users: Reduce date_joined precision to minutes.

Fixes #31188, removing a lot of useless high-entropy data from the /register response. Signed-off-by: Anders Kaseorg <anders@zulip.com> (cherry picked from commit 8f1a97f168)
2025-10-31 12:03:46 +00:00 · 2024-07-31 11:33:01 -07:00
parent efed087741
commit 3c7dcce08d
2 changed files with 5 additions and 6 deletions
--- a/zerver/lib/users.py
+++ b/zerver/lib/users.py
@@ -7,7 +7,6 @@ from email.headerregistry import Address
 from operator import itemgetter
 from typing import Any, TypedDict

-import dateutil.parser as date_parser
 from django.conf import settings
 from django.core.exceptions import ValidationError
 from django.db.models import Q, QuerySet
@@ -510,18 +509,18 @@ def format_user_row(
        full_name=row["full_name"],
        timezone=canonicalize_timezone(row["timezone"]),
        is_active=row["is_active"],
-        date_joined=row["date_joined"].isoformat(),
+        # Only send day level precision date_joined data to spectators.
+        date_joined=row["date_joined"].date().isoformat()
+        if acting_user is None
+        else row["date_joined"].isoformat(timespec="minutes"),
        delivery_email=delivery_email,
    )

    if acting_user is None:
        # Remove data about other users which are not useful to spectators
        # or can reveal personal information about a user.
-        # Only send day level precision date_joined data to spectators.
        del result["is_billing_admin"]
        del result["timezone"]
-        assert isinstance(result["date_joined"], str)
-        result["date_joined"] = str(date_parser.parse(result["date_joined"]).date())

    # Zulip clients that support using `GET /avatar/{user_id}` as a
    # fallback if we didn't send an avatar URL in the user object pass
--- a/zerver/tests/test_users.py
+++ b/zerver/tests/test_users.py
@@ -1450,7 +1450,7 @@ class UserProfileTest(ZulipTestCase):
            return dict(
                # bot-specific fields
                avatar_url=avatar_url,
-                date_joined=user.date_joined.isoformat(),
+                date_joined=user.date_joined.isoformat(timespec="minutes"),
                delivery_email=email,
                email=email,
                full_name=user.full_name,