ahukkanen
commented
1 year ago Thank you for merging @scambra !
Would it be possible to roll out a new release so that we could ship this fix more easily?
Closed ahukkanen closed 1 year ago
ahukkanen
commented
1 year ago Thank you for merging @scambra !
Would it be possible to roll out a new release so that we could ship this fix more easily?
The password reset functionality is overridden to always accept the pending invitation on password reset.
This should not happen for expired invitations because this is how the user can circumvent the invitation expiry period which can be a security issue in some contexts.
This PR fixes the issue and adds a test for this case.