JoeBot/HOA_Financial_Platform
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity

fix: update password when adding existing user to new org #2

Open
JoeBot wants to merge 0 commits from fix/add-member-password-ignored into main
pull from: fix/add-member-password-ignored
merge into: JoeBot:main
Conversation 0 Commits - Files Changed -
JoeBot commented 2026-03-08 19:50:19 -04:00
Owner
Copy Link

Summary

  • When an existing user was added to a new organization via the Manage Members UI, the password entered on the form was silently ignored. The user's password remained whatever it was set to when originally created in a different org.
  • This caused the new password to not work at login, with no indication to the admin that the password wasn't applied.
  • Fix: when addMember finds an existing user by email, it now updates their password_hash with the newly provided password before creating the membership.

Root Cause

In organizations.service.ts addMember(), the existing-user branch (lines 141-155) only created the org membership — it never touched password_hash. The password was only set in the else branch when creating a brand new user.

Test plan

  • Add an existing user (who belongs to Org A) to Org B via Manage Members, entering a new password
  • Verify the user can log in with the new password
  • Verify adding a brand-new user still works as before
  • Verify re-activating an inactive membership still works
## Summary - When an existing user was added to a new organization via the Manage Members UI, the password entered on the form was **silently ignored**. The user's password remained whatever it was set to when originally created in a different org. - This caused the new password to not work at login, with no indication to the admin that the password wasn't applied. - Fix: when `addMember` finds an existing user by email, it now updates their `password_hash` with the newly provided password before creating the membership. ## Root Cause In `organizations.service.ts` `addMember()`, the existing-user branch (lines 141-155) only created the org membership — it never touched `password_hash`. The password was only set in the `else` branch when creating a brand new user. ## Test plan - [ ] Add an existing user (who belongs to Org A) to Org B via Manage Members, entering a new password - [ ] Verify the user can log in with the new password - [ ] Verify adding a brand-new user still works as before - [ ] Verify re-activating an inactive membership still works
JoeBot added 1 commit 2026-03-08 19:50:20 -04:00
fix: update password when adding existing user to new org 3bf6b8c6c9 
When an existing user was added to a new organization via the member
management UI, the password entered in the form was silently ignored.
This caused the user to be unable to log in with the password they
were given, since the hash in the database was from their original
account creation for a different org.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This branch is already included in the target branch. There is nothing to merge.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin fix/add-member-password-ignored:fix/add-member-password-ignored
git checkout fix/add-member-password-ignored
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
JoeBot
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: JoeBot/HOA_Financial_Platform#2
No description provided.
Delete Branch "fix/add-member-password-ignored"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?