Open chriddyp opened 3 years ago
Thanks for the report! I've noticed this as well, my guess is that the query string param is getting stripped by our CDN.
Does this mean anyone currently trying to invite contributors to their projects is currently blocked, or is there a workaround? Any idea why this used to work and now doesn't?
It's easy to work around because the same page also displays all pending invitations.
I can reproduce this and in fact after accepting an invitation, visiting the link /account/verify-project-role/?token=FOOBAR
still consistently produces the "Invalid token: no token supplied" error.. in this case from a redeemed token. Using an invalid token also produces the "no token supplied" error.
I just did a test to see if the ?next=/some/path
parameter works during login. It does, but it also seems like it has issues..
next
parameter incomplete?The Login step seems to preserve the URL path, not the URL params. So the invitation token is lost during login.
https://pypi.org/account/login/?next=%2Faccount%2Fverify-project-role%2F
This should be something like this, adding ?token=INSERTTOKENHERE
to the URL.
https://pypi.org/account/login/?next=%2Faccount%2Fverify-project-role%2F%3Ftoken%3DINSERTTOKENHERE
next
parameter?There is both a next
parameter in the form post action
(i.e. will be sent as GET
) and a hidden input field (i.e. will be sent as POST
data). Not sure if bug or feature.
Describe the bug
Expected behavior Either: A. Added as a collaborator to this new package B. Or, if I'm doing something wrong (e.g. logged in as the wrong user), a more accurate error message
To Reproduce
Difficult to reproduce without my account credentials
My Platform
Attempted on Chrome & Safari. Mac OS X 10.15.7