What we can do with orphans users which SSO create and delete at main site


(Admir Hodzic) #1

What we could do with uses inside discourse when main site whic provides SSO delete, unaouthirse or ban some users.
I am very happy user of discourse in conjunction with DNN site which provides SSO.
Sometime users on main seite becomes inactive or deleted what we could do to tell discourse to no longer send mails and accepts mails from discourse.
I know that if users do not exists anymore at SSO site discourse will not let user sing in.
But perhaps discourse will continue sending e mails to users.
My we consider extended SSO so main site can tell discourse This User exists but he is inactive or deleted so discourse make this user also inactive or deleted at discourse user database.
or we can make some URI endpoint for calling discourse service to delete or disable users. My option that this shod be an URI not JSON call because SSO works ar webservice not JSON-API call


Suspended users can make posts throught e mails and can be mentoed
(Jeff Atwood) #2

Good point. Have we thought about this @sam?


(Sam Saffron) #3

We already have an API to deal with this:

  • Go to admin user window
  • Click “Suspend”
  • Open chrome dev tools, look at the call it makes when suspending the user
  • Replicate the json call from your app, remembering to add api_key and api_username

(Admir Hodzic) #4

@sam Would you please help me find right call which I need to repeat from my SSO app
Here is how suspend call is being captured inside chrom’s dev tool


(Admir Hodzic) #5

I think that I fund with help of fidler . Ill try to replicate by .NET client call to suspend user.
As I have reuslts I am going to post here progres


(Kane York) #6

As a reminder, you remove the X-CSRF-TOKEN and Cookie headers, and replace them with api_key and api_username parameters in the POST data.


(Admir Hodzic) #7

To suspend user I need to know his ID.
Is there a way to I find userID by exterlnal usres ID.
My users are created by SSO and most appropiated way to find user in discource is search by exterlnal userID whic was provided by my SSO.
Ill love to avoid find user by username becouse sometimes users created in disocourse have sufix 1,2, etc
Also e mail for me is not good reference becouse I did not forbide users to change theris mails.

How I can find user ExternalID at all.
I could call http://forum.test.ba/admin/users/list/all.json?filter=ado I get json without externalID.
Is there any other call to get user wit external ID . So I can duble check before disable some users.


(Sam Saffron) #8

no, we should add an endpoint for it.