Description of feature:
On account deletion, keep some record about the former user for some configurable amount of time.
Possible data to keep may include a new JID or other reference to where they can be reached in the future.
Motivation:
Preventing impersonation of newly deleted accounts
Allowing the former users contacts some time to become aware of the account deletion and possible new JID / other contact method (via the `gone` stanza error, with redirect URI)
Zash
on
Changes
tags Difficulty-Easy Milestone-0.12
Zash
on
Work in progress.
Changes
owner Zash
tags Status-Started
Christian
on
Servers should, however, inform other servers with which a certain jid had contact about its "demise".
And these should then, depending on the will of the administrator, either automatically "clean" the bookmarks or request the owners of the bookmarks to do so.
The servers could then adjust rights/privileges themselves
MattJ
on
Changes
tags Priority-High
Zash
on
Have 80% implementation in a topic branch
Remaining issue:
Tricky to prevent creation of users when the module is not loaded or asked, such as if prosodyctl adduser is used, or the console, or some plugin that forgot to fire the proper events.
But maybe that's okay? If the admin uses the admin tools, should we really stop them?
Plugins can be fixed.
Description of feature: On account deletion, keep some record about the former user for some configurable amount of time. Possible data to keep may include a new JID or other reference to where they can be reached in the future. Motivation: Preventing impersonation of newly deleted accounts Allowing the former users contacts some time to become aware of the account deletion and possible new JID / other contact method (via the `gone` stanza error, with redirect URI)
Work in progress.
ChangesServers should, however, inform other servers with which a certain jid had contact about its "demise". And these should then, depending on the will of the administrator, either automatically "clean" the bookmarks or request the owners of the bookmarks to do so. The servers could then adjust rights/privileges themselves
Have 80% implementation in a topic branch Remaining issue: Tricky to prevent creation of users when the module is not loaded or asked, such as if prosodyctl adduser is used, or the console, or some plugin that forgot to fire the proper events. But maybe that's okay? If the admin uses the admin tools, should we really stop them? Plugins can be fixed.
https://hg.prosody.im/trunk/rev/94de6b7596cc
Changes