mirror of
https://github.com/we-promise/sure.git
synced 2026-04-17 02:54:10 +00:00
674799a6e0
* Enforce one pending invitation per email across all families Users can only belong to one family, so allowing the same email to have pending invitations from multiple families leads to ambiguous behavior. Add a `no_other_pending_invitation` validation on create to prevent this. Accepted and expired invitations from other families are not blocked. Fixes #1172 https://claude.ai/code/session_016fGqgha18jP48dhznm6k4m * Normalize email before validation and use case-insensitive lookup When ActiveRecord encryption is not configured, the email column stores raw values preserving original casing. The prior validation used a direct equality match which would miss case variants (e.g. Case@Test.com vs case@test.com), leaving a gap in the cross-family uniqueness guarantee. Fix by: 1. Adding a normalize_email callback that downcases/strips email before validation, so all new records store lowercase consistently. 2. Using LOWER() in the SQL query for non-encrypted deployments to catch any pre-existing mixed-case records. https://claude.ai/code/session_016fGqgha18jP48dhznm6k4m --------- Co-authored-by: Claude <noreply@anthropic.com>