zulip
bots: Allow admins and bot owners to change bot's short_name.
This commit adds the ability for admins and bot owners to change a bot's short_name (the first part of the bot's email address).
Changes:
-
Add short_name parameter to PATCH /json/bots/{bot_id} endpoint
-
Extract current short_name from bot email and validate new one
-
Update bot email using do_change_user_delivery_email()
-
Make bot email field editable in Manage bot UI
-
Add comprehensive tests for permissions, validation, and edge cases
Fixes #34604.
Fixes: Allow admins and bot owners to change bots' short_name https://github.com/zulip/zulip/issues/34604
How changes were tested:
Automated Tests:
- Added 6 comprehensive test cases in
zerver/tests/test_bots.py:-
test_patch_bot_short_name: Verified bot owner can successfully change their bot's short_name -
test_patch_bot_short_name_admin: Verified admins can change any bot's short_name -
test_patch_bot_short_name_unauthorized: Verified non-owner, non-admin users cannot change short_name (returns "Insufficient permission" error) -
test_patch_bot_short_name_duplicate: Verified duplicate email validation prevents changing to an already-used short_name -
test_patch_bot_short_name_invalid: Verified empty/invalid short_name is rejected with proper error message -
test_patch_bot_short_name_no_change: Verified no-op behavior when submitting the same short_name
-
- All tests pass successfully and verify proper email updates, permission checks, and error handling
Manual Testing:
- Tested in the Zulip development environment UI:
- Navigated to Settings → Bots → "Manage bot" tab
- Verified the bot email field is editable (shows short_name input with
-bot@{domain}displayed as text) - Confirmed warning message appears: "Warning: Changing the bot email will break existing integrations using the old email address."
- Tested changing short_name as bot owner - email updated successfully
- Tested changing short_name as admin for another user's bot - worked correctly
- Verified bot email updates in the bot list after saving changes
- Confirmed bot functionality remains intact after email change
Edge Cases Tested:
- Duplicate email prevention (attempting to use an existing bot's short_name)
- Invalid input validation (empty strings, special characters)
- Permission enforcement (non-owner cannot change)
- No-op behavior (submitting unchanged short_name)
Screenshots and screen captures:
Hello @zulip/server-integrations members, this pull request was labeled with the "area: integrations" label, so you may want to check it out!
Thanks! Please go through our guide on submitting a pull request to learn how to present your proposed changes to Zulip, so that your work can be reviewed.
@alya Sure! Will keep that in mind from next time, and also will fix the linter issues so that you can review and merge the PR
Thanks for the feedback @alya . Sorry for the extra commits and failed checks earlier. All CI checks are now passing, and the PR is ready for review.
Feature Summary: This PR allows admins and bot owners to change a bot's short_name (the first part of the bot's email address, e.g., {short_name}-bot@domain). Previously, short_name could only be set when creating a bot. This enables reusing deactivated bot names and provides more flexibility in bot management.
The changes include:
- Backend API support for updating short_name via PATCH /json/bots/{bot_id}
- UI updates to make the bot email field editable in the "Manage bot" modal
- Proper validation and permission checks (only bot owners and admins can change short_name)
Please assign a reviewer when convenient. I'll follow the PR submission guidelines more carefully going forward.
Great to see your first contribution!
This PR is not ready for review yet. The description is too verbose—please follow the PR guidelines carefully. You don’t need to restate things that are already obvious from the code changes, and you should not remove the existing PR description template. Make sure to complete the self-review checklist included in the template.
Sure! Will keep that in mind from next time
This isn’t about the next time. Please review the guidelines carefully now and update this PR accordingly.
The PR description doesn't have our self-review checklist and shows signs of having AI-generated claims about how it's tested.
Please carefully review our AI use policy.
Updated the PR per guidelines, restored the template, completed the self‑review checklist, and uploaded the screenshot. Ready for review. Thanks @timabbott @santhoshh-kumar for helping me!
@alya I've updated the PR description, along with refactored commits, separate commits for frontend changes and backend changes! following the Commit discipline!
Thanks! Where was the warning text in your screenshot discussed? Or is that just your proposal?
Thanks @alya ! On the warning text: it’s my proposal, not previously discussed. I’ve also updated the commit titles to the expected format and force‑pushed.
OK, you can put adding the warning in a separate commit, and propose the idea in the thread linked from the issue (#integrations > change bot's full_name and short_name @ 💬).
@saiyam0211 you would need to fix the commit structure here.
- Any refactors should be in a preparatory commit which should be before the commit that makes the changes required to fix the issue.
- Each commit should pass the test inidividually, so you should not have changes to fix the tests in previous commit in the next commit.
See https://zulip.readthedocs.io/en/latest/contributing/commit-discipline.html#each-commit-must-be-coherent for details.
Updated the commits and now code follows commit discipline and has been tested. Ready for review. @sahil839
I cannot see some of the changes that you mentioned you would do in the comments. And commit structure also looks messed up with the preparatory commit including the API changes for changing bot's short name.
Also, I remembered now that you would also need to add a changelog entry for API change.
Fixed! I've cleaned up the commit structure, the preparatory refactor is now separate from the feature commit. Also added the changelog entry for the API change (feature level 443, since upstream already took 442 for the Tenor changes while I was working on this).
Had to rebase on latest main which is why the commits look different now.
One issue: CI is failing because it can't find the API documentation for /api/update-bot. I see the endpoint is implemented and I added the changelog entry, but I'm not sure where the OpenAPI spec documentation should go. I couldn't find a /bots/{bot_id} entry in zerver/openapi/zulip.yaml. Could you point me to where I should add that documentation?
(The other CI failures about the university-of-cordoba template seem to be from upstream changes, not related to my PR.)
@sahil839
Since jQuery validation isn't set up for the bot edit form (no .validate() call), I've removed the unused error label element. @sahil839
@sahil839 I've reviewed all the changes carefully to ensure they're correct. Thank you for your patience!
@sahil839 I've reviewed all changes carefully before pushing. Thank you for your patience in helping me get this right!
@sahil839 You're absolutely right, I apologize for the confusion. Fixed!
Looks good to me. @alya do you want to have a look? I am not sure about how we should style the warning text, whetehr we should style it somewhat different than other text.
Yeah, we'll want to move towards the design here.
In the new design, I guess it's the same as the font for notes above the field, so we could use the custom profile field description font for now.
This is failing to handle improper inputs. Like changing the email to commit@@@ looks like it goes through, but then appears this way when you reopen the modal:
I would expect it to give an error rather than "Saved", and outline the email field in red.
@alya Thank you for the detailed feedback! I've addressed all three issues: 1. CSS width constraint removed Removed the max-width: 25em constraint on .email_change_container .settings-field-hint so the warning text can display on one line. 2. Warning text simplified Changed from:
"Warning: Changing the bot email will break existing integrations using the old email address." To: "Integrations will need to be updated to use the new email address." This is much more concise and action-oriented. 3. Input validation added Added frontend validation for the bot short_name field:
- Validates that only characters valid in an email address are used (using the same regex pattern as the bot creation flow: is_valid_bot_short_name)
- Shows an error message at the top of the modal if validation fails
- Highlights the input field with a red border (using Zulip's standard invalid class styling)
- Focuses the input field so the user can immediately fix the error
- Clears the error state when the user starts typing again
Now if someone tries to enter commit@@@ or other invalid characters, they'll see:
- An error message: "Please only use characters that are valid in an email address"
- The input field outlined in red
- No "Saved" message (the form won't submit)
The validation uses the same regex pattern as settings_bots.ts for consistency across bot creation and editing.
Ok, please add updated screenshots demonstrating all your changes to the PR description (and remove the outdated screenshot).
@alya Done! I've updated the PR description with new screenshots demonstrating:
- Valid input - Shows the bot edit form with a valid short_name and the successful save
-
Invalid input validation - Shows what happens when entering invalid characters (
like commit@@@):
- Error message at the top: "Please only use characters that are valid in an email address"
- Input field outlined in red
- No "Saved" message (form doesn't submit)
- Simplified warning text - Shows the new one-line warning message
I've removed the outdated screenshot. All the changes from your feedback are now visible in the screenshots.