From aa1fb718e01c28cc503d088b2775e6ce903507e6 Mon Sep 17 00:00:00 2001
From: Alonso Torres <alonso.torres@kaleidos.net>
Date: Tue, 19 May 2026 13:13:11 +0200
Subject: [PATCH] :bug: Fix invalid token on anonymous session

---
 backend/src/app/rpc/commands/verify_token.clj | 22 +++++++++++++------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/backend/src/app/rpc/commands/verify_token.clj b/backend/src/app/rpc/commands/verify_token.clj
index fc5c5397c0..5061cc84f0 100644
--- a/backend/src/app/rpc/commands/verify_token.clj
+++ b/backend/src/app/rpc/commands/verify_token.clj
@@ -247,13 +247,21 @@
               (:organization-id claims)
               (assoc :org-team-id accepted-team-id)))))
 
-      ;; If we have not logged-in user, and invitation comes with member-id we
-      ;; redirect user to login, if no memeber-id is present and  in the invitation
-      ;; token and registration is enabled, we redirect user the the register page.
-      {:invitation-token token
-       :iss :team-invitation
-       :redirect-to (if (or member-id registration-disabled?) :auth-login :auth-register)
-       :state :pending})))
+      (do
+        ;; If the user is not logged-in and the token is invalid we throw the error
+        ;; Taiga issue #14182
+        (when (nil? invitation)
+          (ex/raise :type :validation
+                    :code :invalid-token
+                    :hint "no invitation associated with the token"))
+
+        ;; If we have not logged-in user, and invitation comes with member-id we
+        ;; redirect user to login, if no member-id is present and  in the invitation
+        ;; token and registration is enabled, we redirect user the the register page.
+        {:invitation-token token
+         :iss :team-invitation
+         :redirect-to (if (or member-id registration-disabled?) :auth-login :auth-register)
+         :state :pending}))))
 
 ;; --- Default