Admin can set unconfirmed user settings via API
What does this MR do and why?
- Changes the feature slightly so that this job will not run for an instance where email confirmation is turned off. This is to reduce the risk that an admin is unaware that email confirmation is off and they end up deleting active users on the platform who have never confirmed their email (because they didn't have to).
- Also adds documentation for this feature and addresses some follow-up items on testing from the original MR
- #414921 (closed)
- #352514 (comment 1427888260)
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
| Before | After |
|---|---|
How to set up and validate locally
- In rails console enable feature flag and needed settings
Feature.enable(:delete_unconfirmed_users_setting) Gitlab::CurrentSettings.update(delete_unconfirmed_users: true) Gitlab::CurrentSettings.update(unconfirmed_users_delete_after_days: 30) Gitlab::CurrentSettings.update(email_confirmation_setting: 'hard') - Create a user who is unconfirmed and created more than 30 days ago
FactoryBot.create(:user, :unconfirmed, created_at: 1.year.ago, email: 'deleteme@example.com', username: 'unconfirmed_person') - Wait for the hourly cron job or kick it off manually
Users::UnconfirmedUsersDeletionCronWorker.new.perform - The user should have a ghost migration user (these are processed async to delete the user)
Users::GhostUserMigration.where(user_id: User.find_by_username('unconfirmed_person').id).first
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.