Users being asked to verify e-mail after upgrade AND domain change


(Magnetidog) #1

Hello everybody.

So, we recently (yesterday) upgraded to the latest version, and some users are getting the following message when logging into the forum:

You can’t log in yet. We previously sent an activation email to you at useremail@xxxxx.com. Please follow the instructions in that email to activate your account. Click here to send the activation email again.

Is there anything I can look into to determine why this is being triggered? The users show as “Active” in the backend and I do not see anything weird or unusual in their profile.

I did not add/remove plugins during the upgrade.

Thanks!!!


(Magnetidog) #2

We did the upgrade, on a note, after we moved to a new domain. I am not sure if the two things could have triggered this whole thing.

Looking at the DB entries for the user via psql, all looks in fine the database.


(Magnetidog) #3

Adding a further exploration in here in case somebody is having the same issue.

So far it looks like that if I remove the user.email_confirmed check in line 207 of the session_controller (yeah, I do not recommend you do that)

(user.active && user.email_confirmed?) ? login(user) : not_activated(user)

Then the error message is not shown. I am trying to go backwards to figure out how email_confirmed is determines, as if I just look at the database, all looks fine: the users are active.


(Kane York) #4

email_confirmed? checks if they have a activation email - did something happen to the email logs table?


(Magnetidog) #5

Hi @riking - yeah, they had the activation email, but I just found out the cause. I think it is a thing that might happen also to others in the future, and not so obvious at first. It took me so long it is ridiculous; but at least I now know a bit better Discouse’s session auth.

When I moved the domain, I did a remap of the domain in Discourse following the guide, from old domain.com to new domain.com, and many of these users were using the olddomain.com in their e-mail!

It looks like the rewrite changed all their domains ONLY in the “email_tokens” tables; so when Discourse did a table join between the user table and the email_tokens to verify if the user had been verified, it turned out as false. I fixed it by going via shell and doing a search and replace on the table.

All good now!