You can reproduce this bug yourself. I send out invites on a forum, and they arrive with a link like this:
You click the link, and see:
So far, so good. But then when I click Continue, I get:
I googled it and saw the only mention is in github language files for the repo. Looking up the key, I found this is the relevant code:
existing_user = get_existing_user
if existing_user.present? && InvitedUser.exists?(user_id: existing_user.id, invite_id: invite.id)
return if email.blank?
if invite.email.present? && email.downcase != invite.email.downcase
username, domain = email.split('@')
if domain.present? && invite.domain != domain
Somehow “email” is not empty, even though I am not logged in (try it yourself, in an incognito window). So where does “email” come from, in the code? Perhaps someone here would know.
Is the site setting
normalize_emails enabled on this site?
DiscourseConnect still active on this site?
I thought that you couldn’t create invites if SSO was turned on. Did that get changed in that recent update to invites,
I tried it with regular emails too like
email@example.com without +
I think your site has a bigger problem. If I click to log in I am automatically signed in as this user:
Invites shouldn’t be possible with SSO, and your external auth is letting users straight into the site. In that case the email is probably invalid because it’s comparing the email in the invite to the user above?
That’s it. The user is hard coded in the SSO code to test things so anyone who goes there is logged in as that user. So things see broken.
I’m still confused how you can send invites when sso is enabled.