Ghost: Can't send invitation email to team member

I can't reproduce this. Invites work fine with Ghost 2.3.0 on my production blog.

It looks like the admin client sends role_id=undefined|null and then it fails here.

@kevinansfield Any idea how this is possible? 🤔 Is that a timing issue, because the admin client first need to fetch the roles? I saw an empty dropdown while testing and then i've refreshed and could not reproduce anymore.

The server already requires role_id, but it does not validate that the field is not null or not undefined. This needs a code improvement here. The controller can require certain fields, but we should check if the value is not null | undefined.

Just I need to make sure of something..
I am not really sure what does Direct means but it seems like it sends through NodeMailer which in turn sends through SendMail which seems to be built in in Ubuntu.
I also tried to install PostFix but decided to let you guys try to help me first with more information that I might be missing.
Do I need to do some setups before I can send a mail for invite? Although I might do need - I don't think anyone should receive an error 500 so it surely in my opinion requires some change on Ghost as well.
Let me know if you need more information from my server :)

Thanks for the help!

@kevinansfield Any idea how this is possible? 🤔 Is that a timing issue, because the admin client first need to fetch the roles?

Correct, it's possible to submit the invite form before the roles have been fetched from the API. There's some client-side validation we can add for that but I think it still needs similar validation server-side?

but I think it still needs similar validation server-side?

Yeah.

The server already requires role_id, but it does not validate that the field is not null or not undefined. This needs a code improvement here. The controller can require certain fields, but we should check if the value is not null | undefined.

I am encountering the same issue as well.

Quick console.log in add shows that roles_id is defined:

data:

{ email: '[email protected]',
  role_id: '5c07bbde49dd251160bf9e89',
  status: 'pending',
  expires: 1544630476641,
  token: 'MTU0NDYzMDQ3NjY0MXxkZXh0ZXJsZW5nY3NAZ21haWwuY29tfFZkSllFQlllK1VCYlBTVFpHd0w3ZHZ1bHg5ZUVsYkJLbjc0WjBkSFVRcms9' }

options

{ context: 
   { internal: false,
     external: false,
     user: '1',
     app: null,
     public: false } 

Logs

InternalServerError: The server has encountered an error.
    at new GhostError (/Users/macintosh/node-projects/Ghost/core/server/lib/common/errors.js:10:26)
    at permsPromise.then.catch (/Users/macintosh/node-projects/Ghost/core/server/api/v2/utils/permissions.js:48:31)
    at tryCatcher (/Users/macintosh/node-projects/Ghost/node_modules/bluebird/js/release/util.js:16:23)
    at Promise._settlePromiseFromHandler (/Users/macintosh/node-projects/Ghost/node_modules/bluebird/js/release/promise.js:512:31)
    at Promise._settlePromise (/Users/macintosh/node-projects/Ghost/node_modules/bluebird/js/release/promise.js:569:18)
    at Promise._settlePromise0 (/Users/macintosh/node-projects/Ghost/node_modules/bluebird/js/release/promise.js:614:10)
    at Promise._settlePromises (/Users/macintosh/node-projects/Ghost/node_modules/bluebird/js/release/promise.js:690:18)
    at _drainQueueStep (/Users/macintosh/node-projects/Ghost/node_modules/bluebird/js/release/async.js:138:12)
    at _drainQueue (/Users/macintosh/node-projects/Ghost/node_modules/bluebird/js/release/async.js:131:9)
    at Async._drainQueues (/Users/macintosh/node-projects/Ghost/node_modules/bluebird/js/release/async.js:147:5)
    at Immediate.Async.drainQueues (/Users/macintosh/node-projects/Ghost/node_modules/bluebird/js/release/async.js:17:14)
    at runCallback (timers.js:810:20)
    at tryOnImmediate (timers.js:768:5)
    at processImmediate [as _immediateCallback] (timers.js:745:5)

Error: Undefined binding(s) detected when compiling SELECT query: select `roles`.* from `roles` where `roles`.`id` = ? limit ?
    at QueryCompiler_SQLite3.toSQL (/Users/macintosh/node-projects/Ghost/node_modules/knex/lib/query/compiler.js:151:13)
    at Builder.toSQL (/Users/macintosh/node-projects/Ghost/node_modules/knex/lib/query/builder.js:119:44)
    at /Users/macintosh/node-projects/Ghost/node_modules/knex/lib/runner.js:52:32
    at tryCatcher (/Users/macintosh/node-projects/Ghost/node_modules/bluebird/js/release/util.js:16:23)
    at /Users/macintosh/node-projects/Ghost/node_modules/bluebird/js/release/using.js:185:26
    at tryCatcher (/Users/macintosh/node-projects/Ghost/node_modules/bluebird/js/release/util.js:16:23)
    at Promise._settlePromiseFromHandler (/Users/macintosh/node-projects/Ghost/node_modules/bluebird/js/release/promise.js:512:31)
    at Promise._settlePromise (/Users/macintosh/node-projects/Ghost/node_modules/bluebird/js/release/promise.js:569:18)
    at Promise._settlePromise0 (/Users/macintosh/node-projects/Ghost/node_modules/bluebird/js/release/promise.js:614:10)
    at Promise._settlePromises (/Users/macintosh/node-projects/Ghost/node_modules/bluebird/js/release/promise.js:694:18)
    at Promise._fulfill (/Users/macintosh/node-projects/Ghost/node_modules/bluebird/js/release/promise.js:638:18)
    at PromiseArray._resolve (/Users/macintosh/node-projects/Ghost/node_modules/bluebird/js/release/promise_array.js:126:19)
    at PromiseArray._promiseFulfilled (/Users/macintosh/node-projects/Ghost/node_modules/bluebird/js/release/promise_array.js:144:14)
    at Promise._settlePromise (/Users/macintosh/node-projects/Ghost/node_modules/bluebird/js/release/promise.js:574:26)
    at Promise._settlePromise0 (/Users/macintosh/node-projects/Ghost/node_modules/bluebird/js/release/promise.js:614:10)
    at Promise._settlePromises (/Users/macintosh/node-projects/Ghost/node_modules/bluebird/js/release/promise.js:694:18)

Interesting, I'm was Mailgun's sandbox domain, and adding and resending caused an error on their side (you have to add authorised recipients first). So I added authorized recipients, deleted and created the invitation again and no problems now.

thanks.. when is that supposed to go live? I will update my production and try sending invitations

@din-gi tomorrow 👍

@kevinansfield This report looks similar to this issue. Any idea why this still appears? We have added the admin fix and a server side protection recently.

No idea, the error message is different to what we've seen before and there's not enough information in the report to determine what's failed or why. I've not been able to reproduce in a quick test 🤔

the error message is different to what we've seen before

Yeah this is because we added a protection on the server side. We no longer just query the database with a null|undefined role_id (original report with undefined bindings). We require the role_id and return a validation error if its null|undefined.

I'm seeing the failure...

Validation (FieldIsInvalid) failed for ["role_id"]

When trying to send an invitation, version 2.9.1

is there a work-around for adding users without the "invite" feature?

Any workaround for adding new users? This seems like a CRITICAL issue.

@mcoolidge @reustonium depending on how critical it is (and if you have access to the database backing ghost), you can UPDATE invites SET status='sent' (there is a check that the message has been sent) and then SELECT email,token FROM invites to get the token that would have been included in the url.

Then you can insert the token into <your-blog-address>/ghost/#/signup/<token>/ where token is the token from the database less the = at the end.

This has worked for me at least.

@reustonium, @mcoolidge can you provide some more details about your setup?

• What role does the user have which you're logged in as (eg, Owner, Administrator, etc)?
• Do you see anything in the role dropdown when inviting a user? If so, which role did you select?
• Do you see the same issue if you use a different browser?

Logged in as Owner

I had a choice for invited user roles (Admin, Editor, Author, Contributor), I have tried each option.

I received the same error on Chrome, Firefox and Edge.

@reustonium would you be able to provide a little more info to help debug this? I'd like to see what the admin client was sending to the API, you can see this by using Chrome's Web Inspector (right-click on the page and choose "Inspect").

After attempting to invite a user with the web inspector open, on the "Network" tab you should see a request like this at the end of the requests list:

Click on it, then scroll to the bottom of the "Headers" sub-tab. You may need to expand it but it should show you details of the payload sent to the API, a screenshot like this would be very useful 😊

Also, do you see any errors in the Console tab? Thanks!

The error hits prior to any network request...

I have also tried restarting Ghost, and restarting after an update via the Ghost-CLI.

@reustonium that POST ... 422 error _is_ the network request, it will be visible in the Network tab although it will be red rather than black. A screenshot of the payload similar to the example I provided above would be helpful, thanks!

No idea, the error message is different to what we've seen before and there's not enough information in the report to determine what's failed or why. I've not been able to reproduce in a quick test

To the extent that it matters concerning reproduction of this issue, I am facing the same. I installed a fresh copy of Ghost, then configured Gmail as follows:

  "mail": {
    "transport": "SMTP",
    "options": {
        "host": "smtp.gmail.com",
        "secureConnection": true,
    "port": 465,
        "service": "Gmail",
        "auth": {
            "user": "[email protected]",
            "pass": "password"
        }
    }
},

When I try to send an invitation, I first get:

Error sending email: Failed to send email. Reason: Invalid login - 535-5.7.8 Username and Password not accepted. Learn more at 535 5.7.8 https://support.google.com/mail/?p=BadCredentials i33sm42358994qtb.97 - gsmtp. Please check your email settings and resend the invitation.

After trying to relax my security settings in Google's backend and then try resending the email, I get this:

Validation (FieldIsInvalid) failed for ["role_id"]

The database manipulation trick helped (and it would be great to include this as an option for signing in people without an email).

Hope this helps in some small way.

The console is indicating a 422, but I'm not seeing that request in the network tab...

@aaronkyle is this only when trying to resend after a failed send? Can you try deleting the invite and re-creating it after fixing your mail config?

@reustonium looking at your screenshot you currently have a filter active to only show network requests for images. If you press the red filter icon to disable the filter you should be able to see the failed request.

Regarding the _resend_ problem that @aaronkyle mentioned, that should be fixed in the latest 2.11.0 release.

@reustonium are you also seeing the problem when clicking "Resend" or are you seeing it when initially creating the invite?

both on send, and on re-send.

Hi Kevin, and thanks for the quick reply! I revoked the invitation to add the user manually before fixing my email config (which now works), so I can no longer create this error. I could intentionally break the email config again to test, but the update you pushed through as I was typing this suggests that there's no need. (?)

@aaronkyle no need to do that, sounds like you've got around the resend problem in the meantime and it shouldn't be present on any future resends if you upgrade 🙂

@aaronkyle no need to do that, sounds like you've got around the resend problem in the meantime and it shouldn't be present on future any resends if you upgrade 🙂

Awesome - thanks for this amazing product! I've been using Ghost since your first release...some years ago. :) 2.0 is a big jump! thanks for the improvements to the editor and for all the user roles!

The request payload is

{invites: [{email: [email protected], role_id: null}]}

@reustonium it's only the payload that's useful so no need for the extra screenshots 🙂 Looking at the payload you've provided it looks like a _resend_ request, that won't work unless you upgrade to the just released 2.11.0 version.

You said it was failing when creating _new invites_, can you show the payload for a failed request when doing that?

I have the same problem running the latest version on docker (2.10.1-alpine) so you can just run the docker version to test it.

@TigPT there are multiple different problems being discussed in this issue now so it's getting rather difficult to track the specifics of what everyone is referring to. If you're also experiencing problems please follow the issue template and explain explicitly what you tried to do, which error message you're seeing, and any associated logs. Thanks 🙂

@reustonium it's only the payload that's useful so no need for the extra screenshots Looking at the payload you've provided it looks like a _resend_ request, that won't work unless you upgrade to the just released 2.11.0 version.

You said it was failing when creating _new invites_, can you show the payload for a failed request when doing that?

A new invitation just sent without issue. The only change I've made since originally seeing the error was migrating this site to the production URL for my client. I did this by running...

ghost config url prodURL
ghost setup nginx
ghost setup ssl

OK. So it sounds like invites are sending correctly. I'm going to close this issue because the discussion has strayed from the initial report and bug fixes have landed for both the initial report and the associated (but different) resend issue.

If anyone still has trouble with invites please upgrade to 2.11.0 and if the problem persists please open a new issue with full reproduction steps.