Use anvil.users.signup_with_email to allow an admin to create user accounts.
What I’ve tried and what’s not working:
The user account is created, but then is also signed in as the current user. So the admin is logged out.
This only happens when the Users service is configured to not confirm emails. When configured to confirm emails it behaves as I’d expect, the account is created but the admin is still logged i n.
To reproduce in the above clone click the button to show the current user and you’ll see that nobody is logged in. Enter an email address and click to create an account, then click the button again to show the current user to show that it’s changed.
I had to do something like this once. I can’t find the exact app right now as on way to a car boot but you can have a server call create the new user row with their email and then trigger the PW reset and that will sort it. There’s a few steps obvs.
That happens because signup_with_email also logs in the user. In a typical situation, this is what you want because otherwise the user will have to login again after signing up.
However, if the user hasn’t confirmed their emails yet, this means that we can’t log them in yet so the admin remains logged.
I think the only way to get around this is to create a new user row
I guess that’s what I’m questioning. In my mind signup_with_email is a programmatic way of creating a user account, not logging them in. If I wanted them to be logged in I’d use login_with_form or force_login, or even signup_with_form.
The docs for signup_with_email do not say anything about it also logging the user in. I understand that’s the current behavior. If that’s also the intended behavior, that should be documented. If that isn’t the intended behavior, it should be fixed.
I know that’ll work, if I properly hash the password. Or have them reset their password on their first login. Working around the behavior wasn’t the issue, it was raising whether the current behavior was intended or not.
It sounds like even if it wasn’t intended, people might be relying on it, so it probably won’t be changed. I guess it’d make a good feature request, to add a flag so that the function doesn’t sign the person in.