Impact
At least one user experienced problems accessing the platform. The issue was reactively discovered by a client who reported through our help desk [1] that they were being redirected to the free trial creation interface instead of accessing their designated groups. The problem was resolved in 1.3 days (TTF), resulting in a total window of exposure of 1.3 days (WOE) [2].
Cause
When a user is on a free trial, the system assumes they can access only one group. Consequently, the system validates only one group to determine if it has associated roots before proceeding to the "choose repositories" section for auto-enrollment. In this case, the selected group for validation happened to be without roots, causing the issue.
Solution
A policy was implemented to automatically set the free trial status to completed=True when a user with an active free trial (completed=False) accepts an invitation to a group or organization that does not have an active free trial. This change ensures that the trial status is correctly updated, reflecting the assumption that the user is now associated with a different group or organization and thus concluding their free trial [3].
Conclusion
Our system currently does not allow free trial users to access multiple groups. However, if a user starts a free trial by mistake and accepts invitations to groups or organizations without active trials, it can cause redirection issues. To prevent this, we will automatically terminate the free trial when a user accepts an invitation to a group or organization that does not have an active trial. INCOMPLETE_PERSPECTIVE