Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add option for mods to review new accounts / invite only / private instances #209

Closed
6 tasks done
Nutomic opened this issue Aug 17, 2019 · 7 comments
Closed
6 tasks done

Add option for mods to review new accounts / invite only / private instances #209

Nutomic opened this issue Aug 17, 2019 · 7 comments
Labels
area: moderation enhancement New feature or request
Milestone
0.12.0

Comments

@Nutomic
Copy link
Member

Nutomic commented Aug 17, 2019
edited by dessalines
Loading

  • Add a new site columns as admin settings: review_new_accounts signup_questionnaire
    • Admins can edit this, or enable/disable it
  • Add a column in the local_user table: pending.
  • If the questionnaire is enabled, the text is shown in the signup form, together with a mandatory, multiline text input for the response
  • The response is stored in a new table registration_application
    • columns: (local_user_id, answer, admin_id?, accepted? (True, false, null), deny_reason?)
    • Data from this table is shown to admins, so they can review new applications
    • Possible actions are accept or deny, and possibly a way to contact the user in case something is unclear (can be done simply by showing the email address).
    • Accepted and denied applications are hidden, but can still be browsed by other admins
    • Might be useful to store which admin approved/denied an application
    • Might be good to send a notification for new applications to admins. Possibly through a separate "moderation notifications" system, also for reports?
  • If email verification is enabled, only show registration application to admins after the new user's email is verified
  • While waiting for admin approval, the new user might be allowed to login, browse public content and vote. Or simply disallow login to keep things simple.

Mastodon has an option where people have to fill in a form with "why do you want to join". Mods then have to review and approve the text before the user can login. The question might also be customizable or even randomly choose between multiple options. But even the basic option should do a lot to prevent spammers from signing up.

Screenshot_20190817_235258

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
@dessalines dessalines mentioned this issue Aug 19, 2019
Closed
@dessalines dessalines added enhancement New feature or request new account verify labels Aug 19, 2019
@dessalines
Copy link
Member

Question, does this overlap at all with #187 ?

Is it necessary to have private communities (where only mods could comment / post / etc), if every new user goes through this invite process?

Seem like this might be a better idea, and not do private communities.

Or maybe this review process should exist for not only instances, but communities too?

@Nutomic
Copy link
Member Author

Nutomic commented Aug 19, 2019

I guess this could be a way to implement private communities as well (like people might just enter a community-spexific password in the form). So that means instances and communities would both need the option that people can join only after mod review.

@dessalines dessalines mentioned this issue Aug 25, 2019
Closed
@dessalines dessalines mentioned this issue Oct 17, 2019
Closed
@dessalines
Copy link
Member

Now that I have email set up and working, this should be doable.

@dessalines dessalines mentioned this issue Feb 20, 2020
Closed
@dessalines dessalines changed the title Add option for mods to review new accounts Add option for mods to review new accounts / invite only Apr 20, 2020
@dessalines dessalines mentioned this issue May 3, 2020
Closed
@dessalines
Copy link
Member

I just wanted to add some thoughts on this based on the onboarding processes I've helped out with discord servers.

Sometimes, a simple form isn't enough: you might give the user a series of questions, but their answers might not be clear enough, so you have to ask clarifying questions. So most discords have an "onboarding / application" channel where you can have a back-and-forth chat, and once they pass, you give them a role to fully onboard them.

It would be nice to have this in lemmy, and there are many ways to do it. Maybe a pending column in the user role, which lets a user only see one newly created post, asking them to answer the form questions, and where they can have this back-and-forth.

@trymeouteh
Copy link

I prefer a email verification over moderator approval. However will it be possible to have both? The instance owner can choose to have

  1. Email Verification
  2. Moderator review

#691

@dessalines dessalines mentioned this issue May 21, 2020
Closed
@poVoq
Copy link

poVoq commented Oct 27, 2020

This idea is nice, but quite manual and time consuming. If there was an alternative sign-up that would allow linking of existing accounts via Oauth2 ( #489 ) or some sort of 2FA would be great. Ideally 2FA with XMPP ( https://blog.agayon.be/xmpp_auth_django.html )... one can dream right? :)

@Cam-B
Copy link

Cam-B commented Oct 28, 2020

^ SAML or OIDC would be great.

@dessalines dessalines changed the title Add option for mods to review new accounts / invite only Add option for mods to review new accounts / invite only / private instances Mar 30, 2021
@dessalines dessalines added this to the 0.11.0 milestone Mar 30, 2021
@dessalines dessalines modified the milestones: 0.11.0, 0.12.0 Apr 26, 2021
@dessalines dessalines pinned this issue May 4, 2021
dessalines added a commit that referenced this issue Dec 4, 2021
@dessalines
Adding views and functionality to registration application. #209
e28977c
dessalines added a commit that referenced this issue Dec 15, 2021
@dessalines @Nutomic
First pass at invite-only migration. (#1949)
c883a49 
* First pass at invite-only migration.

* Implement email verification (fixes #219)

* remove unwrap

* Adding views and functionality to registration application. #209

* Add private instance site column, and back end checks.

* Adding some message fields to LoginResponse

* Adding private instance to site setup.

* A few additions:

- Add a DeleteAccount response.
- RegistrationApplicationView now has the safe LocalUserSettings.
- Adding VerifyEmail to websocket API, added a proper response type.

* Adding and reorganizing some email helpers.

* A few fixes for private sites:

- Added a check_registration_application function.
- Only send a verification email if its been changed.
- VerifyEmail now returns LoginResponse.
- Deleting the old tokens after a successful email verify.
- If port is missing on email config, display a better error message.

* Version 0.15.0-rc.3

* Adding published to email_verification table.

* Adding fixes from comments.

* Version 0.15.0-rc.4

* Adding modlog private site check.

* Version 0.15.0-rc.6

Co-authored-by: Felix Ableitner <me@nutomic.com>
@dessalines dessalines unpinned this issue Jan 3, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area: moderation enhancement New feature or request
Projects
None yet
Milestone
0.12.0
Development

No branches or pull requests
5 participants
@dessalines @poVoq @Nutomic @trymeouteh @Cam-B