When inviting a new user to the Nuxeo Platform (i.e. creating a new user without password), event invitationSubmitted is sent even when the user invitation is rolled back because:
- a user already exists with the same username
- the email address is already used by an existing user.
- log as administrator in the Web UI and navigate to the Users & Groups administration
- create a new user with the following attributes:
- username: usr1
- email: firstname.lastname@example.org
- toggle Set User Password and set the password
- click the CREATE ANOTHER button
- create a second user with the following attributes:
- username: usr2 or (usr1)
- email: email@example.com (same email address as the first user)
- click the CREATE button
only user usr1 is created and no event invitationSubmitted is sent for user usr2
only user usr1 is created and an event invitationSubmitted is sent for user usr2
You can easily check the event invitationSubmitted is sent with the following automation scripting executed by an event handler triggered by event invitationSubmitted (that you have to add to the Core Events registry):
The problem is located in method invitationService#submitRegistrationRequest: unrestricted session runner RegistrationCreator creates the document UserInvistation and sends the event invitationSubmitted but the verification that the email is already used is done a few lines AFTER, it should be done before.
Meaning, when providing an email that is already used by an existing user, the UserInvistation document is not created because the transaction is rolled back but the event invitationSubmitted has already been sent, which is inconsistent.