Closed Naviary2 closed 2 days ago
For the second one you can do OTP? OTP are used everywhere so just send a OTP to the gmail and ask for that?
I'm just curious why even allow accounts with unverified email in the first place?
I'm just curious why even allow accounts with unverified email in the first place?
I don't have a holding cell for unverified accounts, just a flag in the members json data that says they are not verified.
The real solution to this is to simply force email verification during registration. Another option is to track latest logins, which allows discarding old accounts in general, maybe unverified accounts with a smaller timespan than verified ones.
I do have a seen
property which keeps track of the last time they were seen. But that's a tad different from last "login".
Fixed with the help of @shacharrr, in #82 !
Unverified accounts are never deleted! This can create issues with:
Proposal
Set an interval, every 24 hours, to iterate through all members. If they are not verified, and their join date is over 3 days ago, auto-delete their account.