Closes #3550: Add experimental az_user_expire module.

[joeparsons]

Description

• Adds new experimental az_user_expire module (not installed by default)
• Adds contrib user_expire module (not installed by default)
• Includes Quickstart override config for user_expire.setttings
• Adds az_user_expire role

Still TODO:

• Finalize default expiration timeout for inactive users that have the az_user_expire role (currently set to 30 days)
• Add user_expire patch that allows email notifications to be disabled (?)

Related issues

Closes #3550

How to test

Types of changes

Arizona Quickstart (install profile, custom modules, custom theme)

• Patch release changes
  • Bug fix
  • Accessibility, performance, or security improvement
  • Critical institutional link or brand change
  • Adding experimental module
  • Update experimental module
• Minor release changes
  • New feature
  • Breaking or visual change to existing behavior
  • Upgrade experimental module to stable
  • Enable existing module by default or database update
  • Non-critical brand change
  • New internal API or API improvement with backwards compatibility
  • Risky or disruptive cleanup to comply with coding standards
  • High-risk or disruptive change (requires upgrade path, risks regression, etc.)
• Other or unknown
  • Other or unknown

Drupal core

• Patch release changes
  • Security update
  • Patch level release (non-security bug-fix release)
  • Patch removal that's no longer necessary
• Minor release changes
  • Major or minor level update
• Other or unknown
  • Other or unknown

Drupal contrib projects

• Patch release changes
  • Security update
  • Patch or minor level update
  • Add new module
  • Patch removal that's no longer necessary
• Minor release changes
  • Major level update
• Other or unknown
  • Other or unknown

Checklist

• My code follows the code style of this project.
• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• I have read the CONTRIBUTING document.
• I have added tests to cover my changes.
• All new and existing tests passed.
• My change requires release notes.

[danahertzberg]

Suggested change

	label: 'Auto expire user'
	label: 'Automatically expire'

Suggested change

	label: 'Auto expire user'
	label: 'User expires'

Idea is that the other options are "Content admin", "HTML admin", etc. So having it be more explicit and action oriented makes sense to me.

[danahertzberg]

Follow up ticket for customizing the expiration timeline per site would likely be needed (Dana estimates)

[camikazegreen]

How about Expiring User or Auto Expiring User?

[elyssanaval]

• Temporary User
• Guest User
• Short-Term Access
• Limited-Time Access

[ewlyman]

DId "Site Access User" come up in our meeting discussion?
I'm afraid I was interrupted a few times :/
This name points out the main purpose of the user account and does not imply anything about a restricted time frame.

[elyssanaval]

Questions:

• Should a user receive an advanced email notification if the account will expire after a period of inactivity?
• Should a user receive an email notification once the account has expired?

Or possibly:

• If there is no email notification,
  • and a user with an expired account logs in, display a message that shows how to reactivate or contact another user that can reactivate the account?

[joeparsons]

Questions:

• Should a user receive an advanced email notification if the account will expire after a period of inactivity?
• Should a user receive an email notification once the account has expired?

Or possibly:

• If there is no email notification,

  • and a user with an expired account logs in, display a message that shows how to reactivate or contact another user that can reactivate the account?

Good questions. I had mainly been thinking about how we would like to use this in Campus Web Services where the email notifications would be unneeded but I imagine that they would be useful for some sites.

The module does include functionality that sends email notifications before a users account is about to expire. How soon the email is sent ahead of their account expires is configurable.

I'm not sure if an email is generated when the account is actually expired.

[sanjanans]

Auto Expire Access

[ejsamboy]

I have spent sometime testing the User Expire module:

Tests:

1. User accounts were successfully blocked by the module.
2. Warning email notifications were sent as expected.
3. Specific roles were correctly restricted.
4. Individual users were properly blocked.

Findings:

• To confirm Joe’s point, the module includes built-in functionality that automatically sends email notifications, with configurable frequency and warning offset times (see attached screenshot). For the CWS team, it might be best to disable these notifications.

• We could use Drupal’s default functionality to notify users when their accounts are blocked, including instructions on how to unblock them. This could include links to the "Unblock Drupal User" GitHub action and the CWS Sites Dashboard.

• The module also offers options to expire specific user accounts based on inactivity, as shown in the attached screenshot.

Email notification sent by the User Expire (SOS site):

Hello samboye

Because you have not logged in recently, your account at SOS will be blocked
in the near future. If you still use this site, please log in
https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Frole-expire-azs-sos.pantheonsite.io%2Fuser%2F0&data=05%7C02%7Csamboye%40arizona.edu%7C53b90c0774d041c564ff08dcd44eb7a6%7C5ee35505eb8e4929937d645df5013288%7C1%7C0%7C638618681785947444%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=KtP86c6aA3kwrMfdhimDEa4SDs1s0qEAMJbmopacYsc%3D&reserved=0 to avoid having your
account blocked.

Thanks, SOS