search

portagenetwork / roadmap

Developed by the the Alliance in collaboration with University of Alberta, DMP Assistant a data management planning tool, forking the DMP Roadmap codebase
MIT License
6 stars 1 forks source link

Some Users With Outstanding Collaboration Invitations Are Unable To Create An Account #664

Open aaronskiba opened 5 months ago

aaronskiba commented 5 months ago

Please complete the following fields as applicable:

What version of the DMPRoadmap code are you running? (e.g. v2.2.0)

Expected behaviour:

Actual behaviour:

Diagnosis

Affected Users Screenshot from 2024-02-15 15-32-47 (invitation_token appears to be set to null after a user successfully creates an account.)

aaronskiba commented 5 months ago 
  def create
    oauth = { provider: nil, uid: nil }
    IdentifierScheme.for_users.each do |scheme|
      oauth = session["devise.#{scheme.name.downcase}_data"] unless session["devise.#{scheme.name.downcase}_data"].nil?
    end

    blank_org = if Rails.configuration.x.application.restrict_orgs
                  sign_up_params[:org_id]['id'].blank?
                else
                  sign_up_params[:org_id].blank?
                end

    if sign_up_params[:accept_terms].to_s == '0'
      redirect_to after_sign_up_error_path_for(resource),
                  alert: _('You must accept the terms and conditions to register.')
    elsif blank_org
      redirect_to after_sign_up_error_path_for(resource),
                  alert: _('Please select an organisation from the list, or choose Other.')
    else
      existing_user = User.where_case_insensitive('email', sign_up_params[:email]).first
      if existing_user.present?
        if existing_user.invitation_token.present? && !existing_user.accept_terms?
          # If the user is creating an account but they have an outstanding invitation, remember
          # any plans that were shared with the invitee so we can attach them to the new User record
          shared_plans = existing_user.roles
                                      .select(&:active?)
                                      .map { |role| { plan_id: role.plan_id, access: role.access } }
          existing_user.destroy
        else
          redirect_to after_sign_up_error_path_for(resource),
                      alert: _('That email address is already registered.')
          return
        end
      end

Because the migration changed the nil accept_terms values to true, we can see how any affected users that also had an existing invitation_token are now unable to create an account (direct_to after_sign_up_error_path_for(resource), alert: _('That email address is already registered.' would be executed).

aaronskiba commented 5 months ago 
SELECT created_at, updated_at, invitation_created_at, invitation_sent_at
FROM users
WHERE invitation_token IS NOT null
AND accept_terms = true
ORDER BY invitation_created_at DESC
LIMIT 1;

Screenshot from 2024-02-16 12-02-14

The most recent occurence of this was on February 21, 2023; the same date as the release that performed the migration from MariaDB. https://github.com/portagenetwork/roadmap/releases/tag/3.1.0%2Bportage-3.1.0

aaronskiba commented 4 months ago

This idea was applied to a single user in the production environment (i.e. A user where accept_terms = TRUE and invitation_token IS NOT NULL was updated in the db so that accept_terms = NULL). The fix was successful.