Open pglombardo opened 1 year ago
technofab
commented
1 year ago Hi, in my point of view, for this request it can be useful use also a "LDAP" backend for users, for example full LDAP TBSAM or Active Directory, some projects like openproject use LDAP and Active Directory for user management.
pglombardo
commented
1 year ago OpenProject is a great example that I can use - built with the same stack as Password Pusher too . Implementing LDAP blindly is hard to do.
petskratt
commented
10 months ago Two user-stories that perhaps could be considered when picking implementation for this feature, related to instance with domain-limited user registration for file sharing functionality:
note: my current "hack" solution is to add a scheduled job that removes verification from inactive users, so they need to re-verify email and are technically locked out when they don't control the email anymore
pglombardo
commented
10 months ago That's helpful @petskratt thanks.
note: my current "hack" solution is to add a scheduled job that removes verification from inactive users, so they need to re-verify email and are technically locked out when they don't control the email anymore
That's a slick solution for now :-)
I have this half implemented in a branch that I need to resurrect. Hopefully I'll get to this soon.
petskratt
commented
10 months ago Follow-up to my hack - setting locked_at timestamp is actually better, as token is generated and cleared automatically. The actual command, presuming credentials in env (in my case it runs in CronJob container, so having pwd on commandline not a great problem):
mysql -h $DATABASE_HOST -u $DATABASE_USER -p$DATABASE_PASS $DATABASE_DB -e "UPDATE users SET locked_at = now() where confirmed_at is not null and locked_at is null and current_sign_in_at < date_sub(now(), interval 1 month)"
Discussed in https://github.com/pglombardo/PasswordPusher/discussions/1337