[Deprecated] User Management by ReFlar

jordanjay29

AngelAvila I believe wignu is interested in using this (or another) extension to automatically promote users to different usergroups based on their posts or points or something like that. Not that groups don't already exist, but changing them has to be done manually and one at a time.

AngelAvila

jordanjay29 Ohhh, I see. In this case we should remember that User Management creates and handles groups for the purpose of administrating the forum, without taking into consideration how active the person is when creating discussion/posts.

If @wignu wants to promote users to another rank/group automatically base on their amount of posts (upvotes) there is the brand-new Gamification Extension specially for that!

https://discuss.flarum.org/d/5588-gamification-by-reflar

Although, selecting many people and changing their administrative groups in one shot sounds like a nice feature for User Management.

0E800

AngelAvila
I was talking about the User List inside the Admin panel when this extension is installed.
Currently is shows the name with a couple of icons.

AngelAvila

0E800 I get it now! I think taking the Font-Awesome badge that you setup for your permission groups somewhere next to the nicks on User List would work

EDIT: This is being worked already: ReFlar/user-management10

SierraKiloGulf

Is there any mail support? I have been looking, I know in the old ext I used called User List you could mail to users, but havent seen it in this one.

AngelAvila

SierraKiloGulf The mail feature on the user list was deleted on purpose because of legalities.

Supreme-Leader

I've installed this addon, but striking people's post doesn't work. It is running on two Forums that I manage and both suffer from the same issue.

https://puu.sh/vztSH/8fb9faa6b6.png

jordanjay29

Supreme-Leader Turn on debug and try again. When you get the red error, click the debug link and copy/paste the error message here.

jordanjay29

Kyrne I can confirm what Supreme-Leader encountered.

Supreme-Leader

jordanjay29

Kyrne

Supreme-Leader two possible explainations:

The extension didn't migrate properly. Try running php flarum migrate in your webserver's root dir.
You are the first person other than me to serve a strike and therefore no one has reported this bug before.

Supreme-Leader

Kyrne Still not working;

Kyrne

Supreme-Leader

Run composer update

0.1.0

Fix for strikes not serving

I am also pulling it out of beta as there haven't been many bugs reported lately.

BotoX

Disabling email registration breaks changing your password.
Changing your password requires a valid email to send the password reset link to.
Changing your email to a valid email requires knowing your password.
If signing up with SSO/token your password is a random string.
You see where this is going...

I'd fix the issue like so:
Don't assign random password for SSO/token login but use empty password.
Don't allow login with empty password obv.
But allow changing your password if it's empty.

If the user forgets their set password and did not set a valid email then idk.
Maybe allow changing the email without entering a password.
Or instead of setting an invaild email (username@username.com) set it to empty and allow changing your password when the email is empty.

However for existing installations the user database is already a mess because of the inconsistently generated emails and passwords....

Also saving the settings did not work for me, I had to edit the php and save them with $this->settings->set

Kyrne

BotoX SSO isn't meant to be logged in directly, you are supposed to log in with your SSO each time. Example: if I register with GitHub I will need to sign in with GitHub each time. I believe this means this is an issue with Flarum's core rather than user management.

luceos

Kyrne correct, you should use "remember me for two weeks" so your session doesn't expire if you don't want to re-authenticate every time. This is not a shortcoming of Flarum - perhaps a bit of SPA design, but in the end it's called security ?

BotoX

Kyrne Yes, it's definitely not only to blame on user management.
But instead of saving a random password you could set it to a vaild password before the validation check and then change it to "" afterwards.
Also same for the email, use a valid one for the validation then change it to NULL before saving. For this to work the email column needs to be NULLable.
That's what I do right now and it works fine.
Users may choose to switch to native accounts instead of SSO or use both.

For example I require users to sign up with Steam SSO but allow them to specify an email and password after they authenticated with steam:

... authenticate with SSO (Steam) ...

Complete sign up:

You can't log in with an empty password ("") because it will turn into some hash "$2y$10$...." that is not equal the saved empty string ("") in the database.
For changing your E-Mail when no password is set flarum core needs to be modified so that it will return success when the password stored in the DB is an empty string ("").

If interested I can publish my changes.
In production on https://forum.gflclan.ru

Kyrne

BotoX I'm not sure if I follow. User management doesn't change anything about how passwords work when you sign up. Are you suggesting this as a feature?

BotoX

Kyrne I guess this makes more sense as a feature request.
I'm using User management for better SSO in flarum.
Since if you use SSO in native flarum you still need to create an account with email + password...
So I use this for removing the possibility of normal registration completely but still offer the possibility of normal accounts after SSO sign up.
It makes sense for me because I only want people with a steam account to be able to sign up on my forum, but don't want to bother them with using steam for logging in on all their devices.

I'll just maintain my own fork with this I guess, didn't work a lot with PHP so using this as a base definitely helped.

zhoujianwei

BotoX @Kyrne

Cant agree any more,i use a third wechat OAuth2.0
As wechat has not provide email, here using a random string as email,
Then the same scene appeared"Changing your password requires a valid email to send the password reset link to.
Changing your email to a valid email requires knowing your password." looks like a dead loop

jordanjay29

screenshot

Links point to null, but they were all served on the same post. As #4 pointed out, nothing stopped me from serving multiple strikes for the same post, even after refresh.

Links are pointing to http://testbed.legendofdevira.com/flarum/d/null when they should point to http://testbed.legendofdevira.com/flarum/d/6-to-split-or-not/9

Also, I'm not sure why Actor is the test user. Shouldn't it be Admin (my user) for serving the strikes?

Kyrne

jordanjay29 Do you mind installing dev-master and then running php flarum migrate? Please let me know if it is fixed.

« Previous Page Next Page »