Should a deactivated user recieve an email?

Bug
,
1

I am searching for a way to force an email revalidation of users. I saw
image, in the user page and did a test. When attempting to log in the test gave me a response of

The image shows a login screen with a message stating that an activation email was sent previously and instructing the user to follow it to activate their account. (Captioned by AI)
The image shows a login screen with a message stating that an activation email was sent previously and instructing the user to follow it to activate their account. (Captioned by AI)581Ă—216 6.26 KB
but no email to that address to re-validate, only change.

Should the Deactivated user have received an email alerting them that they need to revalidate?

3

When you manually deactivate a user it doesn’t automatically send an email asking them to revalidate, though you can press the button that appears in their user/admin page to resend one.

When an inactive account attempts to login they should be prompted with a screen like this where they can choose to have a fresh one sent:

The image shows a login screen stating that the user cannot log in yet, with a partially obscured email address, and provides options to resend activation emails or change the email address. (Captioned by AI)
The image shows a login screen stating that the user cannot log in yet, with a partially obscured email address, and provides options to resend activation emails or change the email address. (Captioned by AI)1179Ă—1165 120 KB

I’m not sure why your screenshot seems to be missing that option? :thinking: Could it be some custom code you’ve added to hide a particular button that has also accidentally hidden this one? Does it show up in safe mode?

Edit: After a little bit of digging, I think it’s the must approve users setting that makes the box disappear. When I enable that I no longer get the option showing up:

This image shows an error message instructing the user to check their email for activation instructions for logging into their account, with the email address partially blurred. (Captioned by AI)
This image shows an error message instructing the user to check their email for activation instructions for logging into their account, with the email address partially blurred. (Captioned by AI)1179Ă—1083 100 KB

I’m not 100% sure that’s intentional. :thinking:

1 Like
4

It does seem intentional:

Though it does also break the revalidation flow for manually deactivating users so it still feels like a bug.

I’ll slide it over to Bug and see if someone more knowledgable can adjudicate. :+1: :slight_smile:

4 Likes
5

To recap:

  • The community is invite only and every new member must be approved by staff
  • You want to force email re-validation on some users.
  • Given must_approve_users is invite_only and login_required the option for re-sending activation email is missing.

Some observations:

  • the interplay of the 3 settings is a bit confusing. Why would you want must_approve_users if you are already an invite_only community?

  • must_approve_users blocking email approval is somewhat confusing, we should revisit.

Leaving this with the staff-experience team to triage. Expect a response this week.

@benjamincfarmer does it make sense to try must_approve_users off on your community given it is already invite only?

7

How is invite only connected to this?

When I disable a user, the resend activation email button is missing because must approve users is enabled. Invite only isn’t enabled on my forum.

8

Yeah I agree it is unrelated, but the particular forum in question does not appear to need must approve users cause it is invite only anyway.

1 Like
9

I can understand that you use both, so users with a certain trust level can invite others, but staff can still control who joins the community. I would expect fewer sign-ups by spammers, so less work for staff.

1 Like
11

The context for the change appears to be:

So “must approve users” relies on “admins” to actually do the email validation.

My gut here is that the change to fix is rather complex.

  • Must approve users - should only get users that have validated emails
  • Hence even if this setting is enabled we should validate emails first prior to passing on users to admins

Which would be a major rework of this feature. Not against this by any means but it feels somewhat complex.

13

That topic was created in September 2017.

This was committed in May, so before the topic was created.

Isn’t that the case?
When I sign up a new user:

  1. I fill in the registration form
    Screenshot_20250512_022217_Firefox
    Screenshot_20250512_022217_Firefox855Ă—679 50.7 KB
  2. Then I am asked to validate the email address
    Screenshot_20250512_021653_Firefox
    Screenshot_20250512_021653_Firefox1068Ă—555 94.4 KB
  3. When I open the link sent by email, I click to activate the account
    Screenshot_20250512_021724_Firefox
    Screenshot_20250512_021724_Firefox1024Ă—440 49.3 KB
  4. I am told that I need to wait for staff to review my registration.
    Screenshot_20250512_021734_Firefox
    Screenshot_20250512_021734_Firefox1051Ă—687 115 KB

    At this point, the sign-up appears in the review queue, and staff can approve the user, who then receives the email that they can log in.
    Screenshot_20250512_021814_Firefox
    Screenshot_20250512_021814_Firefox1268Ă—960 120 KB
1 Like
14

The root desire of account deactivation was to prune accounts of individuals who no longer have access to their original sign-up email address. After observing that you can move the account to a new address when the account is deactivated I’ve realized that this wouldn’t provide the effect we were looking for anyways.

Sorry for kicking the beehive @sam

Our forum is being used to provide support to our sales agencies. If one of these employees leaves, and goes to a competitor, we want to remove them from the system. Feedback from the agency would be the best way to do this, if I had faith they would tell me.

1 Like