We have a web app which provides central control for our user’s Mattermost, Discourse and Nextcloud accounts.
The Mattermost instance is shared with our world wide organisation, and we in the UK do not have admin access to it.
We very much want our users to be able to change their email address in one place (on our web app system). We already use Mattermost’s OAuth2 facility to gain an access token to Mattermost on behalf of the user.
According to the Mattermost API documentation, we should be able to change the user’s email address by sending a PUT request to users/userid/patch
with a payload containing a new email address in the email field.
While calling this method with the email field set to the existing value of the email field works, setting it to a new email doesn’t. Here is a log:
Mattermost log:Sent -> Method: GET, RequestUri: 'http://xr:8080/api/v4/users/me', Version: 2.0, Content: <null>, Headers:
{
Authorization: Bearer 6j1pj1c4ci8qiq6zhig8er3moa
Accept: application/json
Accept: text/html
Accept: */*
User-Agent: XR
User-Agent: Mattermost
User-Agent: Tool
}:
Mattermost log:Received -> StatusCode: 200, ReasonPhrase: 'OK', Version: 1.1, Content: System.Net.Http.HttpConnection+HttpConnectionResponseContent, Headers:
{
Server: nginx
Date: Fri, 28 Aug 2020 15:39:55 GMT
Connection: keep-alive
ETag: 5.23.0.q6zs1g6t87dc5dxqhfphqxw5se.1598628372342..0.true.false.0
Vary: Accept-Encoding
X-Ratelimit-Limit: 101
X-Ratelimit-Remaining: 99
X-Ratelimit-Reset: 1
X-Request-ID: ptn75rrd8jrnjg77qpygp5a4th
X-Version-Id: 5.23.0.5.23.1.6f92c357503d0c8e07dec8e7e2ef5d5a.false
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Type: application/json
Content-Length: 528
Expires: 0
}
Mattermost log:Received Data -> {
"id": "q6zs1g6t87dc5dxqhfphqxw5se",
"create_at": 1581348111471,
"update_at": 1598628372342,
"delete_at": 0,
"username": "test",
"auth_data": "",
"auth_service": "",
"email": "nikki@test.net",
"email_verified": true,
"nickname": "Nikki",
"first_name": "",
"last_name": "Nikki",
"position": "",
"roles": "system_user",
"notify_props": {
"email": "false",
"mention_keys": "test,@test"
},
"last_password_update": 1597433515412,
"locale": "en",
"timezone": {
"automaticTimezone": "",
"manualTimezone": "",
"useAutomaticTimezone": "true"
},
"MetaData": {
"Uri": "http://xr:8080/api/v4/users/me"
}
}
Mattermost log:Sent -> Method: PUT, RequestUri: 'http://xr:8080/api/v4/users/q6zs1g6t87dc5dxqhfphqxw5se/patch', Version: 2.0, Content: System.Net.Http.StringContent, Headers:
{
Authorization: Bearer 6j1pj1c4ci8qiq6zhig8er3moa
Accept: application/json
Accept: text/html
Accept: */*
User-Agent: XR
User-Agent: Mattermost
User-Agent: Tool
Content-Type: application/json; charset=utf-8
}:{
"email": "nikki@test.net"
}
Mattermost log:Received -> StatusCode: 200, ReasonPhrase: 'OK', Version: 1.1, Content: System.Net.Http.HttpConnection+HttpConnectionResponseContent, Headers:
{
Server: nginx
Date: Fri, 28 Aug 2020 15:39:55 GMT
Connection: keep-alive
Vary: Accept-Encoding
X-Ratelimit-Limit: 101
X-Ratelimit-Remaining: 100
X-Ratelimit-Reset: 1
X-Request-ID: gby4dpwiofbn7fdkdkumfec1ga
X-Version-Id: 5.23.0.5.23.1.6f92c357503d0c8e07dec8e7e2ef5d5a.false
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Type: application/json
Content-Length: 528
}
Mattermost log:Received Data -> {
"id": "q6zs1g6t87dc5dxqhfphqxw5se",
"create_at": 1581348111471,
"update_at": 1598629195484,
"delete_at": 0,
"username": "test",
"auth_data": "",
"auth_service": "",
"email": "nikki@test.net",
"email_verified": true,
"nickname": "Nikki",
"first_name": "",
"last_name": "Nikki",
"position": "",
"roles": "system_user",
"notify_props": {
"email": "false",
"mention_keys": "test,@test"
},
"last_password_update": 1597433515412,
"locale": "en",
"timezone": {
"automaticTimezone": "",
"manualTimezone": "",
"useAutomaticTimezone": "true"
},
"MetaData": {
"Uri": "http://xr:8080/api/v4/users/q6zs1g6t87dc5dxqhfphqxw5se/patch"
}
}
Mattermost log:Sent -> Method: PUT, RequestUri: 'http://xr:8080/api/v4/users/q6zs1g6t87dc5dxqhfphqxw5se/patch', Version: 2.0, Content: System.Net.Http.StringContent, Headers:
{
Authorization: Bearer 6j1pj1c4ci8qiq6zhig8er3moa
Accept: application/json
Accept: text/html
Accept: */*
User-Agent: XR
User-Agent: Mattermost
User-Agent: Tool
Content-Type: application/json; charset=utf-8
}:{
"email": "test9999@example.com"
}
Mattermost log:Received -> StatusCode: 403, ReasonPhrase: 'Forbidden', Version: 1.1, Content: System.Net.Http.HttpConnection+HttpConnectionResponseContent, Headers:
{
Server: nginx
Date: Fri, 28 Aug 2020 15:39:55 GMT
Connection: keep-alive
Vary: Accept-Encoding
X-Ratelimit-Limit: 101
X-Ratelimit-Remaining: 99
X-Ratelimit-Reset: 1
X-Request-ID: d8n4xd839jbeujn7d89ypt56nw
X-Version-Id: 5.23.0.5.23.1.6f92c357503d0c8e07dec8e7e2ef5d5a.false
Content-Type: application/json
Content-Length: 179
}
Mattermost log:Received Data -> {
"id": "api.context.permissions.app_error",
"message": "You do not have the appropriate permissions.",
"detailed_error": "",
"request_id": "d8n4xd839jbeujn7d89ypt56nw",
"status_code": 403,
"MetaData": {
"Error": {
"id": "api.context.permissions.app_error",
"message": "You do not have the appropriate permissions.",
"detailed_error": "",
"request_id": "d8n4xd839jbeujn7d89ypt56nw",
"status_code": 403
},
"Uri": "http://xr:8080/api/v4/users/q6zs1g6t87dc5dxqhfphqxw5se/patch"
}
} Mattermost log:Sent -> Method: PUT, RequestUri: 'http://xr:8080/api/v4/users/me/patch', Version: 2.0, Content: System.Net.Http.StringContent, Headers:
{
Authorization: Bearer 6j1pj1c4ci8qiq6zhig8er3moa
Accept: application/json
Accept: text/html
Accept: */*
User-Agent: XR
User-Agent: Mattermost
User-Agent: Tool
Content-Type: application/json; charset=utf-8
}:{
"email": "test9999@example.com"
}
Mattermost log:Received -> StatusCode: 403, ReasonPhrase: 'Forbidden', Version: 1.1, Content: System.Net.Http.HttpConnection+HttpConnectionResponseContent, Headers:
{
Server: nginx
Date: Fri, 28 Aug 2020 15:39:55 GMT
Connection: keep-alive
Vary: Accept-Encoding
X-Ratelimit-Limit: 101
X-Ratelimit-Remaining: 98
X-Ratelimit-Reset: 1
X-Request-ID: sm4iqbnf77dqpfcosrcsat8a3r
X-Version-Id: 5.23.0.5.23.1.6f92c357503d0c8e07dec8e7e2ef5d5a.false
Content-Type: application/json
Content-Length: 179
}
Mattermost log:Received Data -> {
"id": "api.context.permissions.app_error",
"message": "You do not have the appropriate permissions.",
"detailed_error": "",
"request_id": "sm4iqbnf77dqpfcosrcsat8a3r",
"status_code": 403,
"MetaData": {
"Error": {
"id": "api.context.permissions.app_error",
"message": "You do not have the appropriate permissions.",
"detailed_error": "",
"request_id": "sm4iqbnf77dqpfcosrcsat8a3r",
"status_code": 403
},
"Uri": "http://xr:8080/api/v4/users/me/patch"
}
}