Don't require user email addresses

[AJMansfield]

Is this a bug or a feature request?

Not sure, probably a bug?

What did you expect?

When creating a user for a script to use to integrate with the app server to send and recieve data, I expected to be allowed to leave the E-mail address field blank. While for users associated with an actual person it would make sense to input an email, a user associated with an automated process shouldn't need an email.

Additionally, I expected to be able to edit the other fields of an existing user with no email address (such as the default admin user), without needing to add an associated email.

What happened?

When pressing the "create user" button on the "Users / Create" page (path #/users/create) with the email address field blank, a popup bubble appeared on the email address field indicating to "Please fill out this field.", rather than creating the user with no associated email as expected.

A similar issue affects attempts to edit user details. Attempting to delete an existing email address results in the same error bubble. Worse, attempting to edit an existing user that already doesn't have an associated email, also results in this error, requiring the user to add an email address in order to be able to make any other changes.

What version are your using?

LoRa App Server version 2.4.1.

How can your issue be reproduced?

For creating the user simply attempt to create a test user without any email address, like in the image above.

For removing the email, create user testuser with a dummy email (e.g. test-user@example.com), then navigate to the user settings page, clear the email field, and attempt to save the changes.

For editing a user that already has no email, first remove the test user's email. From the shell run sudo -u psql -d loraserver_as, and run:

UPDATE "user" SET email = DEFAULT WHERE username = 'testuser';

Then navigate to the user settings page, edit the notes field, and attempt to save the changes.

Could you share your log output?

Normally attempting to create or edit the user doesn't produce any server log output, as the restriction is also enforced client-side. However, if I circumvent this ($('#email').removeAttribute('required')), it allows it to submit and attempting to create a user with no email generates this log when it's rejected on the server. (This also results in a different popup, "invalid e-mail (code: 3)", but otherwise behaves the same.)

-- Logs begin at Tue 2019-01-15 16:38:08 UTC. --
Jan 17 16:48:43 ip-███-██-██-███ lora-app-server[1326]: time="2019-01-17T16:48:43Z" level=info msg="finished unary call with code OK" grpc.code=OK grpc.method=List grpc.service=api.UserService grpc.start_time="2019-01-17T16:48:43Z" grpc.time_ms=3.817 peer.address="127.0. 0.1:37138" span.kind=server system=grpc
Jan 17 16:49:14 ip-███-██-██-███ lora-app-server[1326]: time="2019-01-17T16:49:14Z" level=info msg="finished unary call with code InvalidArgument" error="rpc error: code = InvalidArgument desc = invalid e-mail" grpc.code=InvalidArgument grpc.method=Create grpc.service=ap i.UserService grpc.start_time="2019-01-17T16:49:14Z" grpc.time_ms=3.637 peer.address="127.0.0.1:37138" span.kind=server system=grpc

[brocaar]

This is not a bug and is expected. Making the e-mail address optional is not the right solution for this I believe. It would be better to implement a feature like API tokens that can be created / revoked to grant other applications access to the API.