discourse/app/jobs/scheduled/invalidate_inactive_admins.rb

# frozen_string_literal: true

module Jobs

  class InvalidateInactiveAdmins < ::Jobs::Scheduled
    every 1.day

    def execute(_)
      return if SiteSetting.invalidate_inactive_admin_email_after_days == 0

      timestamp = SiteSetting.invalidate_inactive_admin_email_after_days.days.ago

      User.human_users
        .where(admin: true)
        .where(active: true)
        .where('last_seen_at < ?', timestamp)
        .where("NOT EXISTS ( SELECT 1 from api_keys WHERE api_keys.user_id = users.id AND COALESCE(last_used_at, updated_at) > ? )", timestamp)
        .where("NOT EXISTS ( SELECT 1 from posts WHERE posts.user_id = users.id AND created_at > ?)", timestamp)
        .each do |user|

        User.transaction do
          user.deactivate(Discourse.system_user)
          user.email_tokens.update_all(confirmed: false, expired: true)

          reason = I18n.t("user.deactivated_by_inactivity", count: SiteSetting.invalidate_inactive_admin_email_after_days)
          StaffActionLogger.new(Discourse.system_user).log_user_deactivate(user, reason)

          Discourse.authenticators.each do |authenticator|
            if authenticator.can_revoke? && authenticator.description_for_user(user).present?
              authenticator.revoke(user)
            end
          end
        end
      end
    end
  end

end
DEV: enable frozen string literal on all files This reduces chances of errors where consumers of strings mutate inputs and reduces memory usage of the app. Test suite passes now, but there may be some stuff left, so we will run a few sites on a branch prior to merging 2019-05-03 06:17:27 +08:00			`# frozen_string_literal: true`

FEATURE: require admins to re-validate their email addresses if they haven't been seen for a number of days, configurable with the invalidate_inactive_admin_email_after_days site setting. Social logins are also revoked. Default is 365 days. 2018-12-13 04:32:14 +08:00			`module Jobs`

DEV: Upgrading Discourse to Zeitwerk (#8098) Zeitwerk simplifies working with dependencies in dev and makes it easier reloading class chains. We no longer need to use Rails "require_dependency" anywhere and instead can just use standard Ruby patterns to require files. This is a far reaching change and we expect some followups here. 2019-10-02 12:01:53 +08:00			`class InvalidateInactiveAdmins < ::Jobs::Scheduled`
FEATURE: require admins to re-validate their email addresses if they haven't been seen for a number of days, configurable with the invalidate_inactive_admin_email_after_days site setting. Social logins are also revoked. Default is 365 days. 2018-12-13 04:32:14 +08:00			`every 1.day`

			`def execute(_)`
			`return if SiteSetting.invalidate_inactive_admin_email_after_days == 0`

FIX: Do not deactivate admin accounts with recent posts or api keys (#8342) This prevents 'bot' users being deactivated 2019-11-13 00:56:01 +08:00			`timestamp = SiteSetting.invalidate_inactive_admin_email_after_days.days.ago`

FEATURE: require admins to re-validate their email addresses if they haven't been seen for a number of days, configurable with the invalidate_inactive_admin_email_after_days site setting. Social logins are also revoked. Default is 365 days. 2018-12-13 04:32:14 +08:00			`User.human_users`
			`.where(admin: true)`
DEV: add transaction and active check to invalidate job Follows up on 3b76f196684a8 this per @tgxworld a transaction makes sense here Very minor 2018-12-13 11:59:56 +08:00			`.where(active: true)`
FIX: Do not deactivate admin accounts with recent posts or api keys (#8342) This prevents 'bot' users being deactivated 2019-11-13 00:56:01 +08:00			`.where('last_seen_at < ?', timestamp)`
			`.where("NOT EXISTS ( SELECT 1 from api_keys WHERE api_keys.user_id = users.id AND COALESCE(last_used_at, updated_at) > ? )", timestamp)`
			`.where("NOT EXISTS ( SELECT 1 from posts WHERE posts.user_id = users.id AND created_at > ?)", timestamp)`
FEATURE: require admins to re-validate their email addresses if they haven't been seen for a number of days, configurable with the invalidate_inactive_admin_email_after_days site setting. Social logins are also revoked. Default is 365 days. 2018-12-13 04:32:14 +08:00			`.each do \|user\|`

DEV: add transaction and active check to invalidate job Follows up on 3b76f196684a8 this per @tgxworld a transaction makes sense here Very minor 2018-12-13 11:59:56 +08:00			`User.transaction do`
FIX: Reviewables should not be created for users until they are active Conversely, if a user is deactivated the reviewable should automatically be rejected. Before this fix, if a user was not active they'd still show in the review queue but without an "Approve" button which was confusing. 2019-04-04 00:04:05 +08:00			`user.deactivate(Discourse.system_user)`
DEV: add transaction and active check to invalidate job Follows up on 3b76f196684a8 this per @tgxworld a transaction makes sense here Very minor 2018-12-13 11:59:56 +08:00			`user.email_tokens.update_all(confirmed: false, expired: true)`
FEATURE: require admins to re-validate their email addresses if they haven't been seen for a number of days, configurable with the invalidate_inactive_admin_email_after_days site setting. Social logins are also revoked. Default is 365 days. 2018-12-13 04:32:14 +08:00
FEATURE: Add message to log when admins are automatically deactivated 2020-01-28 20:16:24 +08:00			`reason = I18n.t("user.deactivated_by_inactivity", count: SiteSetting.invalidate_inactive_admin_email_after_days)`
			`StaffActionLogger.new(Discourse.system_user).log_user_deactivate(user, reason)`

DEV: add transaction and active check to invalidate job Follows up on 3b76f196684a8 this per @tgxworld a transaction makes sense here Very minor 2018-12-13 11:59:56 +08:00			`Discourse.authenticators.each do \|authenticator\|`
			`if authenticator.can_revoke? && authenticator.description_for_user(user).present?`
			`authenticator.revoke(user)`
			`end`
FEATURE: require admins to re-validate their email addresses if they haven't been seen for a number of days, configurable with the invalidate_inactive_admin_email_after_days site setting. Social logins are also revoked. Default is 365 days. 2018-12-13 04:32:14 +08:00			`end`
			`end`
			`end`
			`end`
			`end`

			`end`