torrust-index-archive icon indicating copy to clipboard operation
torrust-index-archive copied to clipboard

Published 20 hours ago verified publisher icon torrust

Add manual user activation

Open mickvandijke opened this issue 2 years ago • 3 comments

Torrust Index should have an option for manual account activation.

Guests will then be able to signup for an account and optionally verify their email. But they won't be able to login until a Torrust Index admin activates the pending account.

mickvandijke avatar Jun 27 '22 09:06 mickvandijke

Hello Mick,

I think that we should have a more comprehensive account setup process.

  1. Rate Limiting captcha. + Acceptance of Terms + (Invitation)
  2. Give Account Registration Recovery Code to User.

The account recovery code is exactly the same as a password + username concatenated together.

[user_id] (supplied by server)
[user_random_code] (32-byte, generated by user)

[user_random_code][user_id] -> [account_recovery_code]

The server stores:
hash[account_recovery_code] -> [hashed_recovery_code]

Under the record of the user_id.

  1. User Password (policy optional)

  2. Select Username (policy optional)

  3. Add Email. (policy optional)

  • Verify Email. Email Settings (Recovery + Security, Announcements, General)

  • The account is in the "email" stage. It is possible to give more privileges than just "pending or public". (Optional Policy) This account may have an expiry, where it is deleted after a certain date.

  1. Add Picture

  2. Add Bio

  3. Apply for Account Promotion.

If the account meets a certain policy, the user can apply for an account promotion.

A user that has the appropriate privileges can accept the promotion. Ie. Full User.

  1. Automatic Account Promotions.

The above can happen automatically according to certain administrative policies.

At each stage the account has a status. maybe:

  • Public (no account).

  • Default (no username)

  • Name (username, no password)

  • User (username, password)

  • Mail (with email)

  • Photo

  • Bio

  • Full Account

  • Moderator

  • Administrator

  • Founders (account created before a certain date)

  • Adult (account older than certain amount)

Then we could have all sorts of activity based statistics connected to accounts and enable promotion requests or automatic promotions based upon these statistics.

da2ce7 avatar Jun 27 '22 11:06 da2ce7

Hey @da2ce7 ,

I think this is a good idea.

I'm only a bit confused by having user passwords as optional. Would users then only login with their username and/or Account Registration Recovery Code?

I'm currently working on an ERD for a new database structure that incorporates this issue as well as #30.

mickvandijke avatar Jun 28 '22 14:06 mickvandijke

@WarmBeer I've updated the account_recovery_code part to be more descriptive.

da2ce7 avatar Jun 29 '22 06:06 da2ce7

  • https://github.com/torrust/torrust-index-frontend/issues/284

da2ce7 avatar Sep 20 '23 10:09 da2ce7