Redmine registration issues

The Redmine registration procedure is a bit fragile: If account activation mail doesn't arrive, we don't know how to make Redmine resend it.

This could happen for several reasons:
  • The registration mail could be lost.
  • Redmine could have lost its "Email notification" settings. In that case, Administration->Settings->Email notifications will shows that it's not configured.

When that happens, people can still create accounts but the account cannot be activated by them.

However it's still possible for Redmine Administrators to manually activate the account(s).

To manually activate an account for people creating new accounts

To manually activate an account for people that have admin access in the Redmine interface

All we need to check is that the email address is valid. Since many emails providers do use DKIM, we can easily reuse the DKIM signatures to do that:
  • First we ask the people having the issue to send a mail on the mailing list, or to the contact address, asking for an account, along with the account details.
  • We then verify that the account is not registered, and that the mail is the same between the mail we received and the account.
  • Then we verify that the mail we received was not forged by verifying the DKIM signatures.
  • Then we activate the account if everything is good.

We don't need to check the person's name as it's not checked by Redmine. Ideally we'd like to have a free form for the (real) name and also make it optional but we didn't find how to do it in a way that is easy to maintain in Redmine.

If you have the mail in Maildir format you can check the DKIM signatures with the following command:

$ cat ./the_mail_in_Maildir_format | dkimverify 
signature ok

And with claws mail, you can do it by opening the mail, then clicking on "File->Save Email as", and then you can verify it with the same command:

$ cat saved_mail | dkimverify
signature ok

Then to activate the account manually in Redmine, you can go in Administration->Users and Select All in Status, and search for the mail address.

Make sure that there is only one email matching, and then, once the user is selected, you should see the following links on the top-right of the page:

Emails Activate Delete Users

You can then activate the account by clicking on "Activate".

Be aware that there is no confirmation and that once the button is clicked, the account is activated immediately.

Updated by Denis 'GNUtoo' Carikli about 2 years ago · 2 revisions

Also available in: PDF HTML TXT