Revision e7cb4085
ID | e7cb4085ad90946bc57d927a6451397db4792519 |
astakos: User activation flow improvements
Major refactoring on user email verification/activation process
---------------------------------------------------------------
Activation logic moved from dispersed code in functions/view modules to
ActivationBackend methods. All user activation handling code in astakos views
and command line utilities was updated to use activation backend instances.
User moderation takes place right after user has verified the email address used
during the signup process. This solves issues caused when users signed up using
an existing but not yet verified email, causing invalidation of previously
moderated accounts.
A bunch of new fields added in AstakosUser model. Those fields added to clear up
a bit the identification of user status at a given time and additionaly keep
track of when specific user actions took place as a reference for
administrators. The following section contains detailed description of each
introduced field.
Introduced AstakosUser fields
-----------------------------
Fields get properly set across sigup/activation/moderation processes.
- verification_code
Unique identifier used instead of user auth token in user email
verification url. This is initially set when user signup and gets updated
each time a new verification mail is sent (requested either by admin or user)
- verified_at
The date user email got verified.
- moderated
Whether or not the used passed through moderation process.
- moderated_at
The date user got moderated.
- moderated_data
A snapshot of user instance by the time of moderation (in json format).
- accepted_policy
A string to identify if user was automatically moderated/accepted.
- accepted_email
The email used during user activation.
- deactivated_reason
Reason user got deactivated, provided by the administrator.
- deactivated_at
Date user got deactivated.
- activated_at
Date user got activated.
- is_rejected
Whether or not account was rejected.
Handles user entries as follows
Users with no activation_sent date
----------------------------------
- Generate and fill verification_code field.
- Once user will visit the activation url an additional moderation step
will be required to activate the user.
Users with verified email which are not active
----------------------------------------------
- Set moderated to True
- Set is_active to False
- Set moderated_at to user.auth_token_created
- Set accepted_email to user.email
- Set accepted_policy to 'migration'
- Set deactivated_reason to "migration"
- Set deactivated_at to user.updated
Users with verified email which are active
------------------------------------------
- Set moderated to True
- Set moderated_at to user.auth_token_created
- Set accepted_policy to 'migration'
- Set accepted_email to user.email
- Set verified_at to user.moderated_at
Users with no verified email and activation_sent set
----------------------------------------------------
- Set moderated to True
- Set moderated_at to user.updated
- Set verification_code to user.auth_token (to avoid invalidating old
activation urls)
Updated management commands
*******************
- New options --pending-moderation, --pending-verification added in `user-list`
command.
- New fields verified/moderated included in `user-list` command.
- New moderation options `--accept`/`--reject` added in `user-modify` command.
`--reject` can optionally be combined with `--reject-reason`.
Other changes
*****
- Cleaned up explicit smtp error handling when sending email notifications.
- Prevent already signed in users from using an account activation url
- Allow user to logout even when latest terms where not accepted
- Renamed templates
* helpdesk_notification.txt -> account_activated_notification.txt
* account_creation_notification.txt > Updated im tests
account_pending_moderation_notification.txt
Files
- added
- modified
- copied
- renamed
- deleted
- snf-astakos-app
- astakos
- im
- activation_backends.py (diff)
- forms.py (diff)
- functions.py (diff)
- management
- messages.py (diff)
- migrations
- 0027_auto__del_field_astakosuser_provider__del_field_astakosuser_third_part.py
- 0030_auto__del_field_astakosuser_provider__del_field_astakosuser_third_part.py
- 0031_new_user_fields.py
- models.py (diff)
- notifications.py (diff)
- settings.py (diff)
- templates
- im
- account_activated_notification.txt
- account_creation_notification.txt
- account_pending_moderation_notification.txt
- group_creation_notification.txt
- helpdesk_notification.txt
- im
- tests.py (diff)
- views.py (diff)
- im
- astakos
- snf-common