I am searching for a way to force an email revalidation of users. I saw
, in the user page and did a test. When attempting to log in the test gave me a response of
Should the Deactivated user have received an email alerting them that they need to revalidate?
When you manually deactivate a user it doesn’t automatically send an email asking them to revalidate, though you can press the button that appears in their user/admin page to resend one.
When an inactive account attempts to login they should be prompted with a screen like this where they can choose to have a fresh one sent:
I’m not sure why your screenshot seems to be missing that option? 
Could it be some custom code you’ve added to hide a particular button that has also accidentally hidden this one? Does it show up in safe mode?
Edit: After a little bit of digging, I think it’s the must approve users setting that makes the box disappear. When I enable that I no longer get the option showing up:
I’m not 100% sure that’s intentional.
It does seem intentional:
Though it does also break the revalidation flow for manually deactivating users so it still feels like a bug.
I’ll slide it over to Bug and see if someone more knowledgable can adjudicate. 
To recap:
must_approve_users is invite_only and login_required the option for re-sending activation email is missing.Some observations:
the interplay of the 3 settings is a bit confusing. Why would you want must_approve_users if you are already an invite_only community?
must_approve_users blocking email approval is somewhat confusing, we should revisit.
Leaving this with the staff-experience team to triage. Expect a response this week.
@benjamincfarmer does it make sense to try must_approve_users off on your community given it is already invite only?
How is invite only connected to this?
When I disable a user, the resend activation email button is missing because must approve users is enabled. Invite only isn’t enabled on my forum.
Yeah I agree it is unrelated, but the particular forum in question does not appear to need must approve users cause it is invite only anyway.
I can understand that you use both, so users with a certain trust level can invite others, but staff can still control who joins the community. I would expect fewer sign-ups by spammers, so less work for staff.
The context for the change appears to be:
So “must approve users” relies on “admins” to actually do the email validation.
My gut here is that the change to fix is rather complex.
Which would be a major rework of this feature. Not against this by any means but it feels somewhat complex.
That topic was created in September 2017.
This was committed in May, so before the topic was created.
Isn’t that the case?
When I sign up a new user:
The root desire of account deactivation was to prune accounts of individuals who no longer have access to their original sign-up email address. After observing that you can move the account to a new address when the account is deactivated I’ve realized that this wouldn’t provide the effect we were looking for anyways.
Sorry for kicking the beehive @sam
Our forum is being used to provide support to our sales agencies. If one of these employees leaves, and goes to a competitor, we want to remove them from the system. Feedback from the agency would be the best way to do this, if I had faith they would tell me.
Thank you for explaining the problem. One option would be deleting the user, but I assume you would like to keep old posts.
The second option would be to anonymize the user. That would prevent them from logging in again, and you will keep all conversations (under an anonymized username).
However, if you would like to keep their original username, we would need to develop a new button called “disapprove.” We would place it here:
If a “disapproved” user tries to log in, they would see this screen:
Would the anonymize feature work for you? It might take us a moment to develop that “disapprove” feature.
שלום לכולם,
יש לנו צורך דומה מאוד, שגם אני חשבתי ש"השבת משתמש" (Deactivate User) עשויה לתמוך בו, אבל גיליתי את אותו הדבר – השבתה אינה מפעילה אימייל הפעלה מחדש, וגם לא מאפשרת למשתמש לשלוח מחדש את האימייל, מכיוון שאנו פורום פרטי הדורש אישור.
מקרה השימוש שלנו הוא שאנו מאפשרים לאנשים מקבוצה ספציפית של מעסיקים במגזר הציבורי להצטרף לקהילה, כפי שמוכח על ידי כתובת האימייל שלהם. אנו מבקשים לבצע סוג של אימות מחדש תקופתי שהם עדיין אצל המעסיק, על ידי כפיית הפעלה מחדש של החשבון, כך שהם לא יוכלו להתחבר עם פרטי ההזדהות הקיימים שלהם למשך זמן רב אם הם עוזבים את מקום עבודתם וחשבון האימייל שלהם מושבת.
אני לא מחפש כלים לארכוב חשבונות כרגע – הכלים הקיימים יעבדו – הזרימה שאני תוהה לגביה ומודאג ממנה היא כיצד בעצם לפנות לכל המשתמשים ולומר “היי, האם אתם עדיין באותה כתובת אימייל?” ולגרום להם לאמת אותה, ללא יכולת לשנות את כתובת האימייל בחשבון המאושר. אני חושב שנוכל לאפס את הסיסמאות, והם יצטרכו גישה לחשבון האימייל כדי לאפס את הסיסמה שלהם, אבל זו קצת יותר טרחה עבור אנשים מאשר לחיצה על הקישור ויכולה להרחיק חלק מהאנשים.
אם יש דרך טובה יותר להשיג סוג כזה של אימות מחדש תקופתי, אני פתוח לכך, בין אם זה בממשק המשתמש (UI), או שימוש כלשהו ב-APIs להפעלה ידנית של אסימוני אימות ואימיילים חדשים.
תודה!
Was this confirmed as intentional? If so, I think this can likely be moved out of Bug. (Also a little curious as to the rationale if someone is willing to share )
If it is intentional then there seems to be at least two UX/Feature issues here:
Smoothing out the ux of this ‘dead end’ re-verify situation a user can find themselves in
Providing a way to periodically force an email revalidation where the users can’t simply switch to a non-authorised email and carry on accessing the site
