Question

How can we restrict view access for all webs to registered users and still allow new people to register?

Jump to summary of solution

I have set DENYWEBVIEW to TWikiGuest in all webs to restrict non-registered users from browsing the site. However, now I can not figure a way to allow any users to register. This was discussed before in RegisterOnViewRestrictedSite however the solutions suggested there will not work with TWiki04.

I tried the approach suggested there of creating a static HTML version of TWikiRegistration and went the step further to also create a static version of the verification page when the new user enters the code they receive by email. However, I now see the behind-the-scenes transitions through opps pages and other things makes this approach unfeasible, afaict.

So what can one do? Is there some combination of access settings on various webs and topics that I'm not seeing that would work? Is there a way to make the approach I attempted above work?

Seems like this would be a not-uncommon scenario so I think it's worth figuring out.

Environment

-- LynnwoodBrown - 10 May 2006

Answer

If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.

What did you do to enforce authentication? If template login, I'd suggest that you register a password for TWikiGuest and mention this on the template login page. So guests can login like on twiki.org.

Then, setting DENYTOPIC to an empty value in TWiki.TWikiRegistration should do the trick. Values in a topic override those in WebPreferences.

-- HaraldJoerg - 10 May 2006

What I did to enforce authentication was to set DENYWEBVIEW to TWikiGuest in all webs.

I'm sorry, Harald, I don't understand your suggested solution. If I provided a password for TWikiGuest, then that would negate the whole restriction on letting non-registered users browse the site.

I did a little more experimentation based on an idea that came up on TWikiIRC and thought I was getting closer but still no success. What I did was add TWikiRegistrationAgent to ALLOWEBCHANGE for Main web. Then I went and attempted to register a new user using the static TWikiRegistration topic I created (and making sure i was logged out first). That goes through OK and I'm sent to the "Thank you for registering" verification page. I also received the email with the verification code. I also checked and confirmed that the new registration was in the data/RegistrationApprovals directory. So far so good.

Next, I tried both methods of confirming my registration - i.e. clicking the link in the email and copy/pasting the code into the screen that followed the registration page. I tried both methods on separate registration attempts just to see if it would make a difference. It didn't, in both cases, I was redirected to the login screen again. I tried entering the new user and password but it was not accepted. I went and checked and the new user topic did not get created. But here's the strange thing: I received the email confirming my registration was completed and the file was removed from data/RegistrationApprovals .

So I'm stumped again. I'm going to need someone who really understand the registration script to help me out.

-- LynnwoodBrown - 11 May 2006

With the kind help of HaraldJoerg, I was able to get this to work! The last piece I was missing was that I needed to the following permission to NewUserTemplate:

   * Set DENYTOPICVIEW = 

I added it inside the section that has translation stuff which is deleted when the new user topic is created. (When you edit at NewUserTemplate, you'll see what I'm talking about.)

-- LynnwoodBrown - 11 May 2006

Summary of solution developed

The following solution applies to DakarRelease.

1. To restrict view access to registered users set DENYWEBVIEW to TWikiGuest in WebPreferences in all webs.
2. View the html source of TWiki.TWikiRegistration as rendered. (Your browser will have a "view source" command in one of it's menus.) Copy the entire contents.
3. Using your text-editor-of-choice, paste into a new file and save it as a plain text file called something like register.html .
4. Load this file into the root of you TWiki installation.
5. Edit Main.WebPreferences and set ALLOWWEBCHANGE to %MAINWEB%.TWikiRegistrationAgent .
6. Edit TWiki.NewUserTemplate and add an blank permission setting for DENYTOPICVIEW . Do this near the end of the topic, right before the ENDSECTION tag, so that this will NOT be included in the new user topics. Also, removed the # before ALLOWTOPICCHANGE under "Personal Preferences". This will allow users to edit their own user topics.
7. When you want a new user to register, direct them to the static Registration page.

One caveat about this solution: it does not allow anyone to edit any topics in Main web except their own user topics.

-- LynnwoodBrown - 11 May 2006

The above suggestion didn't work for me but it did give me an idea.

I am using the RegistrationOnDemandLogin hack provided in the topic RegistrationOnDemandHack.

I did step 1 above.

Instead of setp 2-4, I created a simple file in the root of my TWiki installation to redirect to bin/view which trys the on-the-fly-registration if the user doesn't already have a WikiName.

Step 5 was not needed at all

I also did Step 6

Step 7 wasn't needed for me.

I need to do one my step though to get this to work. I added a blank permission setting for DENYTOPICVIEW in the topic Main.UserForm. I did it by adding the following to the end of that topic:

<!--
   * set DENYTOPICVIEW =
-->

This is then caused things to work.

-- DougCampbell - 04 Dec 2006