superlogin icon indicating copy to clipboard operation
superlogin copied to clipboard

Published 20 hours ago verified publisher icon colinskow

suspend, resume, auto-resume user accounts.

Open tohagan opened this issue 8 years ago • 7 comments

I'll eventually need to be able to suspend and resume user accounts and I dare say other devs will too so I think this would be a worthy feature extension. Suspend should also logout the user from all active login sessions. suspend(userid, suspended) can just add a user.suspended datetime property value that's checked on login and removed if it's expired. If it's a true value it's permanently suspended until removed or set to false via a resume() function.

tohagan avatar May 20 '16 06:05 tohagan

How about disabled : boolean and disabled_until : Date? And the function would be superlogin.disableUser(userID, [disabled_until])

I think allowing two different types on the same property could be confusing. If disabled is true the user can't get in no matter what. If disabled_until is set and greater than the current date, any login is blocked.

I think that disabled communicates better than suspended because it could be a permanent block.

colinskow avatar May 20 '16 10:05 colinskow

and perhaps also an superlogin.enableUser(userID, [enabled_until]) ?

  • Removes any user.disabled or user.disabled_until values.
  • Optionally sets a user.enabled_until value.
  • Supports free trial accounts that can be re-enabled if they pay up.

tohagan avatar May 20 '16 23:05 tohagan

You mean an option to allow the account to automatically lock at a certain point in the future?

colinskow avatar May 20 '16 23:05 colinskow

yes!

tohagan avatar May 20 '16 23:05 tohagan

Alternatively ... we instead provide an extension point for plugins that can support this kind of thing.

tohagan avatar May 20 '16 23:05 tohagan

Basically just needs an async callback to allow/deny signup or login and report a reason if denied. Now I think about it, the reasons for denying signup or login vary widely and can be rather app specific so maybe a plugin approach is wiser long term. e.g. Blocked/Suspended due to Violation of term of use, Non-payment or just "your trial period has ended".

Examples:

  • Sign up example: perform anti-spam filtering on IP and email.
    • http://www.stopforumspam.com/usage
    • or any of these https://www.npmjs.com/browse/keyword/spam
  • Login deny message can vary widely by reason so maybe you need a more customisable solution that can report the reason:

tohagan avatar May 20 '16 23:05 tohagan

Any plans for this feature? It is just what I need!

Thanks!.

delkant avatar Mar 16 '17 02:03 delkant