Users being asked to verify e-mail after upgrade AND domain change

(Magnetidog) #1

Hello everybody.

So, we recently (yesterday) upgraded to the latest version, and some users are getting the following message when logging into the forum:

You can’t log in yet. We previously sent an activation email to you at Please follow the instructions in that email to activate your account. Click here to send the activation email again.

Is there anything I can look into to determine why this is being triggered? The users show as “Active” in the backend and I do not see anything weird or unusual in their profile.

I did not add/remove plugins during the upgrade.


(Magnetidog) #2

We did the upgrade, on a note, after we moved to a new domain. I am not sure if the two things could have triggered this whole thing.

Looking at the DB entries for the user via psql, all looks in fine the database.

(Magnetidog) #3

Adding a further exploration in here in case somebody is having the same issue.

So far it looks like that if I remove the user.email_confirmed check in line 207 of the session_controller (yeah, I do not recommend you do that)

( && user.email_confirmed?) ? login(user) : not_activated(user)

Then the error message is not shown. I am trying to go backwards to figure out how email_confirmed is determines, as if I just look at the database, all looks fine: the users are active.

(Kane York) #4

email_confirmed? checks if they have a activation email - did something happen to the email logs table?

(Magnetidog) #5

Hi @riking - yeah, they had the activation email, but I just found out the cause. I think it is a thing that might happen also to others in the future, and not so obvious at first. It took me so long it is ridiculous; but at least I now know a bit better Discouse’s session auth.

When I moved the domain, I did a remap of the domain in Discourse following the guide, from old to new, and many of these users were using the in their e-mail!

It looks like the rewrite changed all their domains ONLY in the “email_tokens” tables; so when Discourse did a table join between the user table and the email_tokens to verify if the user had been verified, it turned out as false. I fixed it by going via shell and doing a search and replace on the table.

All good now!