Createuser logs the user in and creates a session.

Question

OK this is one the main awkward situations, when I create a user with:

   userService.CreateUser(nameInputField.text, passwordInputField.text, nameInputField.text, new SignupCallBack(this));   

the user gets logged in and a session is created for the user. Is this intended behaviour? What if I want to send my users an activation link first?

Answer 1

Hello Armin,

You can manage this with the combination of Storage service. At the time of user creation save default value "userActivate as false" in App42 data base using No-SQL Storage Service and send email to that user. Once user click on that link, update that storage with value "userActivate as true". The same query which already discussed over here, please have a look and let us know if it helps.

P.S: At the time of login you can check, if userActivate key is false. You can redirect him to login screen and show the error message to verfiy his email id in order to use the funcationality. 

 

Thanks,

Himanshu Sharma

Comments

Hi again,

I think you missed my point, since I am the one who also posted the other question, it would have been stupid of me to ask the same thing again. My point is; when  CreateUser function is called, the user gets logged in automatically (producing a sessionId), which seems like an unintended behaviour.

P.S: I sometimes feel there are bots at the other end of the line reading my posts, this is not the first time my post isn't being read carefully.

---

Hello Armin,

Apologies to say, if i misunderstood something, but the solution which we have shared in this thread is the same which you have requested for.

I agree with your point and i have notice the same that you have the session id at the time of user creation, that's why i suggest you to maintain userActivate key in the Storage service and fetch the details before login user into the app.

If you want, we can create sample to do the same.

Let me know if that helps you.

Regards,
Himanshu Sharma

---

Hi back,

I get your point of storing the userActivate key, but how does that stop the createUser function from authenticating the user automatically? My Understanding of the createUser method is that it should only create a user profile on the cloud and nothing more. The solution that I have come up with is calling logout function in the callback of createUser. It works but it is ugly and it cost one more API-hit that can be avoided

---

Hello Armin,

In order do the advance login, you have to write this logic on client.

Once user sign-up, you can save the meta info of user into Storage along with createUser function (http://api.shephertz.com/app42-docs/user-management-service/#saving-additional-data-along-with-user).  Once you done with the process of user creation, you have the userActivate key which is false in the createuser response. So that will help you to restrict user to login into that App.

After user click on the link which shared through email, key will be update in Storage service and you can call authenticate function of user service to login in the app.

P.S:It would be great, if you can share your complete use case that why you are calling logout function in the create user callback. It will help us to provide better support from our end.

Thanks,
Himanshu Sharma

---

Ok we are still talking about apples and oranges here, I hope at some point one us would understand the other :D, the problem here is that createUser also authenticates the user, which in my opinion is a "BUG".

here is the scenario:

I am creating the user after he/she has signed up, using the following code:

userService.CreateUser(username, password, email, new SignupCallBack(this));

now everything is good and sound, now lets say the user goes back to "menu" (which in my case is a different scene in unity3d), and then comes back to the login page again without having verified his/her email address. This normally would not be a problem, but in my case I have a global singleton that checks App42API.GetLoggedInUser() and if the user is logged in, it skips the login/signup procedure and shows the user his/her profile. Keep in mind the user still hasn't verified the email address yet so he/she is not allowed to see his/her profile. But what happens naturally, since CreateUser has already authenticated the user, the profile page is shown to the user. This is an unintended behaviour that comes from createUser, to avoid this I call the logout function in the callback of createUser to clear out any sessions or authentication that was done by this function. I hope i managed to get the point across.

cheers,
armin

---

Hello Armin,

Is it possible that we can come over skype and take a quick call to resolve all your issues in one go. Let me know if it possible for you to come over skype.

Thanks,
Himanshu Sharma