[Invitations] | ReviewerAccessInvite - Emailed link different than the related active invitation

[defstat]

Valid Title

• I have updated the title to accurately reflect the bug description

Description

The link that is send to the reviewer in order to be able to connect in OJS using One-click-access is different than the one that the systems knows as the latest active one. This results the accept handle of the invitation to return a 404 not found.

Steps to Reproduce

1. Login with admin
2. Navigate to Settings > Workflow > Review [tab] > Enable the One-click Reviewer Access by checking "Include a secure link in the email invitation to reviewers."
3. Click on Submissions
4. Select an 'Review overdue' submission
5. At the active review round, go to 'Reviewers' Grid.
6. Click on "Send Reminder" for the reviewer
7. Check the email the system sent

Expected Result

The URL that is embedded in the email body corresponds to the latest ReviewerAccessInvite invitation for this specific reviewer

Actual Result

The URL that is embedded in the email body corresponds to a ReviewerAccessInvite invitation that can no longer be found in the system. It is replaced by a newer one

Environment Details

No response

Application Version

OJS, OMP, OPS stable-3_5_0, main branches

Logs

No response

Additional Information

Currently, when the ReviewRemind mailable is created, the setData function is executed. This function calls:

$this->setOneClickAccessUrl($this->context, $this->reviewAssignment);

This method generates a new invitation URL, which is then included in the email.

However, when the code at ReviewReminderForm.php#L171 is executed, the mailable is reconstructed. This occurs because the getData function is re-executed as part of Repository.php#L142, which eventually triggers Mailable.php#L222, resetting the mailable's data and recreating the invitation.

Since the system has a business rule to remove previous invitations of the same type, this causes a problem:

• The new "log invitation" action removes the previously generated invitation (the one actually included in the sent email).
• As a result, the recipient will always try to access an invitation that no longer exists, making the one-click access link invalid.

If it were possible to assign a unique identifier to each mailable and link that ID to the generated invitation, we could ensure that the invitation is not regenerated for the same mailable. This would prevent the unwanted deletion of the previously sent invitation while still maintaining the ability to track and log invitations correctly.

I could use the build function for this case, but the mailable logger recreates the mailable, cloning it and rerendering it (see Repository.php#L138 )

So If the mailable is responsible for creating the invitation and generating the URL, the logger will always recreate the invitation, leading to the previously mentioned issue.

[defstat]

@asmecher @Vitaliy-1 Can you check this issue and suggest a possible course of action?

[asmecher]

@Vitaliy-1, would you mind taking a first look? I don't know the form/mailable interaction code that well.