Skip to content

Re-inviting a removed member shows "workspace not found" error; invitation link logs in as admin account when opened in same browser #38073

Description

@maxleton-cyber

Self Checks

  • I have read the Contributing Guide and Language Policy.
  • This is only for bug report, if you would like to ask a question, please head to Discussions.
  • I have searched for existing issues search for existing issues, including closed ones.
  • I confirm that I am using English to submit this report, otherwise it will be closed.
  • 【中文用户 & Non English User】请使用英语提交,否则会被关闭 :)
  • Please do not modify this template :) and fill in all the required fields.

Dify version

1.15.0

Cloud or Self Hosted

Self Hosted (Docker)

Steps to reproduce

Bug 1 — Workspace not found:
1.Owner invites Member B via email
2.Member B accepts the invitation and joins the workspace
3.Owner removes Member B from the workspace via Members Management
4.Owner re-invites Member B using the same email address
5.Member B clicks the new invitation link
Bug 2 — Invitation link hijacked by admin session:
1.Admin is already logged in on Browser A
2.Admin sends an invitation link to Member B
3.Member B opens the invitation link in the same Browser A (where admin is already logged in)

✔️ Expected Behavior

1.Member B should be able to join the workspace successfully via the new invitation link.
2.The invitation link should either prompt Member B to log in with their own account, or show a warning that the current session belongs to a different user.

❌ Actual Behavior

(Bug 1)The invitation link shows the following error:
"workspace not found, please contact system admin to invite you to join in a workspace"
This only happens when re-inviting a previously removed member. First-time invitations work correctly. Checked tenant_account_joins table — no residual records found for the affected account. The account exists in the accounts table with status active.
(Bug 2)The browser automatically authenticates as the admin account instead of Member B. However, Member B appears as successfully joined in the members list, which is misleading and incorrect — the admin account was used to accept the invitation, not Member B's account.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions