fix: invited users should have a temporary password generated (supaba…

…se#1644) ## What kind of change does this PR introduce? * Fixes a bug in the boolean condition where an invited user fails to have their password updated to a temporary password on invite confirmation
LashaJini · Nov 13, 2024 · c124c2d · c124c2d
1 parent 0c91291
commit c124c2d
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/internal/api/verify.go b/internal/api/verify.go
@@ -306,6 +306,7 @@ func (a *API) verifyPost(w http.ResponseWriter, r *http.Request, params *VerifyP
 func (a *API) signupVerify(r *http.Request, ctx context.Context, conn *storage.Connection, user *models.User) (*models.User, error) {
 	config := a.config
 
+	shouldUpdatePassword := false
 	if !user.HasPassword() && user.InvitedAt != nil {
 		// sign them up with temporary password, and require application
 		// to present the user with a password set form
@@ -318,11 +319,12 @@ func (a *API) signupVerify(r *http.Request, ctx context.Context, conn *storage.C
 		if err := user.SetPassword(ctx, password, config.Security.DBEncryption.Encrypt, config.Security.DBEncryption.EncryptionKeyID, config.Security.DBEncryption.EncryptionKey); err != nil {
 			return nil, err
 		}
+		shouldUpdatePassword = true
 	}
 
 	err := conn.Transaction(func(tx *storage.Connection) error {
 		var terr error
-		if !user.HasPassword() && user.InvitedAt != nil {
+		if shouldUpdatePassword {
 			if terr = user.UpdatePassword(tx, nil); terr != nil {
 				return internalServerError("Error storing password").WithInternalError(terr)
 			}