Anonymizing user keeps email address and real name when "full name required" is on

Fortsetzung der Diskussion von Love the "Anonymize User" feature - thanks!:

I have retested the anonymize user function on a second discourse install i run and on both boards once I press the “anonymize user” button in the admin view of the user the real name and the email address is kept as it was before and is not anonymized.

I’ve updated the installation (docker productive install) to the latest version (v1.5.0.beta11+250) to retest. As this happens on two independant installations I’ll shift this into the bugs category.

This is a user after creation:

After pressing the “Anonymize” button discourse shows the “non existing” page (probably because the edited user does not exist with his username)

Looking at the result, that’s the user data after anonymization:

Full email and user real name are still unchanged.

We can’t repro this. Sorry. Did those users you are referring to come across in an unusual way, via a migration / import or some other method than a new user signing up by pressing the “Sign Up” button in Discourse?

1 Like

Hi Jeff,

I first saw it in a board where the data was imported from MyBB. Also with fresh users which have signed up in Discourse.

But I have a second board which all is from scratch, including signup of all users. Same here.

And I have a third installation which is running in a VM at home where I test things and play around - same here.

I have only two plugins running - The “solved” plugin and the Poll UI. I can try disabling both and see if one of these are doing the mess (at least “solved” is official so I don’t think it should).

I can give you access to my “test VM” if you want to check things …

OK … disabled the plugins, rebuilt the container, created a new user - still the same. Versions as below:

How can we track down this? Unfortunately I need this feature …

Ok here’s me attempting to repro this on try.discourse.org.

New account created

As Admin, let’s anonymize!

Go to that user page admin/users/2173 and press the Anonymize User button, like so:

Now look at the user page

visit /admin/users/2173/anon78383088

As you can see, email is changed, name is gone, username is changed to anon{number}.

No repro… just like the last time I tried to repro this. Same exact result.

1 Like

I wonder if this is somehow locale related

@sam: I’ve set the locale back to “en” - same result. I’d expect it as posted by Jeff but it definitely is not working that way on each of my installs.

What are the next steps I can check?

@sam @codinghorror
Here’s a log of the anonymizing process. There’s an error message inside, maybe this helps?!?

Processing by Admin::GroupsController#index as JSON
  Parameters: {"_"=>"1457013302599"}
Completed 200 OK in 54ms (Views: 0.3ms | ActiveRecord: 30.1ms)
Started PUT "/admin/users/24/anonymize.json" for 127.0.0.1 at 2016-03-03 13:56:01 +0000
Processing by Admin::UsersController#anonymize as JSON
  Parameters: {"user_id"=>"24"}
Completed 200 OK in 242ms (Views: 0.4ms | ActiveRecord: 78.3ms)
Started GET "/admin/users/anon5318749" for 127.0.0.1 at 2016-03-03 13:56:01 +0000
ActionController::RoutingError (No route matches [GET] "/admin/users/anon5318749")
/var/www/discourse/vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.5.2/lib/action_dispatch/middleware/debug_exceptions.rb:21:in `call'
Processing by ExceptionsController#not_found as HTML
  Rendered exceptions/not_found.html.erb within layouts/no_ember (34.6ms)
  Rendered layouts/_head.html.erb (10.2ms)
  Rendered common/_special_font_face.html.erb (0.9ms)
  Rendered common/_discourse_stylesheet.html.erb (11.8ms)
  Rendered application/_header.html.erb (1.2ms)
  Rendered text template (0.0ms)
Completed 404 Not Found in 130ms (Views: 0.6ms | ActiveRecord: 48.4ms)
Started GET "/" for 127.0.0.1 at 2016-03-03 13:56:07 +0000
Processing by CategoriesController#index as HTML
  Rendered categories/index.html.erb within layouts/application (3.8ms)
  Rendered layouts/_head.html.erb (0.3ms)
  Rendered common/_special_font_face.html.erb (0.6ms)
  Rendered common/_discourse_stylesheet.html.erb (0.5ms)
  Rendered application/_header.html.erb (0.3ms)
  Rendered common/_discourse_javascript.html.erb (0.8ms)
Completed 200 OK in 226ms (Views: 13.4ms | ActiveRecord: 37.5ms)
Started GET "/admin/dashboard.json?_=1457013362439" for 127.0.0.1 at 2016-03-03 13:56:14 +0000
Processing by Admin::DashboardController#index as JSON
  Parameters: {"_"=>"1457013362439"}
Started GET "/admin/dashboard/problems.json?_=1457013362440" for 127.0.0.1 at 2016-03-03 13:56:14 +0000
Processing by Admin::DashboardController#problems as JSON
  Parameters: {"_"=>"1457013362440"}
Completed 200 OK in 107ms (Views: 13.6ms | ActiveRecord: 0.0ms)
Completed 200 OK in 90ms (Views: 0.3ms | ActiveRecord: 2.1ms)
Started GET "/admin/users/list/active.json?_=1457013362441" for 127.0.0.1 at 2016-03-03 13:56:16 +0000
Processing by Admin::UsersController#index as JSON
  Parameters: {"_"=>"1457013362441", "query"=>"active"}
Completed 200 OK in 81ms (Views: 0.3ms | ActiveRecord: 9.6ms)
Started GET "/admin/users/24.json?_=1457013362442" for 127.0.0.1 at 2016-03-03 13:56:19 +0000
Processing by Admin::UsersController#show as JSON
  Parameters: {"_"=>"1457013362442", "id"=>"24"}
Completed 200 OK in 98ms (Views: 0.2ms | ActiveRecord: 46.2ms)
Started GET "/admin/groups.json?_=1457013362443" for 127.0.0.1 at 2016-03-03 13:56:19 +0000
Processing by Admin::GroupsController#index as JSON
  Parameters: {"_"=>"1457013362443"}
Completed 200 OK in 67ms (Views: 0.3ms | ActiveRecord: 36.3ms)
2 Likes

I fixed this bug. That route changed recently.

But I can’t repro the other problem where the email address isn’t being changed. Something must be different with your sites. What about changed settings? Custom user fields? External auth/SSO?

1 Like

No custom fields and the only external auth is Facebook. The installations are pretty out-of-the-box running on Ubuntu Trusty as recommended.

As offered - if this helps I can give access to my test VM which shows the same problem.

@neil: Confirm your bugfix - after the latest update I’m not taken to the “page not existing” after the anonymize action but to the anon users’s page :thumbsup:

But still the name and email is not changed. How can I proceed? I have a couple of old users who wanted to be removed (they had not used my forum for a long time) after the change from MyBB to Discourse … and with their email address still in the system (which I can’t change even as the admin) I always fear that they get an email by mistake again.

I had set up another one from scratch as a test VM - still the same. And I’m strictly following your guide here: https://github.com/discourse/discourse/blob/master/docs/INSTALL-cloud.md

Hi @neil @codinghorror

any progress or next steps in this issue?

We can’t repro. If you wish to buy a hosting contract with us, we could look deeper as you’d be on our servers and we could see into this issue deeper.

OK, understand. My forum is a private stuff and far apart from commercial hosting plans. Just thought it may be interesting to fix this as an improvement of Discourse.

If you however want access to see what’s going on let me know. Otherwise it seems I have to deal with the issue somehow.

I just tested on my localhost. by anonymizing AnonGuy1

I didn’t think to test if the avatar would get replaced but it looks like the email address is changed everywhere.

The only name “residue” I can see is in posts that quoted the member and in posts where the member linked to a post with the “?u=” bit

Admin User

Profile

Quote and Reply

Topic Summary

Post link

And the name is changed in the Badge pages too

@Mittineague Puh, that’s a total mystery. Everywhere it works, but for me on currently 5 tested setups the name and email is not touched.

Docker standard installs on Ubuntu trusty LTS as recommended. That’s more than weird. The only common thing is they are all VM’s on VMWare ESXI … but that’s usual today and Discourse would not even see what is hosting the Ubuntu.

@codinghorror: GOT IT!!!
It will not work if “Full name required” is activated in the configuration. Once this is ticked off the anonymizing works as expected.

I was thinking about the fact that the username is deleted by the anonymizing process … and what might happen if the check for a required username gets into conflict with the anonymize code which wants to delete it.

I think we now can file this as an issue :relieved:

9 Likes

Sure, that sounds like a bug

2 Likes

Excellent, great detective work :smiley: definitely a bug we can fix, then!

3 Likes

Not sure where this dependency is checked. Two thoughts of fixing:

  • The anonymize code can override this flag and empty the username if this will not harm the dependency check on other places
  • The anonymize code sets the full name to the same as the username (anonxxxxxx)

Your choice … :wink: