Merge pull request #964 from chrishunt/exclusive-club

Add 'invite only' site setting
2025-03-14 00:50:14 -04:00 · 2013-06-05 16:38:47 -07:00 · 2013-06-05 16:38:47 -07:00 · 2ca734c118
commit 2ca734c118
parent 6384518599 a523fa56ac
8 changed files with 64 additions and 13 deletions
--- a/app/assets/javascripts/discourse/templates/modal/login.js.handlebars
+++ b/app/assets/javascripts/discourse/templates/modal/login.js.handlebars
@ -59,8 +59,17 @@
    {{i18n login.authenticating}}
  {{/if}}
  {{#if Discourse.SiteSettings.enable_local_logins}}
-  <button class='btn btn-large btn-primary' {{bindAttr disabled="loginDisabled"}} {{action login}}><i class="icon-unlock"></i>&nbsp;{{loginButtonText}}</button>
-  &nbsp;
-  {{i18n create_account.invite}} <a id="new-account-link" {{action showCreateAccount}}>{{i18n create_account.action}}</a>
+    <button class='btn btn-large btn-primary'
+      {{bindAttr disabled="loginDisabled"}}
+      {{action login}}>
+        <i class="icon-unlock"></i>&nbsp;{{loginButtonText}}
+    </button>
+
+    {{#unless Discourse.SiteSettings.invite_only}}
+      &nbsp; {{i18n create_account.invite}}
+      <a id="new-account-link" {{action showCreateAccount}}>
+        {{i18n create_account.action}}
+      </a>
+    {{/unless}}
  {{/if}}
 </div>
--- a/app/controllers/invites_controller.rb
+++ b/app/controllers/invites_controller.rb
@ -1,6 +1,8 @@
 class InvitesController < ApplicationController

  skip_before_filter :check_xhr, :check_restricted_access
+  skip_before_filter :redirect_to_login_if_required
+
  before_filter :ensure_logged_in, only: [:destroy]

  def show
--- a/app/controllers/users/omniauth_callbacks_controller.rb
+++ b/app/controllers/users/omniauth_callbacks_controller.rb
@ -28,6 +28,8 @@ class Users::OmniauthCallbacksController < ApplicationController
    # Call the appropriate logic
    send("create_or_sign_on_user_using_#{provider}", request.env["omniauth.auth"])

+    @data[:awaiting_approval] = true if invite_only?
+
    respond_to do |format|
      format.html
      format.json { render json: @data }
@ -316,4 +318,9 @@ class Users::OmniauthCallbacksController < ApplicationController

  end

+  private
+
+  def invite_only?
+    SiteSetting.invite_only? && !@data[:authenticated]
+  end
 end
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -145,16 +145,7 @@ class UsersController < ApplicationController
  end

  def create
-
-    if honeypot_or_challenge_fails?(params)
-      # Don't give any indication that we caught you in the honeypot
-      honey_pot_response = {
-        success: true,
-        active: false,
-        message: I18n.t("login.activate_email", email: params[:email])
-      }
-      return render(json: honey_pot_response)
-    end
+    return fake_success_reponse if suspicious? params

    user = User.new_from_params(params)

@ -349,6 +340,20 @@ class UsersController < ApplicationController
      '3019774c067cc2b'
    end

+    def suspicious?(params)
+      honeypot_or_challenge_fails?(params) || SiteSetting.invite_only?
+    end
+
+    def fake_success_reponse
+      render(
+        json: {
+          success: true,
+          active: false,
+          message: I18n.t("login.activate_email", email: params[:email])
+        }
+      )
+    end
+
    def honeypot_or_challenge_fails?(params)
      params[:password_confirmation] != honeypot_value ||
      params[:challenge] != challenge_value.try(:reverse)
--- a/app/models/site_setting.rb
+++ b/app/models/site_setting.rb
@ -134,6 +134,8 @@ class SiteSetting < ActiveRecord::Base

  setting(:send_welcome_message, true)

+  client_setting(:invite_only, false)
+
  client_setting(:login_required, false)

  client_setting(:enable_local_logins, true)
--- a/config/locales/server.en.yml
+++ b/config/locales/server.en.yml
@ -507,6 +507,8 @@ en:

    # TODO: perhaps we need a way of protecting these settings for hosted solution, global settings ...

+    invite_only: "Public registration is disabled, new users must be invited"
+
    login_required: "Require authentication to read posts"

    enable_local_logins: "Enable local authentication"
--- a/spec/controllers/omniauth_callbacks_controller_spec.rb
+++ b/spec/controllers/omniauth_callbacks_controller_spec.rb
@ -32,6 +32,17 @@ describe Users::OmniauthCallbacksController do
      response.should be_success
    end

+    context "when 'invite only' site setting is enabled" do
+      before { SiteSetting.stubs(:invite_only?).returns(true) }
+
+      it 'informs the user they are awaiting approval' do
+        xhr :get, :complete, provider: 'twitter', format: :json
+
+        expect(
+          JSON.parse(response.body)['awaiting_approval']
+        ).to be_true
+      end
+    end
  end

  describe 'facebook' do
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@ -426,6 +426,19 @@ describe UsersController do
      it_should_behave_like 'honeypot fails'
    end

+    context "when 'invite only' setting is enabled" do
+      before { SiteSetting.expects(:invite_only?).returns(true) }
+
+      let(:create_params) {{
+        name: @user.name,
+        username: @user.username,
+        password: 'strongpassword',
+        email: @user.email
+      }}
+
+      it_should_behave_like 'honeypot fails'
+    end
+
    shared_examples_for 'failed signup' do
      it 'should not create a new User' do
        expect { xhr :post, :create, create_params }.to_not change { User.count }