You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Bug report\n\nThe Invite Friends endpoint normalizes emails before querying existing referrals, but then filters �alidEmails against �lreadyInvited using the original, unnormalized submitted string.\n\nThat means an address that was already invited as riend@example.com can be submitted again as Friend@Example.com and bypass the application-level duplicate filter. The insert path later normalizes it back to riend@example.com, which can either create a duplicate invite if the database allows it or surface a lower-level insert error instead of the intended All these emails have already been invited response.\n\n## Expected behavior\n\nReferral invite validation should use the same normalized email value for validation, rate-limit counting, duplicate lookup, insert rows, and outbound email sends.\n\n## Scope\n\nThis affects the /api/referrals Invite Friends flow.
Bug report\n\nThe Invite Friends endpoint normalizes emails before querying existing referrals, but then filters �alidEmails against �lreadyInvited using the original, unnormalized submitted string.\n\nThat means an address that was already invited as riend@example.com can be submitted again as Friend@Example.com and bypass the application-level duplicate filter. The insert path later normalizes it back to riend@example.com, which can either create a duplicate invite if the database allows it or surface a lower-level insert error instead of the intended All these emails have already been invited response.\n\n## Expected behavior\n\nReferral invite validation should use the same normalized email value for validation, rate-limit counting, duplicate lookup, insert rows, and outbound email sends.\n\n## Scope\n\nThis affects the /api/referrals Invite Friends flow.