a page saying that I do not have permission to access the page the microflow brings me to (see image below). I’ve run several tests to find out what is causing the problem, and I think that it has to do with the anonymous user not having permission to create an “Account” object in the final microflow, which seems to be (I could be wrong though) a predetermined feature that I haven’t been able to figure out how to change. The deep links, email module, encryption, model reflection, and everything else are properly setup—again, the problem comes in that final microflow. Is there anything you would recommend doing to fix this problem? Or, if you have an entirely different logic/approach you would use to reach the same outcome (creating an account as an anonymous user that includes a validation email) please let me know. I’m pretty new to Mendix, so thanks in advance!
asked
Benjamin Zapata
1 answers
0
Hi Benjamin, you've gotten quite far for someone whose new to Mendix! Kudo's for that!
What I think is wrong is that part after the Account is created, which by the way could well be possible for anonymous users if it's done in a microflow without ‘apply entity access’. But what happens after the confirmation should be like this. The still anonymous user would need te be presented a login page with username/password/signin button widgets. And those default authentication widgets need be be in a blank page without a surrounding dataview. So don't pass the newly created Account object to a page, because that's where the error occurs. A anonymous user should never be granted read rights on Account for security reasons.