Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow users to be deactivated #308

Closed
Eakam1007 opened this issue Mar 8, 2023 · 2 comments · Fixed by #487 or #607
Closed

Allow users to be deactivated #308

Eakam1007 opened this issue Mar 8, 2023 · 2 comments · Fixed by #487 or #607
Assignees
@Eakam1007
Labels
category: authentication A service responsible for logging users in and maintaining their permissions based on credentials category: back end Back end part of our web service category: data Anything related to data management and structure new feature Adding a new solution
Milestone
Milestone 0.8

Comments

@Eakam1007
Copy link
Contributor

Eakam1007 commented Mar 8, 2023
edited
Loading

While discussing the deletion of users based on the design for the Admin UI (#106), it was concluded that deletion would be a multi step process. The first step in this would set a flag on the user that is being deleted, effectively setting the user as deactivated. This would prevent users from being able to perform actions while their account is being deleted.

Further, while checking if a user is logged in (username is present in the session), we should only return the user if the flag is not set (the flag for deactivated is false for the user). This is to handle the case where a user gets deleted from the database but is still logged in (i.e. their session has not expired).

At minimum, the following needs to be done:

  • Update the schema to add a deactivated flag to the user model
  • Update requireUsername and requireUser methods to check for the flag and not return the username if the user is deactivated
  • Add/update tests as needed
@Eakam1007 Eakam1007 added category: back end Back end part of our web service new feature Adding a new solution category: authentication A service responsible for logging users in and maintaining their permissions based on credentials category: data Anything related to data management and structure labels Mar 8, 2023
@ghost
Copy link

ghost commented Mar 8, 2023

Looks good!

Also, each worker (except cleanup) should do the same verification of the user being present in DB and is not being deleted.
If the user is, whould throw an IrrecoverableError from BullMQ

@Eakam1007
Copy link
Contributor Author

#318 is a part of this

@Eakam1007 Eakam1007 mentioned this issue Mar 20, 2023
Closed
@Eakam1007 Eakam1007 added this to the Milestone 0.8 milestone Mar 23, 2023
@Eakam1007 Eakam1007 mentioned this issue Mar 31, 2023
Merged
@Myrfion Myrfion mentioned this issue Apr 12, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Eakam1007 Eakam1007

Labels
category: authentication A service responsible for logging users in and maintaining their permissions based on credentials category: back end Back end part of our web service category: data Anything related to data management and structure new feature Adding a new solution
Projects
None yet
Milestone
Milestone 0.8
1 participant
@Eakam1007