~eduvpn/server#3: 
(auto) delete inactive accounts / self delete

we could add a cron to delete users accounts if the haven been used within n days after sessionExpiry?

perhaps the user wants to delete their own account as well (GDPR):

  • allow user to delete through portal?
  • through API, i.e. from the VPN client(s)?
  • how about "guest access" scenario where user may have used any of the other NREN hosted servers?
Status
REPORTED
Submitter
~fkooman
Assigned to
No-one
Submitted
3 years ago
Updated
4 months ago
Labels
v3.x

~fkooman 7 months ago

The users table contains a column for when the user was last seen. This "last seen" means when the last time was they saw the portal, i.e.:

  1. They logged in manually in the portal through the browser
  2. They used an eduVPN/LC app and went through authorization

The "last seen" column does NOT indicate when the user last used the VPN.

We also have "connection_log" table where we can see when the user last connected, but this is only useful for OpenVPN as that references actual connections, and not like with WireGuard where it means when the API client called /connect or when the user download the manual OpenVPN configuration file.

~fkooman 7 months ago

SQLite query, no idea if it also works on MariaDB/MySQL or PostgreSQL:

sqlite> select user_id,last_seen from users where last_seen < date('now', '-90 days');

~fkooman 4 months ago

Fran├žois Kooman referenced this ticket in commit 75c98eb.

Register here or Log in to comment, or comment via email.