Search user private chats as administrator

Thank you both and apologies for the delay!

I will try them both out.

Is there any way to find specific text in all users' private chats as an administrator, either via ACP or by searching the Redis database?

I'll explain why, since there can't be too many non-nefarious reasons for doing this

We had some phishing attempts carried out on users via private chat. I want to find all instances of when a particular URL was sent to anyone via private chat, so I can go through and remove all traces of the URL.

@baris Ah ok thanks, I will give it a try next time this comes up (I used the API this time).

v3.3.0, for reference.

If I need to change a user's email address, I search them in ACP, visit their profile and click "Change Email".

When I do this, instead of allowing me to change their email, I get bounced to the account verification page. I then get stuck in a loop until I log out and back in again, as any admin URL redirects back to that page.

I'm pretty sure what used to happen was that I would just get a text field input to enter the user's new email, and a save button.

Is what's happening expected behaviour? It doesn't seem logical to have to follow the account verification process on behalf of the user, I'm not sure that would even work since I don't have access to their email.

Is there a way to retrieve the full list of subcategories for a specific category via the v3 read API?

I see there is a "children" object when fetching a category, but it only includes the first 10 children.

There seem to be some pagination options:

"subCategoriesLeft": 1107,
"hasMoreSubCategories": true,
"nextSubCategoryStart": 10,

But no way of passing these parameters in the API call.

This morning I checked and the emoji image had gone, but the emoji code was still being applied whenever certain characters were used, including "£".

I figured if it's doing a "live" replacement of those things then it must be something to do with the "Replace..." options in the plugin settings:

So I disabled them both and did a restart / rebuild. The issue went away.

I re-enabled them 1 by 1 to try and figure out which was causing the problem (rebuilding and restarting each time) and now, they're both re-enabled and the problem has not come back.

So I'm a bit mystified. Evidently it was a problem with one of those options, but setting them again seems to have somehow fixed it.

Since upgrading to 3.2.1 this morning, whenever certain characters or emojis are entered, the trollface emoji appears?!

I mean, it's the perfect emoji for this problem I guess, but still

That emoji seems to come from the Vital pack, which I've disabled, rebuilt emoji assets and done a rebuild / restart of nodebb, but the issue persists.

@baris It works! Brilliant. I wasn't expecting it to be that easy

@baris No we're on Redis.

@crazycells said in Re-link deleted user's content when they re-join?:

I think there is ( @phenomlab ), although I have never used it, I remember seeing this plugin made by @baris @gasoved

https://github.com/NodeBB/nodebb-plugin-undelete-users

Thanks for this! Unfortunately doesn't seem to be v3 compatible though. But at least it shows it's possible in principle.

I have a topic (seems to just be one at the moment) where page 580 (yeah it's a long thread!) is the last page shown when the user is viewing the forum in pagination mode instead of infinite scroll mode, and the final post is one from about 4 days ago.

However, there have been about 70 new replies to the topic since then, which are visible if one uses infinite scroll mode and scrolls to the bottom.

It's like the pagination just froze at page 580 and isn't updating any more.

I've tried rebuilding and restarting to clear the caches, but this hasn't resolved it.

Anyone ever faced this or have any ideas what's going on?

nodebb version is 3.1.4.

I see it's possible to delete a user without removing their content via the API, and that their posts show up as "A Former User" when that happens.

We often have people leave our service and then re-join after a period of time. Is there any way to re-link their old content to them if they re-join with the same email address?

I'm assuming not, but just in case!

@PitaJ We're sending email via a Google Workspace account. It sends the initial verification email fine when the account is created, and is successfully sending notification digests etc to verified members (a copy of every email is saved to the sent items of that email account). Test emails from ACP also work fine.

It seems the verification links expire, and if we need to re-send them then they are not sent, even though it says they are. I've tried this with a couple of different users with the same result.

@baris said in New users - "no email" in admin panel:

Take a look at https://community.nodebb.org/topic/16962/all-about-emails-and-how-they-re-used-in-nodebb, specifically if you want emails to be verified right away you can do :

const uid = await User.create({ username: 'foobar' });
await user.setUserField(uid, 'email', '[email protected]');
await user.email.confirmByUid(uid);

I understand the rationale, but:

1. We should still be able to use the "send validation email" in ACP to re-send the validation email. Currently, it says "SUCCESS - Confirmation email sent", but it is not sent
2. If I go to the user's profile page and try to set their email address there, it redirects me to the /register/complete endpoint and asks for an email and password. Presumably these are the details of the user I'm trying to update? I am not going to know what their password is!
3. What's the best workflow to handle this via the write API in future? Create the user without providing the "email" and then call /api/v3/users/{uid}/emails to add the email with the "skipConfirmation" property?

We add new users via the API when they sign up to our service. Since upgrading to v3, users all have "no email" until they have clicked the verification link that's sent to them.

This makes a mess of several things:

1. Our SSO setup, because we're not able to look up the user by email, so they can't log in at all until they've verified their email
2. We can't use the "Validate email" option to validate them ourselves, because it says "Invalid email"
3. Re-sending the verification link also does not work, presumably because it doesn't know where to send it

I have a situation where a user can't find the validation email and I cannot validate him or re-send the email to him. I am going to have delete him and recreate him from scratch.

This can't be intended behaviour surely? Is there a way to make the email address show up even if they haven't verified it yet?

In the v3 write API, it seems that when granting privileges to groups, within each call we can only apply 1 privilege at a time.

It used to be possible to apply multiple privileges in one API call.

Please tell me I'm missing something! As it stands, to apply a standard set of privileges to 2 group members, I have to make 22 separate API calls where I used to make 2!

@julian But then I get the following, because it's not looking in the right place for the package.json:

npm ERR! code ENOENT
npm ERR! syscall open
npm ERR! path /usr/bin/nodebb/nodebb-plugin-btcsso/package.json
npm ERR! errno -2
npm ERR! enoent ENOENT: no such file or directory, open '/usr/bin/nodebb/nodebb-plugin-btcsso/package.json'
npm ERR! enoent This is related to npm not being able to find a file.
npm ERR! enoent

npm ERR! A complete log of this run can be found in: /root/.npm/_logs/2023-05-16T09_24_17_811Z-debug-0.log

When trying to visit the "API Access" menu, I get the following error:

This is a bit of a disaster as now, none of our membership automations etc will work because I can't configure the API settings!

Full error from console is:

2023-05-12T06:37:30.401Z [4567/91921] - error: GET /api/admin/settings/api?_=1683873301366
TypeError: Cannot read properties of undefined (reading 'map')
    at settingsController.api (/usr/bin/nodebb/src/controllers/admin/settings.js:115:52)
    at async /usr/bin/nodebb/src/routes/helpers.js:74:5

It's saying "tokens" is undefined within the following function:

settingsController.api = async (req, res) => {
        const { tokens } = await meta.settings.get('core.api');
        const scores = await api.utils.getLastSeen(tokens.map(t => t.token));

        const [lastSeen, lastSeenISO] = tokens.reduce((memo, cur, idx) => {
                memo[0][cur.token] = scores[idx];
                memo[1][cur.token] = new Date(scores[idx]).toISOString();
                return memo;
        }, [{}, {}]);

        res.render('admin/settings/api', { lastSeen, lastSeenISO });
};

I have worked around it by changing the line to:

const { tokens = [] } = await meta.settings.get('core.api');

I don't know yet whether there will be any knock-on effects!

Thanks @julian , this is definitely the thing I was looking for.

I'm doing 'npm-link' in my custom plugin's folder, then 'npm-link node_modules/myplugin' in the main nodebb folder.

The first command works, but the second gives an error about not being able to find the remote git repo: "fatal: Could not read from remote repository".

Obviously the point is that it's a local-only plugin, so I'm not sure how to get rid of that error!

Sorry for resurrecting an old thread, but it's relevant...

How do we stop npm from automatically removing plugins which are only installed locally like this? If I activate another plugin, my local one disappears from the node_modules folder.