⚠️ This issue respects the following points: ⚠️
Bug description
user:profile writes only the account property via IAccountManager::updateAccount() (core/Command/User/Profile.php, editProfileProperty()/deleteProfileProperty()). Neither Profile.php nor AccountManager call IUser::setEMailAddress(), so the preference settings/email keeps its old value. Consequences:
- The users page and the profile show no email address, but
IUser::getEMailAddress() still returns the old one — emails (activity mails, two-factor email codes, …) keep going to the supposedly deleted address.
UserChangedEvent for eMailAddress is never fired, so apps reacting to email changes (e.g. the twofactor_email provider disabling itself when the address is removed) do not notice.
Suggested fix
Special-case the email key in user:profile and route it through IUser::setEMailAddress() — exactly like user:setting already does for settings email (core/Command/User/Setting.php). The existing sync hook then updates the account property and the proper events fire.
I am happy to provide a PR using Claude Code if this direction is agreed.
Steps to reproduce
- Give a user a primary email address, e.g.
occ user:setting alice settings email alice@example.com (or via the users page)
- Run
occ user:profile alice email --delete (setting a new value shows the same problem)
- Compare
occ user:profile alice email (empty) with occ user:setting alice settings email (still returns the old address)
Expected behavior
The email address is changed consistently, like the personal settings UI, the provisioning API, and occ user:setting alice settings email do: account/profile data and the system email address (IUser::getEMailAddress()) stay in sync, and OCP\User\Events\UserChangedEvent (feature eMailAddress) is fired.
Nextcloud Server version
34
Operating system
Other
PHP engine version
PHP 8.5
Web server
Nginx
Database engine version
MariaDB
Is this bug present after an update or on a fresh install?
Upgraded to a MAJOR version (ex. 31 to 32)
Are you using the Nextcloud Server Encryption module?
Encryption is Disabled
What user-backends are you using?
Configuration report
{
"system": {
"instanceid": "***REMOVED SENSITIVE VALUE***",
"serverid": "0",
"trusted_domains": [
"mars.seyfarth.de"
],
"memcache.local": "\\OC\\Memcache\\APCu",
"memcache.distributed": "\\OC\\Memcache\\Redis",
"memcache.locking": "\\OC\\Memcache\\Redis",
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"port": 0,
"dbindex": 1,
"timeout": 1.5
},
"maintenance_window_start": "0",
"logtimezone": "Europe\/Berlin",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_smtpmode": "smtp",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_smtpsecure": "tls",
"mail_sendmailmode": "smtp",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": "25",
"skeletondirectory": "",
"default_locale": "de_DE",
"default_phone_region": "DE",
"theme": "",
"loglevel": 3,
"simpleSignUpLink.shown": false,
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "mysql",
"overwrite.cli.url": "https:\/\/mars.seyfarth.de",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"mysql.utf8mb4": true,
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"version": "34.0.1.2",
"updater.release.channel": "beta",
"maintenance": false,
"twofactor_enforced": "true",
"twofactor_enforced_excluded_groups": [
"2FA_exception"
],
"app_install_overwrite": [
"twofactor_email"
]
}
}
List of activated Apps
Enabled:
- activity: 7.0.0
- admin_audit: 1.24.0
- appstore: 1.0.0
- bruteforcesettings: 7.0.0
- cloud_federation_api: 1.18.0
- csp_editor: 2.0.0
- dav: 1.39.0
- federatedfilesharing: 1.24.0
- files: 2.6.0
- files_lock: 34.0.0
- files_sharing: 1.26.0
- logreader: 7.0.0
- lookup_server_connector: 1.22.0
- notifications: 7.0.0-dev.1
- oauth2: 1.22.0
- office: 1.0.0
- profile: 1.3.0
- provisioning_api: 1.24.0
- serverinfo: 6.0.0
- settings: 1.17.0
- theming: 2.9.0
- twofactor_backupcodes: 1.23.0
- twofactor_email: 3.3.0
- twofactor_nextcloud_notification: 8.0.0
- twofactor_totp: 16.0.0
- twofactor_webauthn: 2.7.0
- updatenotification: 1.24.0
- viewer: 7.0.0-dev.0
- workflowengine: 2.16.0
Disabled:
- app_api: 34.0.0 (installed 32.0.0)
- circles: 34.0.0 (installed 33.0.0-dev.0)
- comments: 1.24.0 (installed 1.12.0)
- contactsinteraction: 1.15.0 (installed 1.4.0)
- dashboard: 7.14.0 (installed 7.2.0)
- encryption: 2.22.0
- federation: 1.24.0 (installed 1.12.0)
- files_downloadlimit: 5.2.0-dev.0 (installed 3.0.0)
- files_external: 1.26.0
- files_pdfviewer: 7.0.0-dev.0 (installed 2.5.0)
- files_reminders: 1.7.0 (installed 1.3.0)
- files_trashbin: 1.24.0 (installed 1.17.0)
- files_versions: 1.27.0 (installed 1.17.0)
- firstrunwizard: 7.0.0-dev.0 (installed 2.12.0)
- impersonate: 4.0.0 (installed 4.0.0)
- nextcloud_announcements: 6.0.0 (installed 1.12.0)
- password_policy: 6.0.0-dev.0 (installed 4.0.0-dev.0)
- photos: 7.0.0 (installed 1.5.0)
- privacy: 6.0.0-dev.1 (installed 1.7.0)
- recommendations: 7.0.0 (installed 1.2.0)
- related_resources: 5.0.0-dev.0 (installed 1.5.0)
- sharebymail: 1.24.0 (installed 1.23.0)
- support: 6.0.0 (installed 1.6.0)
- survey_client: 6.0.0-dev.0 (installed 1.11.0)
- suspicious_login: 12.0.0-dev.0 (installed 4.2.0)
- systemtags: 1.24.0 (installed 1.12.0)
- testing: 1.24.0
- text: 8.0.0 (installed 3.8.0)
- twofactor_gateway: 3.3.0 (installed 3.2.0)
- user_ldap: 1.25.0
- user_status: 1.14.0 (installed 1.2.0)
- weather_status: 1.14.0 (installed 1.2.0)
- webhook_listeners: 1.6.0 (installed 1.1.0-dev)
Nextcloud Signing status
Technical information
=====================
The following list covers which files have failed the integrity check. Please read
the previous linked documentation to learn more about the errors and how to fix
them.
Results
=======
- settings
- INVALID_HASH
- templates/settings/personal/development.notice.php
Raw output
==========
Array
(
[settings] => Array
(
[INVALID_HASH] => Array
(
[templates/settings/personal/development.notice.php] => Array
(
[expected] => 4c3e373e4830304ef2c59bcc7a29dd48122a4a43c2c41fda0b6ff78c8e213b2800d09d2e6baff7f56681548504b2da5a1a5dc7e4b52b45cffa2b042388b127fa
[current] => be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09
)
)
)
)
Nextcloud Logs
Additional info
Observed on 34; the code is identical on stable32 through master (no setEMailAddress call in Profile.php or AccountManager.php).
Bug description
user:profilewrites only the account property viaIAccountManager::updateAccount()(core/Command/User/Profile.php,editProfileProperty()/deleteProfileProperty()). NeitherProfile.phpnorAccountManagercallIUser::setEMailAddress(), so the preferencesettings/emailkeeps its old value. Consequences:IUser::getEMailAddress()still returns the old one — emails (activity mails, two-factor email codes, …) keep going to the supposedly deleted address.UserChangedEventforeMailAddressis never fired, so apps reacting to email changes (e.g. the twofactor_email provider disabling itself when the address is removed) do not notice.Suggested fix
Special-case the
emailkey inuser:profileand route it throughIUser::setEMailAddress()— exactly likeuser:settingalready does forsettings email(core/Command/User/Setting.php). The existing sync hook then updates the account property and the proper events fire.I am happy to provide a PR using Claude Code if this direction is agreed.
Steps to reproduce
occ user:setting alice settings email alice@example.com(or via the users page)occ user:profile alice email --delete(setting a new value shows the same problem)occ user:profile alice email(empty) withocc user:setting alice settings email(still returns the old address)Expected behavior
The email address is changed consistently, like the personal settings UI, the provisioning API, and
occ user:setting alice settings emaildo: account/profile data and the system email address (IUser::getEMailAddress()) stay in sync, andOCP\User\Events\UserChangedEvent(featureeMailAddress) is fired.Nextcloud Server version
34
Operating system
Other
PHP engine version
PHP 8.5
Web server
Nginx
Database engine version
MariaDB
Is this bug present after an update or on a fresh install?
Upgraded to a MAJOR version (ex. 31 to 32)
Are you using the Nextcloud Server Encryption module?
Encryption is Disabled
What user-backends are you using?
Configuration report
{ "system": { "instanceid": "***REMOVED SENSITIVE VALUE***", "serverid": "0", "trusted_domains": [ "mars.seyfarth.de" ], "memcache.local": "\\OC\\Memcache\\APCu", "memcache.distributed": "\\OC\\Memcache\\Redis", "memcache.locking": "\\OC\\Memcache\\Redis", "redis": { "host": "***REMOVED SENSITIVE VALUE***", "port": 0, "dbindex": 1, "timeout": 1.5 }, "maintenance_window_start": "0", "logtimezone": "Europe\/Berlin", "mail_from_address": "***REMOVED SENSITIVE VALUE***", "mail_smtpmode": "smtp", "mail_domain": "***REMOVED SENSITIVE VALUE***", "mail_smtpsecure": "tls", "mail_sendmailmode": "smtp", "mail_smtphost": "***REMOVED SENSITIVE VALUE***", "mail_smtpport": "25", "skeletondirectory": "", "default_locale": "de_DE", "default_phone_region": "DE", "theme": "", "loglevel": 3, "simpleSignUpLink.shown": false, "passwordsalt": "***REMOVED SENSITIVE VALUE***", "secret": "***REMOVED SENSITIVE VALUE***", "datadirectory": "***REMOVED SENSITIVE VALUE***", "dbtype": "mysql", "overwrite.cli.url": "https:\/\/mars.seyfarth.de", "dbname": "***REMOVED SENSITIVE VALUE***", "dbhost": "***REMOVED SENSITIVE VALUE***", "dbport": "", "dbtableprefix": "oc_", "mysql.utf8mb4": true, "dbuser": "***REMOVED SENSITIVE VALUE***", "dbpassword": "***REMOVED SENSITIVE VALUE***", "installed": true, "version": "34.0.1.2", "updater.release.channel": "beta", "maintenance": false, "twofactor_enforced": "true", "twofactor_enforced_excluded_groups": [ "2FA_exception" ], "app_install_overwrite": [ "twofactor_email" ] } }List of activated Apps
Nextcloud Signing status
Nextcloud Logs
not applicableAdditional info
Observed on 34; the code is identical on stable32 through master (no
setEMailAddresscall inProfile.phporAccountManager.php).