Can't add user via API

itsupport_bd · November 14, 2020, 12:35am

Hi!

we try to add an user via API with the following request:

POST https://discourse.example.de/users
{
    "name": "Bob Tester",
    "email": "example address",
    "password": "#######",
    "username": "testi",
    "active": true,
    "approved": false
}

Our API Key and User are defined in the header of our request.

This request results in the following response:

Status: 200 OK
{
    "success": true,
    "active": false,
    "message": "<p>Du bist fast fertig! Wir haben eine Aktivierungsmail gesendet an <b>example address</b>. Bitte folge den Anweisungen in der E-Mail, um dein Konto zu aktivieren.</p><p>Wenn keine E-Mail ankommt, überprüfe bitte deinen Spam-Ordner.</p>"
}

But there ist no user added in discourse?

In the example response from the documentation (Discourse API Docs) there is a user id.

Does anyone have an idea, why we dont get an user id in the response?

blake · November 13, 2020, 3:08am

That message in the response:

is the confirmation email message:

github.com

discourse/discourse/blob/bd0b558a8995380138cc4a0ae638df9ad724359e/config/locales/server.de.yml#L208


  not_found: "Dein Einladungstoken ist ungültig. Bitte <a href='%{base_url}/about'>kontaktiere das Team</a>."
  not_found_json: "Dein Einladungstoken ist ungültig. Bitte kontaktiere das Team. "
  not_found_template: |
    <p>Deine Einladung zu <a href="%{base_url}">%{site_name}</a> wurde bereits zurückgezogen.</p>
    <p>Wenn du dein Passwort noch weißt, kannst du dich <a href="%{base_url}/login">anmelden</a>.</p>
    <p>Ansonsten kannst du <a href="%{base_url}/password-reset">dein Passwort zurücksetzen</a>.</p>
  error_message: "Fehler beim Akzeptieren der Einladung aufgetreten. Bitte kontaktiere den Administrator dieser Seite."
  user_exists: "Es ist nicht nötig, <b>%{email}</b> einzuladen, er/sie <a href='%{base_path}/u/%{username}/summary'>hat schon ein Konto!</a>"
  confirm_email: "<p>Du bist fast fertig! Wir haben eine Aktivierungsmail an deine E-Mail-Adresse geschickt. Bitte folge den Anweisungen in der E-Mail, um dein Konto zu aktivieren.</p><p>Wenn keine E-Mail ankommt, überprüfe bitte deinen Spam-Ordner.</p>"
  cant_invite_to_group: "Sie sind nicht berechtigt, Benutzer zu bestimmten Gruppe(n) einzuladen. Stellen Sie sicher, dass Sie Eigentümer der Gruppe(n) sind, in die Sie einladen möchten."
  disabled_errors:
    sso_enabled: "Einladungen sind deaktiviert, da SSO aktiviert ist."
    local_logins_disabled: "Einladungen sind deaktiviert, da die Einstellung „Lokale Anmeldungen aktivieren“ deaktiviert ist."
    invalid_access: "Du hast nicht die Erlaubnis, die angeforderte Ressource zu betrachten."
bulk_invite:
  file_should_be_csv: "Die hochzuladende Datei sollte im CSV-Format vorliegen."
  max_rows: "Die ersten %{max_bulk_invites} Einladungen wurden versandt. Versuche, die Datein in kleinere Teile aufzuspalten."
  error: "Es gab einen Fehler beim Hochladen dieser Datei. Bitte versuche es später noch einmal."
invite_link:

which means that the user is sent a confirmation email. Once they click on it they will be created.

Are you on the latest version of Discourse? If you pass in "active": true it should not send an email confirmation. See Creating user via API.

itsupport_bd · November 13, 2020, 8:14am

Hi!

thank you for your answer, but it doesn’t solve my problem.

In my example request I used the param “active”: true, but in the response I got “active”: false, so the user cant be activated - maybe because he isn’t created?

Independently of that:

If I dont send the “active”: true param in my request there is no email sent to the user.

Any ideas?

Thank you!

blake · November 13, 2020, 10:19pm

Can you let us know what version of discourse you are using? That will help us see if we can replicate your issue.

itsupport_bd · November 16, 2020, 8:04am

Sure - we are using version 2.6.0.beta5.
There is no update available for us.

blake · November 17, 2020, 9:10am

Great thanks, just wanted to confirm you weren’t on an old version.

I’m pretty sure your credentials aren’t actually being passed in correctly when making this request. This endpoint is kind of special because it is used in our sign up form and doesn’t actually require api credentials in order to use it. The response you are getting is when a user signs up but we detect that it isn’t an api request.

Could you try making another api request that does require authentication, like creating a category, and see if that works? You can also check the admin api page and see when the key was last used to see if it is being used correctly in your user create api request.

I was able to replicate your issue by making a json request without credentials:

json request w/out creds

curl -i -sS -X POST "http://localhost:3000/users.json" -H "Content-Type: application/json" -d "{\"name\": \"8525f374d470a2e3f22c\", \"active\": \"true\", \"username\": \"8525f374d470a2e3f22c\", \"email\": \"8525f374d470a2e3f22c@example.com\", \"password\": \"65d18e465472452771e02b3462260ea1\"}"

HTTP/1.1 200 OK

{"success":true,"active":false,"message":"\u003cp\u003eYou’re almost done! We sent an activation mail to \u003cb\u003e8525f374d470a2e3f22c@example.com\u003c/b\u003e. Please follow the instructions in the mail to activate your account.\u003c/p\u003e\u003cp\u003eIf it doesn’t arrive, check your spam folder.\u003c/p\u003e"}

vs

json request w/ creds

curl -i -sS -X POST "http://localhost:3000/users.json" -H "Content-Type: application/json" -H "Api-Key: 079fb2bb12d3b436bb11bde8eb58aaa9a36560fa7d79b14b3087aa40b1ebc2c4" -H "Api-Username: blake.erickson" -d "{\"name\": \"da4be85b6046f9c9b9e1\", \"active\": \"true\", \"username\": \"da4be85b6046f9c9b9e1\", \"email\": \"da4be85b6046f9c9b9e1@example.com\", \"password\": \"65d6f0589c5f234de4ad31662b3a17a2\"}"

HTTP/1.1 200 OK

{"success":true,"active":true,"message":"Your account is activated and ready to use.","user_id":29}

itsupport_bd · November 17, 2020, 9:12am

It worked - the credentials weren’t passed correctly.

Thank you very much for your help, great support!