Re-invite Expired Users

[RobertKeyser]

ENG-1838

Description Of Changes

This PR allows email-invited users to be re-invited if they have not yet accepted the invite or their invite link has expired. Anyone with the user create scope can reinvite users. Upon the invitation being reissued, the old invite link is rendered invalid.

This addresses two issues: 1) where a user doesn't accept the invite in the TTL timeframe and 2) where the user has deleted or otherwise can't find the original invite link

Code Changes

• Change invite link TTL from 24 hours to 72 hours
• Add BE/FE ability to reinvite a user.
  • Exposes whether the invite is still valid to the FE for the users
  • Displays a notice (type info/warn depends on whether the user is expired yet) and a button to reinvite them
• Upon re-invitation the old invite code is invalid
• New endpoint api/v1/user/{user_id}/reinvite, scoped to user create

Steps to Confirm

Reinviting a user before expiration

Trying an old access code (user had been reinvited before expiration period)

Reinviting a user with an expired invite

Trying an expired access code (before the user has been reinvited)

Pre-Merge Checklist

• Issue requirements met
• All CI pipelines succeeded
• CHANGELOG.md updated
  • Add a db-migration This indicates that a change includes a database migration label to the entry if your change includes a DB migration
  • Add a high-risk This issue suggests changes that have a high-probability of breaking existing code label to the entry if your change includes a high-risk change (i.e. potential for performance impact or unexpected regression) that should be flagged
  • Updates unreleased work already in Changelog, no new entry necessary
• UX feedback:
  • All UX related changes have been reviewed by a designer
  • No UX review needed
• Followup issues:
  • Followup issues created
  • No followup issues
• Database migrations:
  • Ensure that your downrev is up to date with the latest revision on main
  • Ensure that your downgrade() migration is correct and works
    • If a downgrade migration is not possible for this change, please call this out in the PR description!
  • No migrations
• Documentation:
  • Documentation complete, PR opened in fidesdocs
  • Documentation issue created in fidesdocs
  • If there are any new client scopes created as part of the pull request, remember to update public-facing documentation that references our scope registry
  • No documentation updates required

[vercel]

Deployment failed with the following error:

You must set up Two-Factor Authentication before accessing this team.

View Documentation: https://vercel.com/docs/two-factor-authentication

[codecov]

Codecov Report

❌ Patch coverage is 84.61538% with 6 lines in your changes missing coverage. Please review.
✅ Project coverage is 87.46%. Comparing base (cd632d6) to head (ed142cb).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
src/fides/api/api/v1/endpoints/user_endpoints.py	82.85%	4 Missing and 2 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #6904      +/-   ##
==========================================
- Coverage   87.47%   87.46%   -0.01%     
==========================================
  Files         523      523              
  Lines       34090    34125      +35     
  Branches     3917     3922       +5     
==========================================
+ Hits        29820    29848      +28     
- Misses       3414     3418       +4     
- Partials      856      859       +3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
fides-plus-nightly	Error		Jan 7, 2026 4:25pm

1 Skipped Deployment

Project	Deployment	Review	Updated (UTC)
fides-privacy-center	Ignored		Jan 7, 2026 4:25pm