Automatic registration

[mzur]

I'd like to enable an automatic registration method, so we (the admins) don't have to manually create every new user. There are two ideas:

1. Enable the registration form (with decent spam protection). Whenever a new user is registered, they are created in a separate pending_users table and the admins are notified. Each pending user needs admin approval to become a full user but all this happens automatically once approval has been granted. The approved user gets an email notification with a link to choose their password.

2. This idea came up in a discussion with the Geomar people. As a general rule we want to give anyone with a research/education background free access to BIIGLE. Shibboleth may be an authentication service that could do this. We could even think about using a unique identifier provided by Shibboleth as a seed for the BIIGLE user UUID.

[mzur]

Tim approved an automatic registration via a service like Shibboleth. Daniel pointed out that Shibboleth may be restricted to German academia only. Investigate this.

[dlangenk]

It isn't, but it can be implemented by everybody like orcid or (Google) oauth. I would rather prefer oauth because it is more common. If the commercial users only use their own space (remote volumes) I don't see a point in not giving them access to Biigle. Furthermore we could have a usage policy, or implement a 2 step approach where we have to allow access first.

[mzur]

Shibboleth appears to be a generic authentication service, not restricted to academia. I think in that case I prefer the two-step approach where we just activate the regular registration mechanism of BIIGLE and add a step where new users have to be approved by an admin.

[mzur]

I'd like to move forward with this issue now. I'll implement this sign up flow:

1. Everyone can sign up using the sign up form. After sign up, the new user is immediately created and logged in with the global "guest" role. With this role, they can't create new projects or volumes. They can see public label trees. If they know other project or label tree admins, they can be added to a project or label tree as regular member.

2. A notification with the user details is sent to the BIIGLE admin email address. Global admins can "approve" or "reject" the new user. Approve means that the global role of the user is changed to editor. Reject deletes the new user.

3. The user gets a notification about their approval/rejection.

This has the advantage of existing users being able to invite new users right away without a required action by the admins.