User creation via API is a mess!

Nikki_Locke · January 14, 2025, 12:52pm

Recent changes to default settings have completely messed up user creation.

normalize_emails setting is on by default, which means it is no longer possible to create a user with a + address (e.g. nikki+testuser@example.com).
hide_email_address_taken is on by default, which means it is no longer possible to determine the user id from the return of the create user API call.
The create user API call returns success even if the specified user already exists, or the email address is duplicate (so the user didn’t get created)
The create user API call lies about whether the user is active or not (the active flag does not agree with the message)
The Get User By Email call no longer works (admin/users/list/all with email=the user’s email). It returns null for an address containing +, even if normalize_emails and hide_email_address_taken are both off

Can this be fixed so it works consistently and correctly, please?

Canapin · January 14, 2025, 1:07pm

For the record, some of those were discussed here:

pfaffman · January 14, 2025, 2:53pm

So change it back?

So change it back.

That’s the problem with security; it inconveniences mostly the Good People.

That (and maybe number 4) sounds like a bug, regression, or unexpected edge case.

Topic		Replies	Views
API, create user, no longer returns user_id Support	7	61	December 20, 2024
User creation API: ‘active’ attribute set to True but returns False in response Support rest-api	11	61	January 31, 2025
Creating and activating users from the API Dev	3	1561	September 21, 2020
Can you bypass the Activation Email Dev rest-api	5	1436	January 27, 2020
Wired thing happend when create user via API Support	5	600	January 2, 2020