search

plausible / analytics

Simple, open source, lightweight (< 1 KB) and privacy-friendly web analytics alternative to Google Analytics.
https://plausible.io
GNU Affero General Public License v3.0
19.69k stars 1.05k forks source link

Invite link generation fails for previously removed users #2553

Closed colinwilson closed 1 year ago

colinwilson commented 1 year ago

Past Issues Searched

Issue is a Bug Report

Using official Plausible Cloud hosting or self-hosting?

Self-hosting

Describe the bug

Not sure if this is a bug or expected behaviour.

If an invited user is subsequently removed (via settings/people), the generated registration link in any further invites incorrectly links to http(s)://plausible-domain/sites as opposed to a valid registration link e.g. https://plausible-domain/register/invitation/pYr6tDgLv5GWtDqSwMvM4.

Do you have to wait 48hrs before sending another invite?

example invite email template:

Hey,

colin@my-domain.com has invited you to the colinwilson.uk site on Plausible Analytics. Click here to view and respond to the invitation. The invitation will expire 48 hours after this email is sent.

Regards, The Plausible Team 💌

--

http(s)://plausible-domain/

Expected behavior

Expect a valid invite link in the invite email if the invited users' email has already been remove from Pending Invitations by an owner/admin user

Hey,

colin@my-domain.com has invited you to join the colinwilson.uk site on Plausible Analytics. Click here to create your account. The link is valid for 48 hours after this email is sent.

Plausible is a lightweight and open-source website analytics tool. We hope you like our simple and ethical approach to tracking website visitors.

Regards, The Plausible Team 💌

--

http(s)://plausible-domain/

Screenshots

No response

Environment

- Plausible Version: 1.5.1
- DISABLE_REGISTRATION set to `invite_only`
colinwilson commented 1 year ago

Just confirmed that once a user has set up their password and accepted their invitation removing them via setting/people in the UI sends the 'revoked access' email but fails to delete them from the postgres users table if they no longer have membership to any sites.

ruslandoga commented 1 year ago

@colinwilson 👋

Sorry for taking so long to reply. This does appear to be a feature:

https://github.com/plausible/analytics/blob/c4b8bf8c3281068dd242948ae4e8d1e0fb1dc3e6/lib/plausible_web/controllers/site/membership_controller.ex#L65-L70

The template differs based on whether the user already exists. The existing users can accept the invitation on /sites. Looks like this:

Screenshot 2023-01-18 at 21 51 23

My steps to reproduce this were:

colinwilson commented 1 year ago

@ruslandoga Thank you. 👍