By default users registering on a Liferay portals are assigned a randomly generated password and their accout is active immediately. Upon first login, users are then required to change their password. Well, to put it delicately, especially the second step in this registration process will definitely confuse some of your potential users since why do you need to change the password you just set during the registration process?
Today, most of the prominent web frameworks offer the possibility to add an additional layer of security OOTB by forcing users to verify their email address upon registration. Thus, accounts do not become active until potential users have verified their email address. Furthermore, no framework I know other than Liferay forces users to change their password on the first login after the registration process completed.
Registration Workflow with Verification
Luckily, Liferay is highly configurable and thus allows us to change the registration workflow without any changes to the code. As reference, the desired registration workflow looks as follows:
- The user fills out the registration form (username, email, password, first and surename, etc.)
- Liferay creates the account but does not yet mark it active
- Liferay sends a verification e-mail to the user e-mail account with a verification link that activates the account
- The user clicks on the link provided and Liferay finally activates the account
Now that we have defined the registration worklflow to be used how do we enable it in Liferay? Simply by editing portal-ext.properties by adding the following line:
company.security.strangers.verify=true
That’s it! Be sure to restart Tomcat (or respectively your servlet container of choice) for this settings to take effect and test your registration workflow 🙂
Dear Matthias,
Thanks for sharing this wonderful post.
I was searching the same.
According to your suggestion I added a property in portal-ext.properties file as below :
company.security.strangers.verify=true
and restarted server after clearing temp and work but still when I register as a new user its allowing me directly to access my account and I am getting the default mail having no activation link instead with the passwords.
Can you please help me if its needed some more configurations apart from setting above property.
Thanks,
Roshan Qureshi
Hi Roshan,
which LR version are you using? Can you confirm that your portal-ext.properties is actually used by LR, i.e. is it overwriting the default value? I’ve used this option in LR 6.1.1 CE successfully so far. Cheers
HI Matthias,
We are using LR 6.1 CE and we would like to have 2 different email verification depending on the type of application.
Currently, we are using the default liferay and we only able to change some wording on the email.
Can you help us on this?
Hey Dolly,
sorry for the late reply. Please have a look at my comment below for more info on how to get started. Cheers
Hallo Matthias,
deine Beschreibung funktioniert bei mir leider auch nicht.
Hier ist eine CE 6.2 im Einsatz.
Ich konnte bereits sicherstellen, dass die portal-ext.properties eingelesen wird, weil dort auch andere Modifikationen am Registrierungsformular gemacht werden (zB Passwort frei wählbar).
Gibt es einen Weg, das durchzudebuggen?
Danke im Voraus
Hi Nudge,
let’s keep English the main language here 😉
In case this approach does not work for you you always have the options to create a custom portlet that simulates the registration process. Using this portlet you are able to manually add users to Liferay (API calls, be sure to set the boolean parameter for account verification to false to disable Liferay’s default account verification and password reset policy on first login), as well as add email verfication to your custom registration process.
On the other hand you can also create a custom ext to overload the registration functionality in the core (UserLocalServiceImp). Although, this approach most likely will require less code, it might be the harder way to go. Please have a look at Minimizing the ext environment to get started.
Personally, I’ve used ext’s for customizing this functionality in the past.
Hope that helps. Cheers
Hi matthias.kerstner
I am using liferay CE 6.2 and I have edited portal-ext.properties by adding company.security.strangers.verify=true but still It requires Email Verification Code how can I verify
thanks
Temesgen