Deactivate/soft-delete user
Is there a way of deactivating or soft-deleting user?
I want to basically keep a user entry in the DB, but disable sign-ins and resetPassword actions, as if the user does not exist. Ideally, the user should be able to sign up again.
18 Replies
Hey, there isn't an out-of-the-box solution for this off the top of my head unfortunately, however I do intend to implement soft-deleting to any table in the future.
Do you have any rough ideas on how this will be implemented? I need to implement this in my system this week, and would be great if my implementation didn't stray too far from the official setup, to avoid any incompatibilities down the line
It will likely be a configuration in the auth config under
advanced.database.softDelete or something along those lines.
It will add a new column to the respective table with a deletedAt field.
Then any time a row is deleted, it will set the deletedAt to the time it was deleted.
Any calls to the BA adapter will automatically exclude all deleted fields unless specified otherwise in the adapter method params.Does the email field change? For example, what happens if a user tries to sign-up again after deleting their account?
Better Auth already checks if an existing email is there before allowing a user to sign-up.
With this change, it will likely mean that we have to not allow
unique on specific fields, and rely on programmatic checks.It would be dope to get a "deactivate" plugin out of the box that sets deactivated to true when the user deactivates their account and signs them out, and then sets deactivated back to false the next time they sign in
How do I currently delete a user serverside?
I tried passing the token returned by get-session, the password, the full session_token cookie; each time I'm getting Unauthorized
Did you enable this?
yup, it's enabled
Try passing headers
That worked
thank you
I have created a issue in Github before knowing this channel. Please feel free to have a reference:
https://github.com/better-auth/better-auth/issues/2669
GitHub
Handle soft delete for user · Issue #2669 · better-auth/better-auth
Is this suited for github? Yes, this is suited for github Is your feature request related to a problem? Please describe. Currently there is only hard delete in the solution. Describe the solution y...
And I think it would be best if the "deletedAt" can be renamed to other name, i.e. revokedAt (using it exactly in my project)
new to better-auth. if i needed soft deletes today, is there a way to hook in how better-auth does querying to exclude users with deletedAt?
It's probably possible with hooks
I am suffering in my case. When there is a deleted user with email (i.e. test@example.com), when they sign up, I found that it will be stuck in signUp function since better auth always finds the same email being registered and reject it since Better Auth already checks if an existing email is there before allowing a user to sign-up..
Any recommended solution regarding to this issue?
Yeah until we officially support soft delete this and potentially other issues may arrise when trying to develop your own version.
Right now as a work-around I'd recommend adding some prefix/suffix or something to the soft-deleted email