[CO-1671] Re-enrolling does not allow creating a new OrgIdentitySource record Created: 05/Nov/18 Updated: 09/Sep/20
|Affects Version/s:||COmanage Registry 3.1.1 (Hidden Gem MR1)|
|Fix Version/s:||COmanage Registry 3.3.2 (Magic Ring MR2)|
|Reporter:||Michiel Uitdehaag (Inactive)||Assignee:||Benn Oshrin|
|Remaining Estimate:||Not Specified|
|Time Spent:||Not Specified|
|Original Estimate:||Not Specified|
When a user gets an enrollment invitation (self-signup or invite) that uses an OIS in the process, a non-mutable OrgIdentity record is created in the process.
If the first petition is denied, cancelled or not completed and a new petition is started (by clicking on the original link), the new petition does not allow linking the OIS data. The datamodel links the original OIS record to the first petition and throws an exception if such a record was already found.
The use case is the situation where a user receives a link to the wrong petition first. He/she starts the petition, but the administrator realises the user is to be enrolled in, for example, the wrong COU. The administrator then sends out a link to the correct petition and requests the user to enroll using that link. This second petition will then fail with an ugly 'Invalid Token' message.
|Comment by Michiel Uitdehaag (Inactive) [ 05/Nov/18 ]|
Correction: in our local setup, we get an Invalid Token error. In the develop HEAD, the error is:
"(Org Identity ) has no known email address.Add an email address and then try again."
This is because this specific flow uses an OIS in Authenticate mode, which creates an OI record, but due to the exception (this issue) no OI content is available. Because the flow cannot set OI-attributes (JIRA issue), only CoPerson attributes are available, but the email verification step does not peruse those (another JIRA issue).
The end-situation is that the second petition has status 'Pending' and allows re-sending the invite, but no e-mail address is available (and none can be added, because there is no OI record at all).