Can an admin change a user's email address?

(Joshua Frank) #6

I guess the admin would have to use his/her discretion. In this case, the user was, and the entry in the db was {SPACE}, and that leading space apparently matters. So it was pretty clear that I just needed to delete the space and fix an obvious typo.

Also, Discourse should probably trim leading and trailing whitespace, to prevent this obvious mistake.

1 Like
(Jeff Atwood) #7

How did that leading space get in there? Did the user enter it?

(Joshua Frank) #8

Actually the user was created via a script calling the /users endpoint in the API, with data entered by the user, so really it’s a validation bug in my script, but probably the API should protect against this as well.

(Jeff Atwood) #9

You are probably right given the importance of email. @techAPJ can you make sure the API guards against (strips) extra leading or trailing spaces when entering emails? Perhaps it could be part of the validation steps somehow.

(Arpit Jalan) #10

Just pushed a fix:

(Sylvain Kalache) #11

To come back to the original question, I am trying to achieve the same thing: change a user email. However I am trying to do this via the API.

Looking at the documentation it seems possible via: users/:username/preferences/email

However looking at Discourse code it seems that this will trigger a job to send a confirmation email to the user. Is there a way to change a user email without the user confirmation?

Even if it’s a hacky way, I REALLY need to do it and I would like to avoid changing the value directly in the DB…

(Jeff Atwood) #12

That is very risky unless you know with 100% certainty that the email is valid, which implies SSO.

(Joshua Frank) #13

Sometimes I know the email is valid because the user emailed from that address to ask me to change it for them in the system.

1 Like
(Sylvain Kalache) #14

What I am trying to do is disabling a user and then give the opportunity for this same user to create another account with the same email address. That’s why I need to change/invalidate a user email address.

I know it does not sound like a regular usage of Discourse, just sharing it so that you guys have more context and you might have a different idea on how to achieve this.

(cpradio) #15

I assume they are going to use a different username too? Why not just anonymize the account?

(Sylvain Kalache) #16

That indeed works! Thank you @cpradio :slight_smile:

(shahid) #18

Im trying all of the above but im simply not getting the edit pencil come up for changing the email address.
Im using SSO to sign users into discourse and have set email to be editable. Any other config that i maybe missing?

(Kane York) #19

You need to edit the email at the SSO provider, or disable “sso overrides email” to let everyone change their own.

(shahid) #20

hmm, right, so i cant have SSO and edit ability together at the same time.

I do not want to disable SSO, but want to facilitate for the scenario when admin may have to manually change a users email address via the dashboard.

So my option is to temporarily switch off SSO, make the change and then switch it back on?
I guess the impersonate option being spoken of above will also only work with SSO off?

Or i would have to make the change in the database directly.

(Kane York) #21

No, don’t disable SSO entirely - disable the sso overrides email setting.

(shahid) #22

sorry, yes thats what i meant :slight_smile:

(Adrelanos) #23

As forum admin, I like to change the e-mail of a user. The user’s e-mail provider went out of business.

I know the user and the user is authenticated to me by authenticated e-mail (gpg / OpenPGP) so I have no doubts about the legitimacy of the request.

Discourse sends a verification e-mail to the old e-mail address which will never arrive. Hence, e-mail cannot be updated.

Any advice?

(Simon Cossar) #24

If you have access to the site’s rails console, you can change email addresses without triggering a confirmation email.

Enter the docker container and then launch the rails console:

./launcher enter app 
rails c

Then find the user from their current email address:

u = User.find_by_email('')

Then update the email address:

u.update(email: '')
(Adrelanos) #25

This works initially but e-mail is subsequently automatically reset to old e-mail address.

User reported “This sends out new account creation confirmation.”

The old e-mail (provider no longer existing) is probably receiving a confirmation mail which the user cannot confirm. Hence, back to square one.

(Simon Cossar) #26

Are you using SSO to log users into Discourse?