Is there a way to change users email in the admin part without touching the code?
Yes. go to
Hi @Falco, is there any way to change this if the users got an invalid email to begin with? We’re using the Azure AD oAuth plugin and it seems that upon login, each user was assigned something that isn’t valid. i.e. firstname.lastname@example.org instead of email@example.com
So our users can’t confirm they are switching email addresses. Hope this makes sense.
Searching for ‘change user email’ gives way too many responses. Moreover, this link does not seem to be available from the UI (was it ever?). Thanks @Falco for the tip!
Try like this
https://discourse.example.com/u/USERNAME/preferences/email. It should work.
The /users URL is not, but the /u one is.
Click avatar → click username → Preferences
Under Email it will show the current address (after you click the button). Next to that will be a which lets you change it.
I know it should be there, but it’s not.
With a multisite – where the main site is showing the normal behavior, another site does not. The only difference I can see is this User Preferences setting:
default email mailing list mode that is checked on the weird site. Might that be the case that this setting prevents editing the user’s email?
Yes, ‘trying like this’ is exactly what I meant by “not in the UI”.
Is it possible to reset the email without sending a confirmation to “current” email address? I have a couple of users with invalid email addresses who need to change them, but the confirmation is not coming to a valid address. Any way to force address change?
This should be the default for non-staff members (only the new address is confirmed).
If your problematic members are staff members, the easiest option is to temporarily revoke their privileges
Hi, I’ve tried to change a user’s email address this way but it didn’t work. His address is still the same. What else can I do?
It works. Are you changing a staff member email or a regular user?
It’s a staff member’s email address.
Staff members require verification of both old and new emails for security reasons.
This is not required for normal users.
I know, but even after after the verification the address has not been changed.
So, can I revoke his moderator status, then change his email address myself and then re-grant him moderator status?
As a Discourse Forum user for a few years now who spent the last couple hours trying to recover a staff Discourse Account that had a deleted email address tied to the account, where I had to remove this staff tag, change the email tied to the account, then he had to go to his email to get the verification email, he logs in and then I have to change him back to a staff member …
Good thing I found this post, or I would not have been able to rescue one of my staff’s accounts.
This is really dumb, I’m sorry. I’m a security evangelist myself, but I don’t see this increasing security, nor is such a feature like any other piece of software I’ve worked with.
@codinghorror could you at least add a Discourse Option so we can disable this feature? If I’m an Admin account, I should be able to change a user’s email account without them having to accept an email from the old email account. People can lose access to old email accounts, or in this case, our Admin accidentally deleted an email address and he could not access his Discourse Account.
The moment a member of staff loses control of an email account, their staff status should be revoked. Just because they don’t have control of an account, doesn’t mean someone else doesn’t. Maybe that isn’t the case in your example, but it’s definitely best practice to change any lock for which you’ve lost a key.
If you follow that rationale, then the account would have been demoted anyway, and the address change is straightforward.
There is already a manual bypass option… you used it! Have an admin remove staff status from the account, and then add their staff status back once they’ve reset their email.
We believe strongly in shipping Discourse safe by default for the health of the larger internet, and that means upon email change staff must verify both old and new email addresses, whereas regular users only need to verify the new email address. I’m afraid we aren’t willing to compromise on that.