Skip to content
This repository has been archived by the owner on Sep 20, 2023. It is now read-only.

Add manual user activation #78

Closed
mickvandijke opened this issue Jun 27, 2022 · 4 comments
Closed

Add manual user activation #78

mickvandijke opened this issue Jun 27, 2022 · 4 comments
Assignees
@mickvandijke
Labels
enhancement New feature or request

Comments

@mickvandijke
Copy link
Member

Torrust Index should have an option for manual account activation.

Guests will then be able to signup for an account and optionally verify their email. But they won't be able to login until a Torrust Index admin activates the pending account.
@mickvandijke mickvandijke added the enhancement New feature or request label Jun 27, 2022
@mickvandijke mickvandijke self-assigned this Jun 27, 2022
@da2ce7
Copy link
Contributor

da2ce7 commented Jun 27, 2022
edited
Loading

Hello Mick,

I think that we should have a more comprehensive account setup process.

  1. Rate Limiting captcha. + Acceptance of Terms + (Invitation)
  2. Give Account Registration Recovery Code to User.

The account recovery code is exactly the same as a password + username concatenated together.

[user_id] (supplied by server)
[user_random_code] (32-byte, generated by user)

[user_random_code][user_id] -> [account_recovery_code]

The server stores:
hash[account_recovery_code] -> [hashed_recovery_code]

Under the record of the user_id.

  1. User Password (policy optional)

  2. Select Username (policy optional)

  3. Add Email. (policy optional)

  • Verify Email. Email Settings (Recovery + Security, Announcements, General)

  • The account is in the "email" stage. It is possible to give more privileges than just "pending or public".
    (Optional Policy) This account may have an expiry, where it is deleted after a certain date.

  1. Add Picture

  2. Add Bio

  3. Apply for Account Promotion.

If the account meets a certain policy, the user can apply for an account promotion.

A user that has the appropriate privileges can accept the promotion. Ie. Full User.

  1. Automatic Account Promotions.

The above can happen automatically according to certain administrative policies.

At each stage the account has a status. maybe:

  • Public (no account).

  • Default (no username)

  • Name (username, no password)

  • User (username, password)

  • Mail (with email)

  • Photo

  • Bio

  • Full Account

  • Moderator

  • Administrator

  • Founders (account created before a certain date)

  • Adult (account older than certain amount)

Then we could have all sorts of activity based statistics connected to accounts and enable promotion requests or automatic promotions based upon these statistics.

@mickvandijke
Copy link
Member Author

Hey @da2ce7 ,

I think this is a good idea.

I'm only a bit confused by having user passwords as optional. Would users then only login with their username and/or Account Registration Recovery Code?

I'm currently working on an ERD for a new database structure that incorporates this issue as well as #30.

@da2ce7
Copy link
Contributor

da2ce7 commented Jun 29, 2022

@WarmBeer I've updated the account_recovery_code part to be more descriptive.

@da2ce7
Copy link
Contributor

da2ce7 commented Sep 20, 2023

@da2ce7 da2ce7 closed this as completed Sep 20, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@mickvandijke mickvandijke

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@da2ce7 @mickvandijke