On Wed, Nov 27, 2019 at 12:00 PM Alex Kaiser <[email protected]> wrote:
> I found a solution for deactivating not completed TOTP activations > > > > Use the valid_from field in the database for the first valid logon date > > > > Execute the following queries against the database (mysql) within a cron > job. In my case I used a max activation time of 7 days > > > > UPDATE guacamole_user > > SET guacamole_user.disabled=1 > > WHERE valid_from IS NULL; > > > > UPDATE guacamole_user > > LEFT JOIN guacamole_user_attribute > > ON guacamole_user.user_id=guacamole_user_attribute.user_id > > SET guacamole_user.disabled=1 > > WHERE (valid_from < NOW() - INTERVAL 7 DAY) AND > guacamole_user_attribute.attribute_name IS NULL; > > > > UPDATE guacamole_user > > LEFT JOIN guacamole_user_attribute > > ON guacamole_user.user_id=guacamole_user_attribute.user_id > > SET guacamole_user.disabled=1 > > WHERE ((valid_from < NOW() - INTERVAL 7 DAY) AND > (guacamole_user_attribute.attribute_name='guac-totp-key-confirmed')) AND > (guacamole_user_attribute.attribute_value='false'); > > > > > Thanks for sharing the solution! I'd still suggest that this be entered as a feature request, as I think it's something multiple people will find useful. But it's good to have a work-around for the time being. -Nick >
