Logic for checking user signup complete?

This is a database design/weweb question…

Users are added to the database without a password, as they are added by other users.

I’d like to ensure that whenever a user comes to our app, after logging in, they are presented with a Create Password page, if they do not have a password completed in the DB.

I could just have this as the page that the come to when they click the invitation link in the email, but I need to ensure that they cannot utilize any pages in the app until password is complete.

I’ve thought about creating another role for this, something like “subscriber-password-not-complete” but this is clunky.

I’ve also thought about using a workflow for every page that checks is password is complete, and then redirecting them to the Create Password screen, if not. But, that also takes up a lot of resources on ever single page load thats probably unnecessary.

Any ideas on the best way to do this?

I should also say that my users don’t always have a role, as there are some users without any role, and the roles are actually attached to an account.

@Joyce When does the /me endpoint get called with Xano basic auth plugin? Is it only once, when the user is logged in?

Hi @kevinwasie

You could add a redirect workflow that triggers “app wide” which is available from the “settings” menu.

Regarding the Xano auth, As far as I know, the user details are fetched when you run any of the actions: “Login”, “Fetch User” and “Sign Up”

Hi @kevinwasie :wave:

The user is fetched when the plugins are initialized, so before collections are fetched.

It’s only once for each page. After the SPA is released – in 2-3 weeks – it will only be once when visiting a website.

@Joyce Awesome SPA! Will fetch user still work? That is what I ended up using?

1 Like

No idea :grimacing: Let me call @flo for backup on this :sweat_smile:

Hi @kevinwasie,
Interesting use case. If I understand, users are created manually without any password. So, they sign in just with their email? Right?
Two options come to my mind:

  1. You don’t consider these users as users. So, when they fill in their email, you redirect them to a sign-up page with their email prefilled and a password input. Then you add classic signup workflow on the front-end. On the back-end you edit the user instead of creating a new one.
  2. You consider these users as users. Then, adding a role is the right option for me as you can use this role to prevent them from accessing other pages. Like this:

Tell me if that works for you!