From 737a224b6e9a9cca3f94c92766931e75a8f4423d Mon Sep 17 00:00:00 2001
From: Linda Goldstein <linda.goldstein@parachutehealth.com>
Date: Thu, 11 Dec 2025 14:10:25 -0800
Subject: [PATCH] Fix: Add local: true to invitation form to prevent blank
 token error

Fixes the "Invitation token can't be blank" error that occurs when new
users accept email invitations and try to set their password.

Root cause: PR #6528 refactored form_for to form_with, but form_with
defaults to remote: true (AJAX submission). This causes the hidden
invitation_token field to not be properly submitted with the form.

Solution: Add local: true to the form_with helper to use standard form
submission instead of AJAX, ensuring the invitation_token is correctly
included in the POST data.

Related to PR #6528 (form helper refactor)
---
 app/views/devise/invitations/edit.html.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/views/devise/invitations/edit.html.erb b/app/views/devise/invitations/edit.html.erb
index 637cbed940..bb47799bf3 100644
--- a/app/views/devise/invitations/edit.html.erb
+++ b/app/views/devise/invitations/edit.html.erb
@@ -1,7 +1,7 @@
 <div class="password-box px-4 pb-3">
   <h2 class="my-3">Send invitation</h2>
 
-  <%= form_with(model: resource, as: resource_name, url: invitation_path(resource_name), html: {method: :put}) do |f| %>
+  <%= form_with(model: resource, as: resource_name, url: invitation_path(resource_name), local: true, html: {method: :put}) do |f| %>
     <%= render "/shared/error_messages", resource: resource %>
     <%= f.hidden_field :invitation_token, readonly: true %>