Invited users who click on the invite link and sign up, subsequently gets auto logged into the forum even without activating their account through the activation email sent after sign up. I believe this may be a bug, as if the user logs out, he is unable to sign in again unless he/she activates his account through the activation email.
Steps to reproduce:
- Send invite to firstname.lastname@example.org
- xyz clicks on invite link
- xyz signs up
- xyz gets logged into forum upon sign up. meanwhile, activation email is sent to email@example.com
- xyz gets full access to forum, but only has trust level 0 (does not get assigned to any group, even if his email’s domain is set to auto join a particular one)
- xyz logs out
- xyz tries to log in again but is unsuccessful. xyz sees the following message: " You can’t log in yet. We previously sent an activation email to you at firstname.lastname@example.org. Please follow the instructions in that email to activate your account."
Questions on my mind:
- If users are given an invite link & sign up through the link, why do they still need to go through an additional step to activate their accounts?
- Even if there is a good reason to require the additional account activation step, why are these invited users auto-logged in before activating their account?