calcom
fix(api): return original email without OAuth suffix in bookings
What does this PR do?
This PR fixes a bug in API v2 (2024-08-13) where emails in booking API responses contained the OAuth client ID as a suffix (+{cuid}). This suffix exists to prevent email collisions between managed users of different OAuth clients.
Fixes #25494 | Linear: CAL-6843
Problem:
- Managed user emails were returned as:
[email protected] - Expected display:
[email protected]
Solution:
To avoid breaking changes for platform customers who may rely on the original email format, we preserve the original email field and add a new displayEmail field with the CUID suffix removed.
Key Changes:
- Add
getDisplayEmail()helper to strip CUID suffix from emails - Add
displayEmailfield to all relevant response objects - Keep original
emailfield unchanged for backwards compatibility
Regex pattern used: /\+[a-zA-Z0-9]{25}/ (CUID format, consistent with google-calendar.service.ts)
Affected Fields
| Field | Value |
|---|---|
hosts[].email |
bob+{cuid}@example.com (unchanged) |
hosts[].displayEmail |
[email protected] (new) |
attendees[].email |
bob+{cuid}@example.com (unchanged) |
attendees[].displayEmail |
[email protected] (new) |
bookingFieldsResponses.email |
bob+{cuid}@example.com (unchanged) |
bookingFieldsResponses.displayEmail |
[email protected] (new) |
bookingFieldsResponses.guests[] |
guest+{cuid}@example.com (unchanged) |
bookingFieldsResponses.displayGuests[] |
[email protected] (new) |
reassignedTo.email |
bob+{cuid}@example.com (unchanged) |
reassignedTo.displayEmail |
[email protected] (new) |
How should this be tested?
Test Scenario 1 - Managed user as HOST:
- Create an event type using managed user's access token
- Create booking on that event type (external user booking managed user)
GET /v2/bookings/{uid}with headerCal-Api-Version: 2024-08-13- Verify
hosts[].emailreturns original email with suffix - Verify
hosts[].displayEmailreturns email without suffix
Test Scenario 2 - Managed user as ATTENDEE:
- Create booking where attendee is a managed user
GET /v2/bookings/{uid}with headerCal-Api-Version: 2024-08-13- Verify
attendees[].emailreturns original email with suffix - Verify
attendees[].displayEmailreturns email without suffix
Test Scenario 3 - Self-booking:
- Managed user books their own event type
- Verify both
emailanddisplayEmailfields are present and correct
Expected result: email fields preserve original value, displayEmail fields return clean email without +{cuid} suffix
Mandatory Tasks
- [x] I have self-reviewed the code
- [ ] I have updated the developer docs in /docs if this PR makes changes that would require a documentation change.
- [ ] I confirm automated tests are in place that prove my fix is effective or that my feature works.
The latest updates on your projects. Learn more about Vercel for GitHub.
3 Skipped Deployments
| Project | Deployment | Review | Updated (UTC) |
|---|---|---|---|
| cal |  Ignored |
Dec 19, 2025 9:09pm | |
| cal-companion | Ignored |
Preview | Dec 19, 2025 9:09pm |
| cal-eu | Ignored |
Dec 19, 2025 9:09pm |
![vercel[bot] avatar](https://avatars.githubusercontent.com/in/8329?v=4 "Published by a pub.dev verified publisher"){kind=small}
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}