Skip to content

FIX: Allow existing users to accept invites that add them to a group. #32762

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
May 16, 2025
Merged

FIX: Allow existing users to accept invites that add them to a group. #32762

merged 3 commits into from
May 16, 2025

Conversation

pento
Copy link
Member

@pento pento commented May 16, 2025

✨ What's This?

This is a tweak to the change in #31301.

That change allowed existing users to be redirected to a topic that they already have access to by bypassing the invite acceptance step, and simply redirecting them there. Since some invites also add the invited user to one or more groups as well, this was causing the group adding step to be skipped in existing workflows.

This change addresses the issue by checking to see if the user would be added to any groups before redirecting. To avoid introducing a CSRF issue, it works by forcing the user through the normal invite acceptance flow, ensure there's user interaction before being added to any groups.

This change also tweaks the behaviour of #31301 to not follow redirects of expired invitations.

👑 Testing

Basic functionality

  1. Create a test user.
  2. Create an invite that lands on a topic that the test user can access already.
  3. Add a group to the invite (which the test user isn’t currently a member of).
  4. Login as the test user.
  5. Visit the invite link with that user.

Variations

  1. Add the test user to the group before they visit the link.
  2. Add multiple groups to the invite, of which the test user is a member of some, or all.

@pento pento self-assigned this May 16, 2025
lis2
lis2 approved these changes May 16, 2025
View reviewed changes
@lis2
Copy link
Contributor

lis2 commented May 16, 2025

🚀

@pento @lis2
Apply suggestions from code review
cfb144a 
Co-authored-by: Krzysztof Kotlarek <kotlarek.krzysztof@gmail.com>
@pento pento merged commit 6720075 into main May 16, 2025
16 checks passed
@pento pento deleted the pento/fix-invite-existing-user-to-group-with-redirect branch May 16, 2025 06:42
@discoursebot
Copy link

This pull request has been mentioned on Discourse Meta. There might be relevant details there:

https://meta.discourse.org/t/existing-users-dont-get-added-to-groups-in-an-invite-if-they-can-already-access-the-topic-the-invite-directs-to/365406/6

@SamSaffron SamSaffron mentioned this pull request May 23, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lis2 lis2 lis2 approved these changes

Assignees

@pento pento

Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@pento @lis2 @discoursebot