Skip to content

[Bug]: occ user:profile <uid> email updates only the account property, leaving the system email address (IUser::getEMailAddress) unchanged #61831

Description

@nursoda

⚠️ This issue respects the following points: ⚠️

Bug description

user:profile writes only the account property via IAccountManager::updateAccount() (core/Command/User/Profile.php, editProfileProperty()/deleteProfileProperty()). Neither Profile.php nor AccountManager call IUser::setEMailAddress(), so the preference settings/email keeps its old value. Consequences:

  • The users page and the profile show no email address, but IUser::getEMailAddress() still returns the old one — emails (activity mails, two-factor email codes, …) keep going to the supposedly deleted address.
  • UserChangedEvent for eMailAddress is never fired, so apps reacting to email changes (e.g. the twofactor_email provider disabling itself when the address is removed) do not notice.

Suggested fix

Special-case the email key in user:profile and route it through IUser::setEMailAddress() — exactly like user:setting already does for settings email (core/Command/User/Setting.php). The existing sync hook then updates the account property and the proper events fire.

I am happy to provide a PR using Claude Code if this direction is agreed.

Steps to reproduce

  1. Give a user a primary email address, e.g. occ user:setting alice settings email alice@example.com (or via the users page)
  2. Run occ user:profile alice email --delete (setting a new value shows the same problem)
  3. Compare occ user:profile alice email (empty) with occ user:setting alice settings email (still returns the old address)

Expected behavior

The email address is changed consistently, like the personal settings UI, the provisioning API, and occ user:setting alice settings email do: account/profile data and the system email address (IUser::getEMailAddress()) stay in sync, and OCP\User\Events\UserChangedEvent (feature eMailAddress) is fired.

Nextcloud Server version

34

Operating system

Other

PHP engine version

PHP 8.5

Web server

Nginx

Database engine version

MariaDB

Is this bug present after an update or on a fresh install?

Upgraded to a MAJOR version (ex. 31 to 32)

Are you using the Nextcloud Server Encryption module?

Encryption is Disabled

What user-backends are you using?

  • Default user-backend (database)
  • LDAP/ Active Directory
  • SSO - SAML
  • Other

Configuration report

{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "serverid": "0",
        "trusted_domains": [
            "mars.seyfarth.de"
        ],
        "memcache.local": "\\OC\\Memcache\\APCu",
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 0,
            "dbindex": 1,
            "timeout": 1.5
        },
        "maintenance_window_start": "0",
        "logtimezone": "Europe\/Berlin",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "smtp",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpsecure": "tls",
        "mail_sendmailmode": "smtp",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "25",
        "skeletondirectory": "",
        "default_locale": "de_DE",
        "default_phone_region": "DE",
        "theme": "",
        "loglevel": 3,
        "simpleSignUpLink.shown": false,
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "overwrite.cli.url": "https:\/\/mars.seyfarth.de",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "version": "34.0.1.2",
        "updater.release.channel": "beta",
        "maintenance": false,
        "twofactor_enforced": "true",
        "twofactor_enforced_excluded_groups": [
            "2FA_exception"
        ],
        "app_install_overwrite": [
            "twofactor_email"
        ]
    }
}

List of activated Apps

Enabled:
  - activity: 7.0.0
  - admin_audit: 1.24.0
  - appstore: 1.0.0
  - bruteforcesettings: 7.0.0
  - cloud_federation_api: 1.18.0
  - csp_editor: 2.0.0
  - dav: 1.39.0
  - federatedfilesharing: 1.24.0
  - files: 2.6.0
  - files_lock: 34.0.0
  - files_sharing: 1.26.0
  - logreader: 7.0.0
  - lookup_server_connector: 1.22.0
  - notifications: 7.0.0-dev.1
  - oauth2: 1.22.0
  - office: 1.0.0
  - profile: 1.3.0
  - provisioning_api: 1.24.0
  - serverinfo: 6.0.0
  - settings: 1.17.0
  - theming: 2.9.0
  - twofactor_backupcodes: 1.23.0
  - twofactor_email: 3.3.0
  - twofactor_nextcloud_notification: 8.0.0
  - twofactor_totp: 16.0.0
  - twofactor_webauthn: 2.7.0
  - updatenotification: 1.24.0
  - viewer: 7.0.0-dev.0
  - workflowengine: 2.16.0
Disabled:
  - app_api: 34.0.0 (installed 32.0.0)
  - circles: 34.0.0 (installed 33.0.0-dev.0)
  - comments: 1.24.0 (installed 1.12.0)
  - contactsinteraction: 1.15.0 (installed 1.4.0)
  - dashboard: 7.14.0 (installed 7.2.0)
  - encryption: 2.22.0
  - federation: 1.24.0 (installed 1.12.0)
  - files_downloadlimit: 5.2.0-dev.0 (installed 3.0.0)
  - files_external: 1.26.0
  - files_pdfviewer: 7.0.0-dev.0 (installed 2.5.0)
  - files_reminders: 1.7.0 (installed 1.3.0)
  - files_trashbin: 1.24.0 (installed 1.17.0)
  - files_versions: 1.27.0 (installed 1.17.0)
  - firstrunwizard: 7.0.0-dev.0 (installed 2.12.0)
  - impersonate: 4.0.0 (installed 4.0.0)
  - nextcloud_announcements: 6.0.0 (installed 1.12.0)
  - password_policy: 6.0.0-dev.0 (installed 4.0.0-dev.0)
  - photos: 7.0.0 (installed 1.5.0)
  - privacy: 6.0.0-dev.1 (installed 1.7.0)
  - recommendations: 7.0.0 (installed 1.2.0)
  - related_resources: 5.0.0-dev.0 (installed 1.5.0)
  - sharebymail: 1.24.0 (installed 1.23.0)
  - support: 6.0.0 (installed 1.6.0)
  - survey_client: 6.0.0-dev.0 (installed 1.11.0)
  - suspicious_login: 12.0.0-dev.0 (installed 4.2.0)
  - systemtags: 1.24.0 (installed 1.12.0)
  - testing: 1.24.0
  - text: 8.0.0 (installed 3.8.0)
  - twofactor_gateway: 3.3.0 (installed 3.2.0)
  - user_ldap: 1.25.0
  - user_status: 1.14.0 (installed 1.2.0)
  - weather_status: 1.14.0 (installed 1.2.0)
  - webhook_listeners: 1.6.0 (installed 1.1.0-dev)

Nextcloud Signing status

Technical information
=====================
The following list covers which files have failed the integrity check. Please read
the previous linked documentation to learn more about the errors and how to fix
them.

Results
=======
- settings
	- INVALID_HASH
		- templates/settings/personal/development.notice.php

Raw output
==========
Array
(
    [settings] => Array
        (
            [INVALID_HASH] => Array
                (
                    [templates/settings/personal/development.notice.php] => Array
                        (
                            [expected] => 4c3e373e4830304ef2c59bcc7a29dd48122a4a43c2c41fda0b6ff78c8e213b2800d09d2e6baff7f56681548504b2da5a1a5dc7e4b52b45cffa2b042388b127fa
                            [current] => be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09
                        )

                )

        )

)

Nextcloud Logs

not applicable

Additional info

Observed on 34; the code is identical on stable32 through master (no setEMailAddress call in Profile.php or AccountManager.php).

Metadata

Metadata

Assignees

No one assigned

    Labels

    0. Needs triagePending check for reproducibility or if it fits our roadmap34-feedbackbug

    Type

    Fields

    No fields configured for Bug.

    Projects

    Status
    To triage

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions