Remove the second prompt to accept or decline an invitation
What does this MR do?
Currently the flow for a user who does not have an account yet for GitLab at the time of invite is below:
- A user invites another that does not have an account yet at time of invite.
- The invited user gets an email, which is to the
invite_url
as aget
(notpost
for accepting). - When clicking the link, if they are not logged in, they will be directed to sign in or sing up (standard setup for application).
- They are then redirected after sign in to the link they clicked on in the email.
- They land on this
invite_url
show
page viaget
. - This page is the one shown in the description with the accept invite link.
- The accept link has a token in it which then hits the
accept
action as apost
action. - User successfully becomes a member.
We want to remove the following steps from above for a user when they click the invite_url
if their signed in email after signing in/up matches the invite email:
- They land on this
invite_url
show
page viaget
. - This page is the one shown in the description with the accept invite link.
We'll accomplish this by allowing user to follow steps as seen above after clicking the invite_url
in the email, but after they sign up/in, we'll consider that as acceptance and take them to the project
or group
they were invited to.
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry - [-] Documentation (if required)
-
Code review guidelines -
Merge request performance guidelines -
Style guides - [-] Database guides
- [-] Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. - [-] Tested in all supported browsers
- [-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
- [-] Label as security and @ mention
@gitlab-com/gl-security/appsec
- [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
- [-] Security reports checked/validated by a reviewer from the AppSec team
Refs #214103
Edited by Peter Leitzen