Continuing the discussion from Get user email, emails.json seems not working:
The API documentation for list_users states that the resulting JSON response provides email field. The above discussion mentions that:
Using a Staff API key, when I call client.list_users('staff'), I receive a list of users, but only my entry shows the email field. I would expect the email field to be returned for all users in the list. Otherwise I have to call the API again for each user to retrieve the email.
Since I have a CSV file with names and emails, I can only lookup users via their emails in order to manipulate the records or create new users from the incoming list. This makes the job just a bit tedious and error prone.
In general I think that emails should be available either in clear for Staff, or as a SHA256 Hash, maybe with some salt that would prevent arbitrary attackers from discovering whether an email is used at this site – although they have other ways to do so, e.g., password reminders or registration. Using a cryptographic hash of the email would allow to check its presence without disclosing it.
Anyway, I think that not having the email value in the user list using a Staff API key is a bug and should be fixed.
In the meantime, once you have the user list, you must iterate through it and call /u/#{username}/emails.json to inject the missing email in the list.
Here’s some code:
module DiscourseApi::API::Users
def user_email(username)
response = get("/u/#{username}/emails.json")
response.body['email']
end
end
staff = client.list_users('staff')
staff.each_with_index do |u, i|
next unless u['email'].nil?
staff[i]['email'] = client.user_email(u['username'])
end
staff.sample['email'].nil? # => false