API bug : final "." in username causes error

We’re using the API to integrate Discourse into our site (via pydiscourse).

When it’s time to add a user to a Discourse group via the API, pydiscourse uses the PUT method to the Discourse API url:

/admin/groups/{group_id}/members.json

…and passes in the username via the ‘usernames’ variable.

If the username contains a “.” in it, there’s no problem, unless that “.” appears as the last character, in which case the API will return an error with the message:

You supplied invalid parameters to the request: usernames
1 Like

A username cannot end in a period, so this is the expected response. I was going to check the source, but you can try to create an account here with a trailing dot and it’s illegal.

4 Likes

Thanks for the quick response, Jay. Do you know offhand whether the user’s email can be sent for ‘username’ in that API endpoint, such that Discourse will know to lookup user by email? (We use SSO to connect our Django app to Discourse, so Discourse should have both identifiers for each user)

1 Like

Oh! Yes, I do know. I did notice the other day that you can use the email address for the endpoint that adds a user to a group. It might have been the non-admin route, though. Just include email as the field name with the address.

If you’re using Discourse connect, though, then you can have the groups managed at login,which is likely what you want to do rather than fussing with the API.

1 Like

Thanks for the follow up.

We do use Discourse Connect, but also use the API.

BTW, you mentioned It might have been the non-admin route, though

So that PUT request would be :

/groups/{group_id}/members.json

…with 'email': (user email) as payload…and Discourse just knows my user has admin rights to be able to add that user to that group?

(…sorry, I’m fuzzy on why there are two routes for this same operation…)

I think so. I used How to reverse engineer the Discourse APIv to figure out the path. And then, I guess, looked at the source to see that the user ID and email address also work.

Yes, sso only updates groups on login, so api is your solution.