Skip to content

Observe secondary email addresses when adding a member

What does this MR do?

  • Current behavior:
    • When a secondary email of an existing user is used on an invite, the user record is not found and the member is created as an 'invite' w/o user association.
  • Desired behavior(what this MR does):
    • When a secondary email of an existing user is used on an invite, find the user and associate the user record to the member. Do not treat as an 'invite'.

Note Currently the UI has validations/tokenization that prevents secondary emails from being used on invites, but the API and other non UI use does not. This closes that gap.

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

Does this MR contain changes to processing or storing of credentials or tokens, authorization and authentication methods or other items described in the security review guidelines? If not, then delete this Security section.

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team

Related to #329319

Edited by Doug Stull

Merge request reports

Loading