I have not been here in a while. Does NodeBB now have reply-by-email functionality?
Is there a roadmap to have this feature or was it totally dropped?
Hey I'm about to go in Production in the next few days.
I want to make sure that user verify their email address before being able to login.
I checked "Require Email confirmation" in Admin panel Settings/User, but the user can still login in before he has clicked the link in the confirmation mail.
Is there a way to not let the user login like that?
Thanks
It will let them login. But nothing else. So they cant post or access anything that you've denied access to to registered members. Probably should be a check on login though. Or at least something that's checked every 10-15 seconds just in case someone verifies the email while logged in.
Oh oh I assumed they had access after login, good to know! [solved]
Sorry to hijack this post, but this advice isn't quite right?
Nodebb doesn't differentiate between a confirmed or unconfirmed user, they both occupy the same "registered users" group.
For example on my forums, I offer downloadable files that are only available to registered users, which is ok because guests can't view or download the files, but suppose someone uses a fictional email address? They gain access .... even though they haven't confirmed their address.
Access control would work as expected if there was an "email confirmed" user group.
Regards, Lee
I'm going to bump this year old topic to see if it can get more attention. I really feel that NodeBB should differentiate between a registered user, and a user who still needs to validate their email.
While these accounts can't post, they can access all sorts of content that I have open to regular user accounts. A work around would to be a secondary group, reward promotion and require something like an introduction post, but this is by no means the standard procedure on a forum.
@A-Former-User said in Registering - Force email confirmation?:
I'm going to bump this year old topic to see if it can get more attention. I really feel that NodeBB should differentiate between a registered user, and a user who still needs to validate their email.
While these accounts can't post, they can access all sorts of content that I have open to regular user accounts. A work around would to be a secondary group, reward promotion and require something like an introduction post, but this is by no means the standard procedure on a forum.
I know it is an old topic, can anyone give some hints on how to create a group for registered users without email validation? Although this kind of users are not able to post, they can view topics just like the registered one while a guest cannot.
@guo said in Registering - Force email confirmation?:
@A-Former-User said in Registering - Force email confirmation?:
I'm going to bump this year old topic to see if it can get more attention. I really feel that NodeBB should differentiate between a registered user, and a user who still needs to validate their email.
While these accounts can't post, they can access all sorts of content that I have open to regular user accounts. A work around would to be a secondary group, reward promotion and require something like an introduction post, but this is by no means the standard procedure on a forum.
I know it is an old topic, can anyone give some hints on how to create a group for registered users without email validation? Although this kind of users are not able to post, they can view topics just like the registered one while a guest cannot.
I dig into the code and try to avoid users without email validation from reading posts.
In src/controllers/api.js, I made some changes as:
apiController.getPostData = async function (pid, uid) {
const [userPrivileges, post, voted, userData] = await Promise.all([
privileges.posts.get([pid], uid),
posts.getPostData(pid),
posts.hasVoted(pid, uid),
user.getUserFields(uid, ['email:confirmed']), // add
]);
if (!post) {
return null;
}
Object.assign(post, voted);
const notConfirmed = meta.config.requireEmailConfirmation && !userData['email:confirmed']; // add
const userPrivilege = userPrivileges[0];
if (!userPrivilege.read || !userPrivilege['topics:read'] || notConfirmed) { // add
return null;
}
post.ip = userPrivilege.isAdminOrMod ? post.ip : undefined;
const selfPost = uid && uid === parseInt(post.uid, 10);
if (post.deleted && !(userPrivilege.isAdminOrMod || selfPost)) {
post.content = '[[topic:post_is_deleted]]';
}
return post;
};
But it is of no avail. I am a nodejs newbie, can anyone give some advises?
You will need to add it to the topic controller as well. https://github.com/NodeBB/NodeBB/blob/master/src/controllers/topics.js
A better way to do this is to write a plugin and alter topics:read
privilege to false if the email is not confirmed.
I added 2 hooks for this in https://github.com/NodeBB/NodeBB/commit/d080c7b04c83a6c2925d8a61f26dc268829afdc2.
Here is how it would be used in a plugin
// this handles multiple users for a single privilege/category
myPlugin.isUsersAllowedTo = async function (hookData) {
if (meta.config.requireEmailConfirmation && hookData.privilege === 'topics:read') {
const userData = await user.getUsersFields(hookData.uids, ['email:confirmed']);
hookData.allowed = userData.map((data, index) => hookData.allowed[index] && data['email:confirmed']);
}
return hookData;
};
// this handles single user for multiple privileges or categories
myPlugin.isUserAllowedTo = async function (hookData) {
if (meta.config.requireEmailConfirmation) {
const emailConfirmed = await user.getUserField(hookData.uid, 'email:confirmed');
if (Array.isArray(hookData.privilege) && hookData.privilege.includes('topics:read')) {
const index = hookData.privilege.indexOf('topics:read');
hookData.allowed[index] = hookData.allowed[index] && emailConfirmed;
} else if (Array.isArray(hookData.cid) && hookData.privilege === 'topics:read') {
hookData.allowed = hookData.cid.map((cid, index) => hookData.allowed[index] && emailConfirmed);
}
}
return hookData;
};
@baris Wow, thanks for your detailed input. Hope I can contribute to the community soon after.