EGreg
(Greg Magarshak)
August 16, 2022, 9:18pm
1
You can reproduce this bug yourself. I send out invites on a forum, and they arrive with a link like this:
You click the link, and see:
So far, so good. But then when I click Continue, I get:
I googled it and saw the only mention is in github language files for the repo. Looking up the key, I found this is the relevant code:
existing_user = get_existing_user
if existing_user.present? && InvitedUser.exists?(user_id: existing_user.id, invite_id: invite.id)
return false
end
true
end
def validate_invite_email!
return if email.blank?
if invite.email.present? && email.downcase != invite.email.downcase
raise ActiveRecord::RecordNotSaved.new(I18n.t('invite.not_matching_email'))
end
if invite.domain.present?
username, domain = email.split('@')
if domain.present? && invite.domain != domain
raise ActiveRecord::RecordNotSaved.new(I18n.t('invite.domain_not_allowed'))
Somehow “email” is not empty, even though I am not logged in (try it yourself, in an incognito window). So where does “email” come from, in the code? Perhaps someone here would know.
Falco
(Falco)
August 16, 2022, 9:26pm
2
Is the site setting normalize_emails
enabled on this site?
pfaffman
(Jay Pfaffman)
August 16, 2022, 9:34pm
3
And is DiscourseConnect still active on this site?
I thought that you couldn’t create invites if SSO was turned on. Did that get changed in that recent update to invites, @Falco ?
3 Likes
EGreg
(Greg Magarshak)
August 16, 2022, 9:51pm
4
I tried it with regular emails too like foo@bar.com without +
1 Like
Stephen
(Stephen)
August 17, 2022, 12:37am
5
I think your site has a bigger problem. If I click to log in I am automatically signed in as this user:
Invites shouldn’t be possible with SSO, and your external auth is letting users straight into the site. In that case the email is probably invalid because it’s comparing the email in the invite to the user above?
3 Likes
pfaffman
(Jay Pfaffman)
August 17, 2022, 12:42am
6
That’s it. The user is hard coded in the SSO code to test things so anyone who goes there is logged in as that user. So things see broken.
I’m still confused how you can send invites when sso is enabled.
2 Likes
system
(system)
Closed
January 18, 2023, 1:47pm
7
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.