[PR #7079] Fix SSO_ONLY users unable to accept org invites (#7072) #12779

Open
opened 2026-04-20 15:59:48 -05:00 by GiteaMirror · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/dani-garcia/vaultwarden/pull/7079
Author: @pmhnam
Created: 4/10/2026
Status: 🔄 Open

Base: mainHead: fix/sso-only-org-invite-7072


📝 Commits (1)

  • 994ee0d Fix SSO_ONLY users unable to accept org invites (#7072)

📊 Changes

1 file changed (+21 additions, -7 deletions)

View changed files

📝 src/api/core/organizations.rs (+21 -7)

📄 Description

Summary

Fixes #7072

SSO_ONLY users (users who authenticate via SSO and have no master password) cannot accept organization invites because the invite acceptance flow requires a master password login.

Changes

  • In send_invite: Auto-set membership status to Accepted for existing SSO_ONLY users when they are invited to an organization
  • In _reinvite_member: Prioritize SSO_ONLY auto-accept before attempting to send an email invite that the user cannot act on

How it works

When SSO_ENABLED=true and SSO_ONLY=true, users who have an empty password_hash (indicating they authenticated only via SSO) are automatically moved to Accepted status when invited. The admin can then confirm them normally through the admin console.

Testing

  • Tested with SSO_ONLY=true, inviting an SSO-created user to an org
  • User membership status correctly set to Accepted (status=1)
  • Admin can confirm the user, user can access collections

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/dani-garcia/vaultwarden/pull/7079 **Author:** [@pmhnam](https://github.com/pmhnam) **Created:** 4/10/2026 **Status:** 🔄 Open **Base:** `main` ← **Head:** `fix/sso-only-org-invite-7072` --- ### 📝 Commits (1) - [`994ee0d`](https://github.com/dani-garcia/vaultwarden/commit/994ee0d3742ec2fdf65337dfcd8fec41e76d4ac6) Fix SSO_ONLY users unable to accept org invites (#7072) ### 📊 Changes **1 file changed** (+21 additions, -7 deletions) <details> <summary>View changed files</summary> 📝 `src/api/core/organizations.rs` (+21 -7) </details> ### 📄 Description ## Summary Fixes #7072 SSO_ONLY users (users who authenticate via SSO and have no master password) cannot accept organization invites because the invite acceptance flow requires a master password login. ## Changes - In `send_invite`: Auto-set membership status to `Accepted` for existing SSO_ONLY users when they are invited to an organization - In `_reinvite_member`: Prioritize SSO_ONLY auto-accept before attempting to send an email invite that the user cannot act on ## How it works When `SSO_ENABLED=true` and `SSO_ONLY=true`, users who have an empty `password_hash` (indicating they authenticated only via SSO) are automatically moved to `Accepted` status when invited. The admin can then confirm them normally through the admin console. ## Testing - Tested with SSO_ONLY=true, inviting an SSO-created user to an org - User membership status correctly set to Accepted (status=1) - Admin can confirm the user, user can access collections --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-04-20 15:59:48 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/vaultwarden#12779