Auto-activate new users


(Owen Sullivan) #1

I want to disable the requirement for new users to verify through email, mostly because my server does not have sendmail and my sendgrid account has a limited number of emails that can be sent each month.

I know I probably will not surpass this limit on my forum (for a long, long time), but I want to use that account for other things as well and I’m afraid it will all add up. Is it possible to automatically activate new users so that activating via email is no longer required, and then also disable the activation email?

Even if it is not important now, this could be useful later, so if this is not yet possible, could someone let me know and I’ll recategorize this under features? If it is possible, please be as descriptive as possible.


(Rafael dos Santos Silva) #2

Use only social logins (Facebook, Google, etc) and the email validation doesn’t happen.


(Owen Sullivan) #3

Then is there some code I can use to disable the signup field and only allow social logins? Like when I click sign up, there is no more option to sign up with email?


(Rafael dos Santos Silva) #4

The settings you need to disable is enable local logins.


(Owen Sullivan) #5

Thanks, this worked!


(Owen Sullivan) #6

I found a serious issue with this feature - if you enable it, any accounts that were not created using an email address that can be verified by a social login will not be able to login.

For example, if I create an account with example@gmail.com, enable Google login, and then uncheck enable local logins, I can login using Google. But, if I create an account with example@domain.com and uncheck enable local logins, that user is rendered useless. Would it be possible for the next release to include the option to enable local signups, but still have an active login field?


(Allen - Watchman Monitoring) #7

Activation emails are a very small percent of all emails a Discourse forum can send.

By allowing email based logins without requiring activation, you’re opening up the forum for a ton of spam accounts which will, in turn, get emails when anyone posts.

There are a number of reasons to want to skip the email activation, but those typically have to do with a single-sign-on or closed environments.

I do not think you’re going to achieve your stated goal (sending less emails overall) by following down this path.

PS I was interested in this topic based on the title, but wonder if it should be changed to "Can I skip the auto-activation email"


(Owen Sullivan) #8

At this point, I’m more worried about the major issue when you actually uncheck the enable local logins option. Also, there is a plugin at GitHub - angelim/discourse_user_auto_activation that allows for auto-activation and I tried to use it, and the plugin works fine. However, it causes an issue with the Settings > Plugins page.

@angelim, you developed that plugin, so could you look at this issue? Whenever I use your plugin, I cannot access the Settings > Plugins page. It just says that there was an error, nothing else. However, when I disable the plugin it works fine.


(Mittineague) #9

That plugin has been abandoned


(Owen Sullivan) #10

Oh, that sucks… I guess I’ll delve into the code later. Thanks for the info though.


(Rick) #11

I have this scenario. I want to disable the email activation in discourse because I am using Wordpress for SSO (single-sign-in) so now the users have to validate twice, and that is poor customer experience. How can I remove the activate email requirement in discourse?

Also, @itsbhanusharma I have noticed that you have responded to multiple threads regarding SSO loops and maybe you are familiar with a solution to my issue here?

Help from anyone is greatly appreciated.

Thanks so much.

NOTE:
Just two clarify to other users that may be looking at this, please make sure you are following proper security protocols to avoid making your site vulnerable. The only reason I am doing this is because I have SSO activated through Wordpress and Wordpress is doing the email verification in addition to that I also disabled public registrations meaning that the only way to create an account is through Wordpress.

the setting is by invite only. See below:


(Bhanu Sharma) #12

There is a way to do that, @Simon_Cossar has mentioned that in another topic. If I find it, I’ll edit this reply with a link to that topic.

Edit:


(Rick) #13

Thanks so much for your help @itsbhanusharma! I will try to implement this and see how it works. I appreciate your help.

Also, do you know if there I a way to make all this work with 2FA (2-factor authentication)?

I have 2FA enable for administrators only, but it creates a loop and admins cannot log in to wp-admin. All other users work fine. When I disable 2FA for the admins then they can sign in to back-end no problem. The 2FA is being implemented through iThemes security.


(Bhanu Sharma) #14

That probably won’t work!


(Simon Cossar) #15

If users register through the default WordPress registation system, they should not be being forced to respond to the Discourse activation email when they first login to Discourse. If users register through a front-end registration system, they will have to respond to the Discourse activation email. If you are going to disable this, you need to be certain that your user’s email addresses are being verified when they register on your WordPress site.


(Rick) #16

Thank you so much for your help.


(Rick) #17

Awesome, thanks so much for your help @Simon_Cossar . I will have to check what is going on, because the way that I have is:

  1. user create account at mysite.com or login
  2. user receives activation email
  3. user gets access to the site
  4. when user click on the discourse.mysite.com they are still being presented receiving a screen from Discourse saying we send you an email please activate your account.
  5. IF user goes directly to discourse.mysite.com and it is not logged in user gets re-directed to mysite.com/login or register for new account and then circle back to #1.

I tries creating multiple accounts with different email addresses that I have and I am being presented each time with that screen… maybe there is a setting I am missing. But in order for users to get access to my wp site they are already require to validate their email.

Additionally, I have it set up where when anyone types or click on discourse.mysite.com if they are not logged in it takes them to mysite.com/login.