fix invitations of new users when mail is disabled #1985

New Issue

MrUnknownDE · 2026-04-06T02:45:54+02:00

MrUnknownDE commented

2026-04-06 02:45:54 +02:00

Originally created by @stefan0xC on 9/27/2022

While testing locally (where I don't have mail enabled) I noticed that inviting a new user will save them as invited. Removing and inviting the same user again (or inviting them in a second organization) they will be listed as accepted instead. This should not happen, because until the user has actually created an account they cannot be confirmed yet (and without admin panel access you would not know when they have done so).

If you try to confirm an ~~invited~~accepted but non-existing user you will be greeted with this error message:

(The error happens client side so there are no relevant server logs.)

Since registering an account automatically accepts the outstanding invitations for a user anyway, setting UserOrgStatus::Accepted can be limited to already registered users (when mail is disabled).

*Originally created by @stefan0xC on 9/27/2022* While testing locally (where I don't have mail enabled) I noticed that inviting a new user will save them as [invited](https://github.com/dani-garcia/vaultwarden/blob/6fa6eb18e88f6d090eff5139d5a67bb56d25bf7f/src/api/core/organizations.rs#L625). Removing and inviting the same user again (or inviting them in a second organization) they will be listed as [accepted](https://github.com/dani-garcia/vaultwarden/blob/6fa6eb18e88f6d090eff5139d5a67bb56d25bf7f/src/api/core/organizations.rs#L606) instead. This should not happen, because until the user has actually created an account they cannot be confirmed yet (and without admin panel access you would not know when they have done so). If you try to confirm an <s>invited</s>accepted but non-existing user you will be greeted with this error message: ![client_error_1](https://user-images.githubusercontent.com/509385/192648379-4300e33b-04ba-48ec-a904-cb9e57efcc18.png) (The error happens client side so there are no relevant server logs.) Since registering an account [automatically accepts the outstanding invitations](https://github.com/dani-garcia/vaultwarden/blob/6fa6eb18e88f6d090eff5139d5a67bb56d25bf7f/src/api/core/accounts.rs#L119) for a user anyway, setting UserOrgStatus::Accepted can be limited to already registered users (when mail is disabled).

MrUnknownDE closed this issue

2026-04-06 02:45:54 +02:00

Sign in to join this conversation.

No Label

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/vaultwarden#1985