Enhance Activate/Deactivate users

[mahalakshme]

Need:

Users to be activated not by default. And instead can be activated when needed.

AC:

• On 'users and catchments' sample CSV file, add a column called 'Activated' as last column. Add, Allowed values: yes, no. Default: yes in the descriptor row
• When creation of user done in inactive state via CSV like the above, do not send the user credentials to the user.
• Add an API to activate users
• When a user is activated when they are in FORCE_CHANGE_PASSWORD state(when user not yet reset the temporary password), then resend the Avni's temporary password via SMS. This should be the behaviour when activation done via API or UI or CSV(a user can be edited by upload CSV functionality as well)
• Update readme and API documentation

Technical details:

• So when activating user - two cognito APIs might need to be called - one for activating and another(AdminCreateUser) for resending user credentials
• AdminCreateUser cognito API also works like the above expected way only. It resends only when the user is in FORCE_CHANGE_PASSWORD state and when the user is in CONFIRMED state, it returns 400 Bad request with below error message:

{
    "__type": "UnsupportedUserStateException",
    "message": "Resend not possible. glific@rwb24stag status is not FORCE_CHANGE_PASSWORD"
}

Inputs

• deactivate(suppress) -> activate(send credentials)
• UI - deactivated? - without sending credentials itself,
• CSV - Edit
• 2 cards
• existing privilege - activate User - Privilege.PrivilegeType.Messaging or 'PrivilegeType.EditUserConfiguration'
• when activating have an option here, to resend credentials irrespective of User state,
• enabling instead of disabling
• APIs, documentation everything should become consistent
  reset password - send credentials? Metabase
  security - enabling user - sending credentials
• custom privilege?
  Self-serice - anyone, remove admin premission, Avni cloud self-hostable
• APIs consistent
• Also have a checkbox in user page named 'Disable'. When a user is created checking this, do not send the user credentials. - anyways can deactivate later - so no need

Ignore: old:

• On user upload add a checkbox to suppress sending of user credentials(Users might prefer flow of forgot password to prevent the credentials to be in their SMS box for security reasons.)

• Have a 'RESEND CREDENTIALS' option on each user page. Like the below screen, move the options(other than Edit) to under 'Actions'

- When resending the credentials, also send the temporary password to avoid AWS setting some complex password. ----------------- - Expose the above functionality and activating user via API as well

[1t5j0y]

avniproject/avni-server#840 (comment) - suppress / resend credentials spike

[mahalakshme]

@1t5j0y yes it is via setting RESEND in MessageAction we can resend the credentials when activating the user. will update the technical details for more clarity

[petmongrels]

Notes

• API user should have "Edit user configuration"
• handle error when the permanent password user is enabled

[mahalakshme]

@petmongrels oh yeah I forgot to add the permissions requirement, will add it

[AchalaBelokar]

• I Uploaded this csv file on staging in org apfodisha. I uploaded as active user no. I didn’t get any message is expected but on user list it is showing the active user.

user_create _apfodisha.csv

[mahalakshme]

@petmongrels looks like the above case got missed in AC. When a user is inactive, in the list of users page it should not show as 'Active'

@AchalaBelokar u can continue testing the other cases in the mean time.

[mahalakshme]

@petmongrels User created in deactivated state by default when no value is entered. This is causing confusion since users are not used to enter value for this column.