Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-27926

Fix user invitation when provided username is already used by an existing user

    XMLWordPrintable

    Details

    • Release Notes Summary:
      Only one invitation per email address is created.
    • Backlog priority:
      400
    • Sprint:
      nxGang Sprint 11.1.15

      Description

      When inviting a new user to the Nuxeo Platform (i.e. creating a new user without password), event invitationSubmitted is sent even when the user invitation is rolled back because:

      • a user already exists with the same username
      • the email address is already used by an existing user.

      How to reproduce:

      • log as administrator in the Web UI and navigate to the Users & Groups administration
      • create a new user with the following attributes:
        • username: usr1
        • email: usr1@acme.com
        • toggle Set User Password and set the password
        • click the CREATE ANOTHER button
      • create a second user with the following attributes:
        • username: usr2 or (usr1)
        • email: usr1@acme.com (same email address as the first user)
        • click the CREATE button

      Expected result: only user usr1 is created and no event invitationSubmitted is sent for user usr2
      Actual result: only user usr1 is created and an event invitationSubmitted is sent for user usr2

      You can easily check the event invitationSubmitted is sent with the following automation scripting executed by an event handler triggered by event invitationSubmitted (that you have to add to the Core Events registry):

      function run(input, params) {
        Console.warn('<userInvitationSubmitted> event: ' + ctx.Event.name + ' login: ' + input['userinfo:login'] + ' email: ' + input['userinfo:email']);
        return input;
      }
      

      The problem is located in method invitationService#submitRegistrationRequest: unrestricted session runner RegistrationCreator creates the document UserInvistation and sends the event invitationSubmitted but the verification that the email is already used is done a few lines AFTER, it should be done before.
      Meaning, when providing an email that is already used by an existing user, the UserInvistation document is not created because the transaction is rolled back but the event invitationSubmitted has already been sent, which is inconsistent.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 day, 1 hour, 15 minutes
                1d 1h 15m