Details
-
Bug
-
Resolution: Fixed
-
Critical
-
COmanage Registry 3.2.3 (Oyster Pearl MR3)
Description
If a user already has a CoPerson record linked to an Org Identity associated with a login or authentication identifier and then attempts to proceed through a self-signup enrollment flow with Petitioner Enrollment Authorization set to Authenticated User using that same login identifier, after the user authenticates and has progressed through 'start' and is beginning 'selectEnrollee', the enrollment flow will halt and display 'Invalid token'.
The error Flash is being set by this part of the beforeFilter() function in CoPetitionsController.php:
} else {
// Once we have an authenticated identifier we no longer accept tokens.
// We don't explicitly throw an error because we'll ultimately want to
// support petition editing (CO-431).
$authId = $this->CoPetition->field('authenticated_identifier', array('CoPetition.id' => $this->parseCoPetitionId()));
if(!$authId) {
$token = $this->CoPetition->field('petitioner_token', array('CoPetition.id' => $this->parseCoPetitionId()));
$passedToken = $this->parseToken();
if($token && $token != '' && $passedToken
&& $token == $passedToken)
else
{ $this->Flash->set(_txt('er.token'), array('key' => 'error')); $this->redirect("/"); } }
}
The reason is that $authId is null since the column authenicated_identifier is not set on the new petition just created during the start function. So the code then looks for a token, but tokens are not issued for users that can authenticate and have a CoPerson record in the CO, which is the case here since this is a duplicate enrollment.