fix(invitations): allow re-inviting after an unaccepted invite expires (#2543)

* fix(invitations): allow re-inviting after an unaccepted invite expires

An expired, never-accepted invitation still occupies the partial unique
index `index_invitations_on_email_and_family_id_pending` (predicate
`accepted_at IS NULL`), but the `pending` scope excludes it via the
`expires_at > now` clause. The duplicate-guard validation therefore
passes and the INSERT collides with the index, raising
ActiveRecord::RecordNotUnique — surfaced to the admin as a 500 with no
way to re-invite that address through the UI.

Remove the stale expired row inside the create transaction
(before_create) so the unique slot is freed and the re-invite succeeds.
It runs only after validations pass, so a still-pending (non-expired)
invitation can never be removed here. Add a controller-level rescue of
ActiveRecord::RecordNotUnique as a safety net against a concurrent
double-submit race.

Closes #2535

* refactor(invitations): scope RecordNotUnique rescue to the save

The method-level `rescue ActiveRecord::RecordNotUnique` wrapped the whole
create action, so any future write after @invitation.save (e.g.
accept_for) would silently be reported as a generic invite failure.
Extract save_invitation to scope the rescue to the save alone, and add a
regression test that drives the raced unique-index path directly.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
minion1227
2026-07-07 23:59:54 -07:00
committed by GitHub
parent 94d1e954e1
commit dd707ec91b
4 changed files with 101 additions and 1 deletions

View File

@@ -134,6 +134,45 @@ class InvitationsControllerTest < ActionDispatch::IntegrationTest
assert existing_user.ai_enabled?
end
test "re-inviting an email whose prior invitation expired succeeds instead of 500ing" do
email = "expired-reinvite-ctrl@example.com"
expired = @admin.family.invitations.create!(email: email, role: "member", inviter: @admin)
expired.update_column(:expires_at, 1.day.ago)
post invitations_url, params: {
invitation: {
email: email,
role: "member"
}
}
assert_redirected_to settings_profile_path
assert_equal I18n.t("invitations.create.success"), flash[:notice]
assert_not Invitation.exists?(expired.id), "stale expired invitation should be replaced"
new_invitation = @admin.family.invitations.find_by(email: email)
assert new_invitation.present?
assert new_invitation.pending?
end
test "raced unique-index violation on save is handled as a failure, not a 500" do
# Simulate a concurrent double-submit that slips past the pending-invite
# validation and hits the partial unique index at INSERT time.
Invitation.any_instance.stubs(:save).raises(ActiveRecord::RecordNotUnique)
assert_no_difference("Invitation.count") do
post invitations_url, params: {
invitation: {
email: "raced@example.com",
role: "member"
}
}
end
assert_redirected_to settings_profile_path
assert_equal I18n.t("invitations.create.failure"), flash[:alert]
end
test "should handle invalid invitation creation" do
assert_no_difference("Invitation.count") do
post invitations_url, params: {