Enable confirmation for user creation?

Owned by Andy Brook [Plugin People] (Unlicensed)
Last updated: Oct 17, 2022 by Finn Gale
3 min read

Scenario

You would like users to not be automatically created for every sender that hits your inbox.  You don't know who will send you mail, so you can't use allow-listing.  You want to add a human action to the cycle to reduce system generated and spam-related user creation.

Solution

JEMH 1.4.14 introduces a human-interaction feature for user creation, the flow is simple:

  1. Email user sends an email

  2. JEMH determines no user has that address, marks the message as On Hold and does not process it, leaving it in Audit History

  3. JEMH mails the sender with an expiring link that needs to be clicked within 30 minutes to confirm account creation

  4. Email user gets the mail and clicks the link, passing a GUID value to identify the request

  5. JEMH looks up the provided GUID, retrieves the related from: address

  6. JEMH uses the Profile to configure how the user should be created (e.g. using external LDAP lookup for user details), adding required JIRA groups that enable issue creation/update.  If enabled in the Profile, the user would be notified of account creation.

  7. JEMH scans Audit History, looking for On Hold messages from the given user.

  8. JEMH re-animates each found email, re-executing it against the same Profile that the message originally went through.

  9. JEMH marks the old On Hold messages as Re-animated.  New Audit Events are written containing the result of the re-animation.

 

Here is an overview, all messages get processed by the related JEMH Profile that contains many pre-processing filters that are run before the mail becomes an issue.  With user-signup enabled, any email that comes in from addresses not associated with a JIRA account will be marked as 'On Hold' and will be left, unprocessed, in JEMH Audit History.

Flow 1 : Incoming messages from unknown senders

 

Flow 2 : Remote user confirms account creation

What needs to be done?

JEMH User Signup Template Set

The confirmation email that the user receives is a JEMH TemplateSet, so the subject, and text or HTML content can be customized per-Profile.

From the JEMH Navigation Menus click template sets.

 

and press the Signup tab. Press the plus symbol on the right hand side to add a new template.

Notification format selector

The determination of whether text/html is sent is controlled through the Email > Templates section:

 

Enabling User Signup

The User section of the JEMH Profile contains the required checkbox (below) but the other fields also apply, as, a reference to the Profile is retained, so all user creation settings (blocklisting, allow-listing, alternate ID provider for additional user info, auto-join groups, all apply later.

 

Enabling the User Signup Filter

In addition, there is a UserSignup Message Filter that needs to be enabled (will be by default on new Profiles, but upgrades need to enable):

 

In order for a JIRA user to create issues, always check the permissions for the target project. Run a test case from an unknown user to the auto-join group you select achieves the desired result!