I have tried it and it does not work, I have it changed and published but no change, when I complete a registration form from an email invitation I get enabled by default.
As I mentioned, it is not about the individual registering from anew, I am talking about a Developer registering after receiving the email invitation from an OrganizationUser where the developer clicks on the link in the email which is of the format:
ssgconfig@mg-api-26.l7tech.com&token=ThQjCWU1ssx6JuS5-Yl1q5FRoO4cCT9WkWq3BohDJL4qaflgmjI0OOIXzgR3aPUmvD_duXLASBE" rel="nofollow" target="_blank">https://mg-api-26:8443/invitation/validate?email=ssgconfig@mg-api-26.l7tech.com&token=ThQjCWU1ssx6JuS5-Yl1q5FRoO4cCT9WkW…
As you can see, it is a link to the /invitation/validate URI with two parameters: the email and the token.
I have 'discovered' that if I omit the token part, then the user can still register and is created and disabled, BUT is not of the same organization of the organizationUser who sent the email .
If I keep as it is with the token, the user registers and is created within the correct organization unit AND is enabled which is NOT what I want.
So either there is a way to specify the organization without the use of a token, but I test adding the parameter organization=test_org or organizations=test_org but none worked (test_org exists as an organization)
Or there is a way for defaulting the registration with token to be disabled by default
I have tried to reverse engineering the flow and I kept hitting walls, like in a glass labyrinth and I am sick and tired: I even tried to look for any file that would allow me to check the creation of the token, but 'token' as a keyword in the search did not reveal any useful info,
Help please.