Message Boards

  1. Home
  2. Development
  3. 7.2 Issue - Disable the Create Account for Guest User

7.2 Issue - Disable the Create Account for Guest User

thumbnail
Gnaniyar Zubair, modified 3 Years ago.

7.2 Issue - Disable the Create Account for Guest User

Liferay Master Posts: 722 Join Date: 12/19/07 Recent Posts
Hi guys,

There is a property to hide the "Create Account" link from Control Panel and portal-ext-properties. ( DXP - 7.2)

  • 1. Control Panel: We have to Uncheck this option to disable a guest user from creating an account  throug control panel -->  "Allow Strangers to create account?"
  • 2.  Portal-ext.properties: add this property  "company.security.strangers=true"

After applying any one of the approach, it is disabled from the UI. But if user has the direct link of /login/create_account which is stored already in browser or intentionally they want to do the test for the security, it works perfectly by accessing directly this below url.    ( see the attachement )

p_p_id=com_liferay_login_web_portlet_LoginPortlet&p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view&saveLastPath=false&_com_liferay_login_web_portlet_LoginPortlet_mvcRenderCommandName=%2Flogin%2Fcreate_account

only way to override the MVCRenderer Command  or any other configuration ?

Attachments:

thumbnail
Olaf Kock, modified 3 Years ago.

RE: 7.2 Issue - Disable the Create Account for Guest User

Liferay Legend Posts: 6403 Join Date: 9/23/08 Recent Posts
Gnaniyar Zubair:

Hi guys,

There is a property to hide the "Create Account" link from Control Panel and portal-ext-properties. ( DXP - 7.2)

  • 1. Control Panel: We have to Uncheck this option to disable a guest user from creating an account  throug control panel -->  "Allow Strangers to create account?"
  • 2.  Portal-ext.properties: add this property  "company.security.strangers=true"

After applying any one of the approach, it is disabled from the UI. But if user has the direct link of /login/create_account which is stored already in browser or intentionally they want to do the test for the security, it works perfectly by accessing directly this below url.    ( see the attachement )

p_p_id=com_liferay_login_web_portlet_LoginPortlet&p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view&saveLastPath=false&_com_liferay_login_web_portlet_LoginPortlet_mvcRenderCommandName=%2Flogin%2Fcreate_account

only way to override the MVCRenderer Command  or any other configuration ?

"works perfectly": Is that - the form to sign up is displayed? Or the user account is created?
I've tried it and can see the form, but get "Error: Your request failed to complete." - e.g. account not created, only a superfluous form to see for people who know where it is.
Even if the form wouldn't display, you could still craft a request with the appropriate data and send it to the portal. The result should be as I observed: Account isn't created.
Note: You also state "company.security.strangers=true" - that should be "false" if no user account should be created in self-service.

If you can reproduce that an account is created, please see https://liferay.com/security
thumbnail
Gnaniyar Zubair, modified 3 Years ago.

RE: 7.2 Issue - Disable the Create Account for Guest User

Liferay Master Posts: 722 Join Date: 12/19/07 Recent Posts
Thanks for the response.

//"works perfectly": Is that - the form to sign up is displayed? Or the user account is created?//

it means , registration form is displaying, i didn't check the functionality but security team will observe as a initial analysis that this form is opening for the guest users. It should be redirected to the home page if anyone access the url directly by mistake when this property is set. "company.security.strangers=false" . 


//you also state "company.security.strangers=true" - that should be "false" //

yes agree it was typo. emoticon