fix: remove workspace invite messages and pending cap (baserow#5222)

* fix: remove workspace invite messages and pending cap

Workspace invitations no longer accept custom messages, which removes the main spam payload from the flow. Drop the BASEROW_MAX_PENDING_WORKSPACE_INVITES limit because deleting and recreating invites made it ineffective.

* Update backend/src/baserow/core/migrations/0114_alter_workspaceinvitation_message.py

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Author: silvestrid

backend/src/baserow/api/workspaces/invitations/errors.py

@@ -10,9 +10,3 @@
     HTTP_400_BAD_REQUEST,
     "Your email address does not match with the invitation.",
 )
-ERROR_MAX_NUMBER_OF_PENDING_WORKSPACE_INVITES_REACHED = (
-    "ERROR_MAX_NUMBER_OF_PENDING_WORKSPACE_INVITES_REACHED",
-    HTTP_400_BAD_REQUEST,
-    "The maximum number of pending invites for this workspace has been reached. "
-    "Please wait for some invitees to accept the invite or cancel the existing ones.",
-)

backend/src/baserow/api/workspaces/invitations/serializers.py

@@ -13,7 +13,6 @@ class Meta:
             "workspace",
             "email",
             "permissions",
-            "message",
             "created_on",
         )
         extra_kwargs = {"id": {"read_only": True}}
@@ -28,7 +27,7 @@ class CreateWorkspaceInvitationSerializer(serializers.ModelSerializer):
 
     class Meta:
         model = WorkspaceInvitation
-        fields = ("email", "permissions", "message", "base_url")
+        fields = ("email", "permissions", "base_url")
 
 
 class UpdateWorkspaceInvitationSerializer(serializers.ModelSerializer):
@@ -54,13 +53,11 @@ class Meta:
             "invited_by",
             "workspace",
             "email",
-            "message",
             "created_on",
             "email_exists",
         )
         extra_kwargs = {
             "id": {"read_only": True},
-            "message": {"read_only": True},
             "created_on": {"read_only": True},
         }
 

backend/src/baserow/api/workspaces/invitations/views.py

@@ -26,7 +26,6 @@
 from baserow.api.workspaces.invitations.errors import (
     ERROR_GROUP_INVITATION_DOES_NOT_EXIST,
     ERROR_GROUP_INVITATION_EMAIL_MISMATCH,
-    ERROR_MAX_NUMBER_OF_PENDING_WORKSPACE_INVITES_REACHED,
 )
 from baserow.api.workspaces.serializers import WorkspaceUserWorkspaceSerializer
 from baserow.api.workspaces.users.errors import ERROR_GROUP_USER_ALREADY_EXISTS
@@ -40,7 +39,6 @@
 )
 from baserow.core.exceptions import (
     BaseURLHostnameNotAllowed,
-    MaxNumberOfPendingWorkspaceInvitesReached,
     UserInvalidWorkspacePermissionsError,
     UserNotInWorkspace,
     WorkspaceDoesNotExist,
@@ -68,10 +66,9 @@
 
 class WorkspaceInvitationsView(APIView, SortableViewMixin, SearchableViewMixin):
     permission_classes = (IsAuthenticated,)
-    search_fields = ["email", "message"]
+    search_fields = ["email"]
     sort_field_mapping = {
         "email": "email",
-        "message": "message",
     }
 
     @extend_schema(
@@ -157,7 +154,6 @@ def get(self, request, workspace_id, query_params):
                     "ERROR_USER_NOT_IN_GROUP",
                     "ERROR_USER_INVALID_GROUP_PERMISSIONS",
                     "ERROR_REQUEST_BODY_VALIDATION",
-                    "ERROR_MAX_NUMBER_OF_PENDING_WORKSPACE_INVITES_REACHED",
                 ]
             ),
             404: get_error_schema(["ERROR_GROUP_DOES_NOT_EXIST"]),
@@ -172,7 +168,6 @@ def get(self, request, workspace_id, query_params):
             UserInvalidWorkspacePermissionsError: ERROR_USER_INVALID_GROUP_PERMISSIONS,
             WorkspaceUserAlreadyExists: ERROR_GROUP_USER_ALREADY_EXISTS,
             BaseURLHostnameNotAllowed: ERROR_HOSTNAME_IS_NOT_ALLOWED,
-            MaxNumberOfPendingWorkspaceInvitesReached: ERROR_MAX_NUMBER_OF_PENDING_WORKSPACE_INVITES_REACHED,
         }
     )
     def post(self, request, data, workspace_id):
@@ -187,7 +182,6 @@ def post(self, request, data, workspace_id):
             data["email"],
             data["permissions"],
             data["base_url"],
-            data.get("message", ""),
         )
 
         return Response(WorkspaceInvitationSerializer(workspace_invitation).data)

backend/src/baserow/config/settings/base.py

@@ -1205,12 +1205,6 @@ def __setitem__(self, key, value):
 BASEROW_USER_LOG_ENTRY_RETENTION_DAYS = int(
     os.getenv("BASEROW_USER_LOG_ENTRY_RETENTION_DAYS", 61)
 )
-# The maximum number of pending invites that a workspace can have. If `0` then
-# unlimited invites are allowed, which is the default value.
-BASEROW_MAX_PENDING_WORKSPACE_INVITES = int(
-    os.getenv("BASEROW_MAX_PENDING_WORKSPACE_INVITES", 0)
-)
-
 BASEROW_IMPORT_EXPORT_RESOURCE_CLEANUP_INTERVAL_MINUTES = int(
     os.getenv("BASEROW_IMPORT_EXPORT_RESOURCE_CLEANUP_INTERVAL_MINUTES", 5)
 )

backend/src/baserow/core/actions.py

@@ -817,7 +817,6 @@ def do(
         email: str,
         permissions: str,
         base_url: str,
-        message: str = "",
     ) -> WorkspaceInvitation:
         """
         Creates a new workspace invitation for the given email address and sends out an
@@ -829,7 +828,7 @@ def do(
         """
 
         workspace_invitation = CoreHandler().create_workspace_invitation(
-            user, workspace, email, permissions, base_url, message
+            user, workspace, email, permissions, base_url
         )
 
         cls.register_action(

backend/src/baserow/core/exceptions.py

@@ -76,13 +76,6 @@ class WorkspaceUserAlreadyExists(Exception):
     """
 
 
-class MaxNumberOfPendingWorkspaceInvitesReached(Exception):
-    """
-    Raised when the maximum number of pending workspace invites has been reached.
-    This value is configurable via the `BASEROW_MAX_PENDING_WORKSPACE_INVITES` setting.
-    """
-
-
 class WorkspaceUserIsLastAdmin(Exception):
     """
     Raised when the last admin of the workspace tries to leave it. This will leave the

backend/src/baserow/core/handler.py

@@ -39,7 +39,6 @@
     DuplicateApplicationMaxLocksExceededException,
     InvalidPermissionContext,
     LastAdminOfWorkspace,
-    MaxNumberOfPendingWorkspaceInvitesReached,
     PermissionDenied,
     PermissionException,
     TemplateDoesNotExist,
@@ -1089,35 +1088,30 @@ def get_workspace_invitation(self, workspace_invitation_id, base_queryset=None):
         return workspace_invitation
 
     def create_workspace_invitation(
-        self, user, workspace, email, permissions, base_url, message=""
-    ):
+        self,
+        user: AbstractUser,
+        workspace: Workspace,
+        email: str,
+        permissions: str,
+        base_url: str,
+    ) -> WorkspaceInvitation:
         """
         Creates a new workspace invitation for the given email address and sends out an
         email containing the invitation.
 
         :param user: The user on whose behalf the invitation is created.
-        :type user: User
         :param workspace: The workspace for which the user is invited.
-        :type workspace: Workspace
         :param email: The email address of the person that is invited to the workspace.
             Can be an existing or not existing user.
-        :type email: str
         :param permissions: The workspace permissions that the user will get once they
             have accepted the invitation.
-        :type permissions: str
         :param base_url: The base url of the frontend, where the user can accept his
             invitation. The signed invitation id is appended to the URL (base_url +
             '/TOKEN'). Only the PUBLIC_WEB_FRONTEND_HOSTNAME is allowed as domain name.
-        :type base_url: str
-        :param message: A custom message that will be included in the invitation email.
-        :type message: Optional[str]
         :raises ValueError: If the provided permissions are not allowed.
         :raises UserInvalidWorkspacePermissionsError: If the user does not belong to the
             workspace or doesn't have right permissions in the workspace.
-        :raises MaxNumberOfPendingWorkspaceInvitesReached: When the maximum number of
-            pending invites have been reached.
         :return: The created workspace invitation.
-        :rtype: WorkspaceInvitation
         """
 
         CoreHandler().check_permissions(
@@ -1136,23 +1130,10 @@ def create_workspace_invitation(
                 f"The user {email} is already part of the workspace."
             )
 
-        max_invites = settings.BASEROW_MAX_PENDING_WORKSPACE_INVITES
-        if max_invites > 0 and (
-            WorkspaceInvitation.objects.filter(workspace=workspace)
-            .exclude(email=email)
-            .count()
-            >= max_invites
-        ):
-            raise MaxNumberOfPendingWorkspaceInvitesReached(
-                f"The maximum number of pending workspaces invites {max_invites} has "
-                f"been reached."
-            )
-
         invitation, created = WorkspaceInvitation.objects.update_or_create(
             workspace=workspace,
             email=email,
             defaults={
-                "message": message,
                 "permissions": permissions,
                 "invited_by": user,
             },
@@ -1176,23 +1157,21 @@ def create_workspace_invitation(
 
         return invitation
 
-    def update_workspace_invitation(self, user, invitation, permissions):
+    def update_workspace_invitation(
+        self, user: AbstractUser, invitation: WorkspaceInvitation, permissions: str
+    ) -> WorkspaceInvitation:
         """
         Updates the permissions of an existing invitation if the user has ADMIN
         permissions to the related workspace.
 
         :param user: The user on whose behalf the invitation is updated.
-        :type user: User
         :param invitation: The invitation that must be updated.
-        :type invitation: WorkspaceInvitation
         :param permissions: The new permissions of the invitation that the user must
             has after accepting.
-        :type permissions: str
         :raises ValueError: If the provided permissions is not allowed.
         :raises UserInvalidWorkspacePermissionsError: If the user does not belong to the
             workspace or doesn't have right permissions in the workspace.
         :return: The updated workspace permissions instance.
-        :rtype: WorkspaceInvitation
         """
 
         CoreHandler().check_permissions(
@@ -1207,15 +1186,15 @@ def update_workspace_invitation(self, user, invitation, permissions):
 
         return invitation
 
-    def delete_workspace_invitation(self, user, invitation):
+    def delete_workspace_invitation(
+        self, user: AbstractUser, invitation: WorkspaceInvitation
+    ) -> None:
         """
         Deletes an existing workspace invitation if the user has ADMIN permissions to
         the related workspace.
 
         :param user: The user on whose behalf the invitation is deleted.
-        :type user: User
         :param invitation: The invitation that must be deleted.
-        :type invitation: WorkspaceInvitation
         :raises UserInvalidWorkspacePermissionsError: If the user does not belong to the
             workspace or doesn't have right permissions in the workspace.
         """
@@ -1415,10 +1394,8 @@ def filter_specific_applications(
         ] = None,
     ) -> QuerySet[Application]:
         if per_content_type_queryset_hook is None:
-            per_content_type_queryset_hook = (
-                lambda model, qs: application_type_registry.get_by_model(
-                    model
-                ).enhance_queryset(qs)
+            per_content_type_queryset_hook = lambda model, qs: (
+                application_type_registry.get_by_model(model).enhance_queryset(qs)
             )
         return specific_queryset(queryset, per_content_type_queryset_hook)
 

backend/src/baserow/core/migrations/0114_alter_workspaceinvitation_message.py

@@ -0,0 +1,18 @@
+# Generated by Django 5.2.13 on 2026-04-20 16:50
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('core', '0113_alter_notification_options_and_more'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='workspaceinvitation',
+            name='message',
+            field=models.TextField(default='', help_text='Deprecated legacy field retained for compatibility. This message is not exposed to invitation recipients.', max_length=250),
+        ),
+    ]

backend/src/baserow/core/models.py

@@ -385,11 +385,11 @@ class WorkspaceInvitation(
         help_text="The permissions that the user is going to get within the workspace "
         "after accepting the invitation.",
     )
+    # TODO ZDM: Remove this field in a future migration (no longer used)
     message = models.TextField(
-        blank=True,
+        default="",
         max_length=250,
-        help_text="An optional message that the invitor can provide. This will be "
-        "visible to the receiver of the invitation.",
+        help_text="Deprecated legacy field retained for compatibility. This message is not exposed to invitation recipients.",
     )
 
     def get_parent(self):

backend/src/baserow/core/templates/baserow/core/workspace_invitation.html

@@ -178,13 +178,6 @@
                         <div style="font-family:Inter,sans-serif;font-size:13px;line-height:170%;text-align:left;color:#070810;">{% blocktrans trimmed with invitation.invited_by.first_name as first_name and invitation.workspace.name as workspace_name %} <strong>{{ first_name }}</strong> has invited you to collaborate on <strong>{{ workspace_name }}</strong>. {% endblocktrans %}</div>
                       </td>
                     </tr>
-                    <!-- htmlmin:ignore -->{% if invitation.message %}<!-- htmlmin:ignore -->
-                    <tr>
-                      <td align="left" style="font-size:0px;padding:10px 25px;word-break:break-word;">
-                        <div style="font-family:Inter,sans-serif;font-size:13px;line-height:170%;text-align:left;color:#070810;">"{{ invitation.message }}"</div>
-                      </td>
-                    </tr>
-                    <!-- htmlmin:ignore -->{% endif %}<!-- htmlmin:ignore -->
                     <tr>
                       <td align="left" style="font-size:0px;padding:10px 25px;word-break:break-word;">
                         <table border="0" cellpadding="0" cellspacing="0" role="presentation" style="border-collapse:separate;line-height:100%;">