From 3f70d9d8974d0e9c437c51e1312ad17ce9056ec9 Mon Sep 17 00:00:00 2001
From: Kang Ming <kang.ming1996@gmail.com>
Date: Wed, 3 Jul 2024 12:12:33 -0700
Subject: [PATCH] fix: invited users should have a temporary password generated
 (#1644)

## What kind of change does this PR introduce?
* Fixes a bug in the boolean condition where an invited user fails to
have their password updated to a temporary password on invite
confirmation
---
 internal/api/verify.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/internal/api/verify.go b/internal/api/verify.go
index 1040ce7c69..c0b78d6804 100644
--- a/internal/api/verify.go
+++ b/internal/api/verify.go
@@ -306,6 +306,7 @@ func (a *API) verifyPost(w http.ResponseWriter, r *http.Request, params *VerifyP
 func (a *API) signupVerify(r *http.Request, ctx context.Context, conn *storage.Connection, user *models.User) (*models.User, error) {
 	config := a.config
 
+	shouldUpdatePassword := false
 	if !user.HasPassword() && user.InvitedAt != nil {
 		// sign them up with temporary password, and require application
 		// to present the user with a password set form
@@ -318,11 +319,12 @@ func (a *API) signupVerify(r *http.Request, ctx context.Context, conn *storage.C
 		if err := user.SetPassword(ctx, password, config.Security.DBEncryption.Encrypt, config.Security.DBEncryption.EncryptionKeyID, config.Security.DBEncryption.EncryptionKey); err != nil {
 			return nil, err
 		}
+		shouldUpdatePassword = true
 	}
 
 	err := conn.Transaction(func(tx *storage.Connection) error {
 		var terr error
-		if !user.HasPassword() && user.InvitedAt != nil {
+		if shouldUpdatePassword {
 			if terr = user.UpdatePassword(tx, nil); terr != nil {
 				return internalServerError("Error storing password").WithInternalError(terr)
 			}