Bug: Account destroyed when sharing access to someone else account

[cesare190]

Before you start (required)

General checklist

• [ x] I have removed personal / sensitive data from screenshots and logs
• I have searched existing issues and discussions to ensure this is not a duplicate issue

How are you using Sure?

• I was a paying Maybe customer (hosted version)
• I use it on PikaPod, Umbrel or similar (VPS included)
• [ x] I am a self-hosted user (local only)

Self hoster checklist

Paying, hosted users should delete this entire section.

If you are a self-hosted user, please complete all of the information below. Issues with incomplete information will be marked as Needs Info to help our small team prioritize bug fixes.

• Self hosted app commit SHA (find in user menu): [enter commit sha here]
  • [ x] I have confirmed that my app's commit is the latest version of Sure
• Where are you hosting?
  • Render
  • [ x] Docker Compose
  • Umbrel
  • PikaPod
  • Other (please specify)

---

Bug description

There's no selector to change accounts when you have your own account and are invited to manage another. If you remove the sharing, the original account will be lost.

To Reproduce

I have two users on my Sure instance, x and y. The first is my personal user, the other is a second test user. In y's settings, I invited x to log in as a member. Without any confirmation, when I logged in to x, I saw y's settings and account. Once I removed x from y and logged back in to x, I was told that x's account did not exist and asked to create a new profile.

1. Create a user x
2. Create a user y
3. On y, go to Settings => Profile Info => Add Member => x as a Member
4. Log out of y
5. Log in to x and see that the account is y's
6. Log out of x
7. Log back in to y and remove account x from Profile Info
8. Log out of y and log back in with x
9. Display the welcome screen for creating a new account

Expected behavior

I expected to be able to invite someone to edit my account as a member or admin, and for that person to choose whether to view their own account or the shared one. I also expected that if the sharing was removed, access to the removed user's original profile would still be restored.

Screenshots and/or recordings

There are no screenshots that I feel are worth sharing, but I am available to provide them if needed.

[dosubot]

Hi @cesare190! I'm Dosu and I’m helping the sure team.

This is a known limitation in Sure's current implementation. When you accept an invitation to join another account (family), your user record's family_id and role are overwritten—there's no account selector or multi-family support. If you're later removed from that family, your user record is destroyed, which permanently deletes your original account and its data. There is no built-in way to recover the original profile or switch between accounts after sharing; the process is destructive by design in the current codebase (Invitation model, ProfilesController).

If you need to preserve your original account, avoid accepting invitations with an existing user or back up your data before sharing. There are no documented workarounds or recovery steps for restoring a deleted account after this process. If you need to recover data, manual intervention in the database may be possible but is not officially supported (related issue).

If multi-account support or safer sharing is important for your workflow, consider requesting this as a feature.

To reply, just mention @dosu.

---

Docs are dead. Just use Dosu.

[jjmata]

Hmm. No data is ever deleted without warning that I know of ... I have done exactly what you say in testing @cesare190 and all that happens is that I cannot log into one of the two Family accounts. Will fix that today since I am working on that codepath for something else. 😄

The actual bug here is that the codebase allows invitations to people that already are member of other Family accounts, and accepting the invitation screws things up.

This is what happens based on my experience:

1. Create a user x

Family x is created

2. Create a user y

Family y is created

3. On y, go to Settings => Profile Info => Add Member => x as a Member

4. Log out of y
5. Log in to x and see that the account is y's

This is where I will add something. Probably a "which Family?" selector.

6. Log out of x
7. Log back in to y and remove account x from Profile Info

This is the bug, instead of checking if there is another Family for that user it just deletes the account. It does warn you it is doing that. 👀

8. Log out of y and log back in with x
9. Display the welcome screen for creating a new account

[jjmata]

Got Opus 4.6 working on it here in #971