devise_invitable icon indicating copy to clipboard operation
devise_invitable copied to clipboard
verified publisher icon scambra

Can't sign in as an existed user who has been invited

Open meliborn opened this issue 10 years ago • 5 comments

I tried to invite existed user. When I sent invite instruction and follow link in email it redirects me to sign up page. And when I try to sign in it shows me translation missing: ru.devise.failure.user.invited As I understood the problem is in overridden warden's method valid_password?. It always returns false if invitation_token present.

meliborn avatar Aug 05 '15 18:08 meliborn

Why is redirecting to sign up? What are your routes? Can you see in the log if there is a redirection or loading wrong controller action? If you are accepting invitation you should be getting accept invitation page, not sign up

scambra avatar Aug 06 '15 06:08 scambra

I'm encountering this problem as well, and the workflow is that an existing user will receive the invitation email, ignore it, try to log in, do a password reset, and try to log in after setting their password. The result is that the valid_password? method returns false in all cases. I'm having a hard time seeing where this default behavior would be desirable. If a user has a valid password AND an invitation, either there's no reason why the password should NOT be accepted.

karmajunkie avatar Feb 02 '16 03:02 karmajunkie

When user set the password, invitation should be accepted, then user must be allowed to sign in. https://github.com/scambra/devise_invitable/blob/master/lib/devise_invitable/model.rb#L168

Are you overriding block_from_invitation? or clear_reset_password_token methods?

scambra avatar Feb 03 '16 07:02 scambra

I also ran into this problem (users not being able to sign in) just recently. It turns out I had implemented code from the wiki (http://bit.ly/2w3kH2d) several years ago and forgot about it. It indeed disables the email, but the flash message indicates the email is being sent, which created confusion for me and new users. I removed the code since it is not needed in my particular use case, but I still need to track down why the invitation token remains for users, who receive an invitation and eventually confirm and supposedly set their password.

rhuppert avatar Sep 05 '17 16:09 rhuppert

I had a similar problem where users would use reset password instead of accepting the invitation. It turned out the password reset failed due to an invisible validation error on the user model. This would just show the password entry form again without any message.

mvz avatar Aug 25 '21 13:08 mvz