Checking "must approve users" and approving manually requires activation

This was unexpected. Previously I had activated accounts with only the options invite only and login required checked. Everyone was able to login just fine.

Then I checked the setting must approve users and went to all users, and clicked on the “Approve” button and it then said “Approved: Yes”. My admin account was already approved by system. All account were already reported as activated. I also checked with rails:

 active: true,
 approved_by_id: -1,
 approved_at: Thu, 23 Mar 2017 16:44:25 UTC +00:00,
 previous_visit_at: Sun, 02 Apr 2017 13:35:25 UTC +00:00,

Which looks fine and should allow login. However, trying to login from any account, including my main admin account resulted in this:

You can't log in yet. We previously sent an activation email to you at admin@example.com. Please follow the instructions in that email to activate your account. Click here to send the activation email again.

First, that’s false, there was no activation email sent. Second, this shouldn’t have happened since all accounts were already approved and activated.

I then also tried in rails:

u=User.find_by_username('myaccount');
u.approve(-1,false);
u.save!

The error was still there. I also tried in rails to deactivate,reactivate:

u.active=false
u.save!
u.activate();
u.save!

Still nothing …

What’s worse is that if I go back and disable the must approve users option, then the error is still there! … All my users now have to go via the email activation again. Is there another way to manually bring all account back to allow login directly like before?

This sounds like a bug …

Email must be validated by the user otherwise it is a giant gaping security hole.

1 Like

Maybe I misexplained, but I’m talking about already existing and activated accounts, including the main site admin account … the behaviour I described just can’t be an expected one

Is this still an issue? I know we fixed a number of bugs here since this was reported. Let us know.