August 16, 2022, 9:18pm
You can reproduce this bug yourself. I send out invites on a forum, and they arrive with a link like this:
You click the link, and see:
So far, so good. But then when I click Continue, I get:
I googled it and saw the only mention is in github language files for the repo. Looking up the key, I found this is the relevant code:
existing_user = get_existing_user
if existing_user.present? && InvitedUser.exists?(user_id: existing_user.id, invite_id: invite.id)
return if email.blank?
if invite.email.present? && email.downcase != invite.email.downcase
username, domain = email.split('@')
if domain.present? && invite.domain != domain
Somehow “email” is not empty, even though I am not logged in (try it yourself, in an incognito window). So where does “email” come from, in the code? Perhaps someone here would know.
August 16, 2022, 9:26pm
Is the site setting
normalize_emails enabled on this site?
August 16, 2022, 9:34pm
DiscourseConnect still active on this site?
I thought that you couldn’t create invites if SSO was turned on. Did that get changed in that recent update to invites,
August 16, 2022, 9:51pm
I tried it with regular emails too like
firstname.lastname@example.org without +
August 17, 2022, 12:37am
I think your site has a bigger problem. If I click to log in I am automatically signed in as this user:
Invites shouldn’t be possible with SSO, and your external auth is letting users straight into the site. In that case the email is probably invalid because it’s comparing the email in the invite to the user above?
August 17, 2022, 12:42am
That’s it. The user is hard coded in the SSO code to test things so anyone who goes there is logged in as that user. So things see broken.
I’m still confused how you can send invites when sso is enabled.
January 18, 2023, 1:47pm
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.