Feature #30998

Delete account not fully registered after an amount of time

Added by David Demelier over 2 years ago. Updated 4 months ago.

Status:NewStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:Accounts / authentication
Target version:Candidate for next major release
Resolution:

Description

Hello,

Unfortunately I'm not enough skilled in ruby to propose a patch.

Like many other people, I'm affected by spammers that half-register themselves but do not complete inscriptions due their fake emails. So I constantly have a pile of half-registered users that pollute my database.

It could be nice if there was an option to automatically delete accounts that were not successfully registered after a given amount of time (example, 1 day by default or something like that).

What do you think?

30998.patch Magnifier (1.63 KB) Yuichi HARADA, 2021-04-19 02:31

30998-v2.patch Magnifier (1.67 KB) Go MAEDA, 2021-06-30 17:04

History

#1 Updated by David Demelier over 2 years ago

For those who are interested, I usually process this easily by:

delete from users where status = 2;

Not sure if it's really safe while redmine is running though.

#2 Updated by Go MAEDA 6 months ago

How about adding a rake task redmine:users:prune to remove users who have not completed their registration?

Redmine already has a similarly named rake task redmine:attachments:prune (source:tags/4.2.0/lib/tasks/redmine.rake#L20). The rake task deletes files that have been uploaded but not attached to an issue or wiki page.

#3 Updated by Yuichi HARADA 6 months ago

Go MAEDA wrote:

How about adding a rake task redmine:users:prune to remove users who have not completed their registration?

+1
I created a rake task redmine:users:prune.

diff --git a/app/models/user.rb b/app/models/user.rb
index a3d2449d2..af65d5aaa 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -887,6 +887,10 @@ class User < Principal
     project_ids.map(&:to_i)
   end

+  def self.prune(age=1.day)
+    User.where("created_on < ? AND status = ?", Time.now - age, STATUS_REGISTERED).destroy_all
+  end
+
   protected

   def validate_password_length
diff --git a/lib/tasks/redmine.rake b/lib/tasks/redmine.rake
index 2bebaf18c..8cdf6f80f 100644
--- a/lib/tasks/redmine.rake
+++ b/lib/tasks/redmine.rake
@@ -40,6 +40,13 @@ namespace :redmine do
     end
   end

+  namespace :users do
+    desc 'Remove users who could not be activated after one day.'
+    task :prune => :environment do
+      User.prune
+    end
+  end
+
   namespace :watchers do
     desc 'Removes watchers from what they can no longer view.'
     task :prune => :environment do

#4 Updated by Go MAEDA 6 months ago

  • Target version set to Candidate for next major release

#5 Updated by Go MAEDA 4 months ago

Thank you for the patch.

I have changed the patch to remove users registered more than 7 days ago. I think one day is too short.

Suppose that you set "Self-registration" to "manual account activation" and run the rake task every day. When the admin receives a notification that a user has registered, the admin must activate the user within one day or the user will be deleted. All users who register after Friday afternoon may be deleted by Monday morning.

Also available in: Atom PDF