Disable account confirm emails when creating users via API


(Valya Barboy) #1

@team

Continuing the discussion from Disable Welcome Emails - Can it be done?:

Hello. I’ve tried disabling these in a bunch of ways:

I’ve tried both choices for “discourse narrative bot welcome post type”, and the email sends no matter what.

I’ve also tried doing this:

The email is still being sent. How do I stop it?


#2

Can you clarify which email is being sent? Disabling the welcome post as per the checkbox above stops discobot from sending the welcome PM. Are those being sent?


(Valya Barboy) #3

I want to disable the “activate your account” email that is being sent when I create users via the API. I do think the welcome PM was disabled, but I need to also disable the email.


(Jeff Atwood) #4

That is a very very different thing than what you asked. I have edited your title to make it more clear, thanks for the critical clarification.


(Valya Barboy) #5

Sorry, the vocabulary still confuses me a bit. Can it be done?


(Jeff Atwood) #6

I don’t understand why “I created a user via the web browser and my keyboard” and “I created a user via an API call” would be a confusing set of vocabulary, but please do carry on.


(Valya Barboy) #7

Also probably worth mentioning: the users being created are active (I’ve checked in the admin panel). But the email is being sent regardless.


(Valya Barboy) #8

Can I have an update on this? Is there a way to disable the email?


(Jeffrey Browning) #9

Having a similar problem with the “Confirm your new account” email – the PM from discobot is turned off, but users are still receiving the email. It looks like these are different settings. Is there a way to remove the confirmation email?


#10

For clarification, are you adding users via the API @jeffbrowning?


(Jeffrey Browning) #11

Correct. This is an API call. The data is:

data = {
        'api_key': settings.DISCOURSE_API_KEY,
        'api_username': settings.DISCOURSE_API_USERNAME,
        'name': 'foobar',
        'email':email,
        'password': password,
        'username': 'barbaz',
        'active': True,
        'approved': True
    }

I first tried just sending this API call:
first_res = requests.post('{base}/users.json'.format(base=settings.DISCOURSE_BASE_URL), data

When I did this, my users were not active (despite the active: True in the data above).
I then tried to activate them via the api:

data = {
        'api_key': settings.DISCOURSE_API_KEY,
        'api_username': settings.DISCOURSE_API_USERNAME,
    }
    requests.put('{base}/admin/users/{id}/activate'.format(
        base=settings.DISCOURSE_BASE_URL,
        id=json_response_content['user_id']
    ), data)

When I did this, the users were active, but the activation email was still being sent. I read here (Creating Active Users via the API gem) That I should try deactivating the user and then activating, so I tried that as well:

data = {
        'api_key': settings.DISCOURSE_API_KEY,
        'api_username': settings.DISCOURSE_API_USERNAME,
    }
    requests.put('{base}/admin/users/{id}/deactivate'.format(
        base=settings.DISCOURSE_BASE_URL,
        id=json_response_content['user_id']
    ), data)
    requests.put('{base}/admin/users/{id}/activate'.format(
        base=settings.DISCOURSE_BASE_URL,
        id=json_response_content['user_id']
    ), data)

I could not see any difference in behavior between this code and the previous version (creating the user, and then activating).


(Jeffrey Browning) #12

@HAWK Please see above


#13

Noted, however I’m the UX/community part of the team so I can’t help you with something this technical I’m sorry!

Hopefully someone else can.


(Sam Saffron) #17

Per:

You can now specify that an account is also approved on creation, previously it was beyond cumbersome.

You should use active: 'true' , upper case true will not work.

As long as the API key is associated with an admin you can now create approved, active accounts via the API with no emails.

We will deploy this to our standard tier later this week.


(Valya Barboy) #18

Ok we’ll try that. Do we still need to deactivate + activate or can we take that out as well?


(Sam Saffron) #19

Take that out, but wait till Friday or so to test this out, we have a process prior to pushing our standard tier that we need to follow.


(Jeff Atwood) #20

Is there a security risk here? Can we stipulate these cannot be staff (mod/admin) accounts?


(Sam Saffron) #21

It should be fine, we only whitelist staged, approved and active. Admin/moderator is not in the whitelist


#22

I am still having issues creating user accounts using the API. Here are the params I am passing to create the user

$params = array(
            'name'                  => $user_details['name'],
            'username'              => $user_details['username'],
            'email'                 => $user_details['email'],
            'password'              => $user_details['password'],
            'challenge'             => $api_keys->challenge,
            'password_confirmation' => $api_keys->value,
            'active' => 'true',
            'approved' => 'true',
            );

The user is being successfully create and no email is being sent. But when I try to login using the account created I am getting the following error message.
You can’t log in yet. We previously sent an activation email to you at *@.org. Please follow the instructions in that email to activate your account. Do I have to change any other settings on the admin? Any help is appreciated.


(Jay Pfaffman) #23

You might try activating the user with a second API call.