Flow for Email Driven Registration
When a user creates a ticket by email, without an account, there is no account associated with the user. This will cause a ticket creation to fail, since a ticket must be owned by a user.
This means we need some sort of special process for allowing a user to finish their registration after they create a ticket.
My suggestion is the following workflow, for minimal user hassle and acceptable level of security:
- User creates ticket via email.
- Backend creates new user entry with invalid password.
- When user tries to log in, it sends an email similar to password recovery, but setup as "complete your registration" with link containing confirmation key.
- User verifies things like First and Last name. (the system can try to retrieve this from the email headers)
- User inputs phone number and any other fields that cannot be retrieved from email headers.
- User fills out password.
- User completes form and begins using site with default permission levels.