Bug: Duplicate email address on multiple accounts causes silent failure in CalDAV invitation acceptance with misleading error message #59353
Description
⚠️ This issue respects the following points: ⚠️
- This is a bug, not a question or a configuration/webserver/proxy issue.
- This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
- Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
- I agree to follow Nextcloud's Code of Conduct.
Bug description
Prior art / known issue ignored with wrong justification
This issue was previously reported in the Nextcloud community forum in April 2023:
https://help.nextcloud.com/t/user-accounts-with-duplicate-email-addresses-can-be-created/160668
The response given there was that duplicate email addresses may be intentional in certain administrative scenarios (e.g. temporarily reusing an address after an employee leaves). This justification misses the point entirely: regardless of administrative intent, duplicate email addresses silently break core CalDAV scheduling functionality — specifically the iTIP invitation acceptance flow — in a way that is completely invisible to both the administrator and the affected user.
The error message shown to the invitee ("There was an error updating your attendance status") gives no indication that the root cause is a server-side configuration issue. The admin has no way to diagnose this without deep code analysis. The community forum response effectively normalized a broken state.
The same root cause was independently identified even earlier. In January 2020, nextcloud/calendar#1878 described the identical failure scenario — two users sharing an email address causing silent invitation acceptance failure. In July 2020, #21715 explicitly confirmed: removing duplicate email addresses resolved the problem. Despite this, no preventive measure was implemented in the six years since, and the issue was never cross-referenced with #37659 when that was closed as "not planned" in 2025.
Steps to reproduce
- Create two user accounts (e.g. admin and user1) and assign the same email address to both via user settings
- As user1, create a calendar event and invite an external attendee via email
- The external attendee receives the invitation email containing an Accept/Decline link (/apps/dav/invitation/accept/)
- The attendee clicks "Accept"
Actual behavior
The error page (schedule-response-error.php) is shown: "There was an error updating your attendance status. Please contact the organizer directly."
No error is logged in nextcloud.log. There is no indication of the root cause anywhere.
Root cause (analyzed)
apps/dav/lib/Connector/Sabre/Principal.php, method getPrincipalByUri(), line ~455:
$users = $this->userManager->getByEmail(substr($uri, 7));
if (count($users) !== 1) {
return null;
}
When two accounts share the same email address, getByEmail() returns 2 results. The condition count($users) !== 1 evaluates to true, the method returns null, and Sabre's scheduling plugin fails to resolve the organizer principal — resulting in a failed iTIP delivery with schedule status other than 1.2.
Two separate issues
No uniqueness validation: Nextcloud allows assigning the same email address to multiple user accounts. This should either be blocked or produce a warning.
No error logging: The failure in getPrincipalByUri() is silent. The InvitationResponseController receives a non-1.2 schedule status and renders the error template without logging any diagnostic information, making the issue impossible to diagnose without deep code analysis.
Expected behavior
Duplicate email address prevention: When an administrator assigns an email address to a user account that is already in use by another account, Nextcloud should either block the action outright or display a prominent warning explaining that duplicate email addresses will break CalDAV scheduling functionality — specifically that iTIP invitation acceptance will silently fail for all affected users, and that the resulting error message gives neither the invitee nor the administrator any actionable diagnostic information.
Error logging: When getPrincipalByUri() returns null due to an ambiguous email lookup (i.e. getByEmail() returns more than one result), this condition should be logged at ERROR level in nextcloud.log, including the affected email address and the number of matching accounts. The InvitationResponseController should not silently render the error template without any log entry — this makes the issue practically undiagnosable without source code analysis.
Successful iTIP delivery: As the end result, the attendee clicking "Accept" or "Decline" on a calendar invitation should reliably update their participation status, and a success page should be shown.
Nextcloud Server version
32
Operating system
Other
PHP engine version
None
Web server
None
Database engine version
None
Is this bug present after an update or on a fresh install?
None
Are you using the Nextcloud Server Encryption module?
None
What user-backends are you using?
- Default user-backend (database)
- LDAP/ Active Directory
- SSO - SAML
- Other
Configuration report
List of activated Apps
Nextcloud Signing status
Nextcloud Logs
Additional info
Nextcloud version: 32.0.6.1
Installation method: Nextcloud AIO (All-in-One)
Database: PostgreSQL
PHP version: (as bundled in AIO)
Operating system: macOS (Docker)