Add Email Verification to Registration Process in Liferay

By default users registering on a Liferay portals are assigned a randomly generated password and their accout is active immediately. Upon first login, users are then required to change their password. Well, to put it delicately, especially the second step in this registration process will definitely confuse some of your potential users since why do you need to change the password you just set during the registration process?

Today, most of the prominent web frameworks offer the possibility to add an additional layer of security OOTB by forcing users to verify their email address upon registration. Thus, accounts do not become active until potential users have verified their email address. Furthermore, no framework I know other than Liferay forces users to change their password on the first login after the registration process completed.

Registration Workflow with Verification

Luckily, Liferay is highly configurable and thus allows us to change the registration workflow without any changes to the code. As reference, the desired registration workflow looks as follows:

  1. The user fills out the registration form (username, email, password, first and surename, etc.)
  2. Liferay creates the account but does not yet mark it active
  3. Liferay sends a verification e-mail to the user e-mail account with a verification link that activates the account
  4. The user clicks on the link provided and Liferay finally activates the account

Now that we have defined the registration worklflow to be used how do we enable it in Liferay? Simply by editing portal-ext.properties by adding the following line:

company.security.strangers.verify=true

That’s it! Be sure to restart Tomcat (or respectively your servlet container of choice) for this settings to take effect and test your registration workflow 🙂

You may also like...

7 Responses

  1. Dear Matthias,
    Thanks for sharing this wonderful post.
    I was searching the same.

    According to your suggestion I added a property in portal-ext.properties file as below :
    company.security.strangers.verify=true

    and restarted server after clearing temp and work but still when I register as a new user its allowing me directly to access my account and I am getting the default mail having no activation link instead with the passwords.
    Can you please help me if its needed some more configurations apart from setting above property.

    Thanks,
    Roshan Qureshi

    • Hi Roshan,
      which LR version are you using? Can you confirm that your portal-ext.properties is actually used by LR, i.e. is it overwriting the default value? I’ve used this option in LR 6.1.1 CE successfully so far. Cheers

  2. Dolly says:

    HI Matthias,
    We are using LR 6.1 CE and we would like to have 2 different email verification depending on the type of application.

    Currently, we are using the default liferay and we only able to change some wording on the email.

    Can you help us on this?

  3. Nudge says:

    Hallo Matthias,

    deine Beschreibung funktioniert bei mir leider auch nicht.
    Hier ist eine CE 6.2 im Einsatz.

    Ich konnte bereits sicherstellen, dass die portal-ext.properties eingelesen wird, weil dort auch andere Modifikationen am Registrierungsformular gemacht werden (zB Passwort frei wählbar).

    Gibt es einen Weg, das durchzudebuggen?

    Danke im Voraus

    • Hi Nudge,

      let’s keep English the main language here 😉

      In case this approach does not work for you you always have the options to create a custom portlet that simulates the registration process. Using this portlet you are able to manually add users to Liferay (API calls, be sure to set the boolean parameter for account verification to false to disable Liferay’s default account verification and password reset policy on first login), as well as add email verfication to your custom registration process.

      On the other hand you can also create a custom ext to overload the registration functionality in the core (UserLocalServiceImp). Although, this approach most likely will require less code, it might be the harder way to go. Please have a look at Minimizing the ext environment to get started.

      Personally, I’ve used ext’s for customizing this functionality in the past.

      Hope that helps. Cheers

  4. Temesgen says:

    Hi matthias.kerstner
    I am using liferay CE 6.2 and I have edited portal-ext.properties by adding company.security.strangers.verify=true but still It requires Email Verification Code how can I verify

    thanks
    Temesgen

Leave a Reply

Your email address will not be published. Required fields are marked *