How to allow unconfirmed users to login

I wonder if there is some easy way to create a register system with email confirmation that will allow user to login even if user is unconfirmed but if user is unconfirmed I want to grant that user some limited access and after email confirmation unlock all functionalities.

For example if user is unconfirmed then can change some basic info like First name but can’t create any content

You can achieve that by overriding user-permissions Auth functions.
Check the image for clear reference:

image975×259 39 KB

Apply your custom code here in callback (login) function and you can give access to the unconfirm users for login.
Just make sure you to add a flag in response to identify in frontend if the user is confirmed or not, by that way you can use Authorization.

You can do this but extentions are risky when you update your strapi version they will break witout warning or cause unintended side effects.

No, this won’t break even after strapi version update as the code is cloned to src/extensions.
I am using it from past 1 year with version updates.
Haven’t faced any issue till now.

Then the code you put it in never changed but if it where to change you would not know. and it would fully break of give side effects

Will keep a track on it if it happens. Thanks for the suggestion.

What is the rest of the contents from the strapi-server.js what I can’t see in the screenshot?

Rest of the methods are related to the other Auth APIs. For your login time requirement, you can use callback() method.
Check the SS I have shared you in DM for clarification purpose.

@Shekhar possible to share the auth.callback custom logic with me? I am looking to implement an account lockout on multiple failed attempts

Check your DM

@Shekhar I’m also interested, can you share with me too?