System Information
- Strapi Version: 4.1.9
- Operating System: windows11
- Database: sqlite
- Node Version: node v14.17.6)
- NPM Version:
The default behavior after registration (with “email confirmation” turned off) is that the user is now authorized and confirmed.
I want to confirm users manually, but there is no option nowhere to toggle this beahvior.
Googling, there’s one obscure hack to make this happen that involves going into npm modules and changing “params.confirmed = false”.
This doesn’t work for almost any deployment (as the packages are installed during deployment, to state the obvious).
Furthermore I tested whether it even made any difference if a user was unconfirmed, lest I continue a pointless crusade. It turns out there isn’t.
You can reproduce by:
- registering a user
- hitting up the /me endpoint (or another endpoint you have set up for authenticated users only)
- if you get a positive response (status 200 + data) go to strapi dashboard
- now set the “confirmed” attribute of that user as “false” and save
- hit up the /me endpoint (it returns 200 + user data including “confirmed: false” which is correct
- hit up another authenticated-users-only endpoint
- expected response: 401 unathourized. actual behavior: 200 + data
- maybe this jwt token is magically stored as “confirmed” somewhere, lets “login” again to get a different jwt and use that one
- hit up the endpoint in point 6. again
- expected response: 401 unathourized. actual behavior: 200 + data
So please, can someone help me:
- Register users as “unconfirmed” by default
- Prevent them from getting content when they are unconfirmed (without writing lifecycles for every single content-type controller lol)
Regards
David