codeninjasllc/discourse
1
0
Fork 0
mirror of https://github.com/codeninjasllc/discourse.git synced 2024-11-27 17:46:05 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

FIX: invite link should not auto-accept invitation if user is already logged in

Browse source
This commit is contained in:
Arpit Jalan 2016-02-23 19:03:12 +05:30 committed by Robin Ward
parent 8dad58ba78
commit 9de5c340b0
4 changed files with 27 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
app/controllers/invites_controller.rb
View file

@ -6,6 +6,7 @@ class InvitesController < ApplicationController
before_filter :ensure_logged_in, only: [:destroy, :create, :create_invite_link, :resend_invite, :check_csv_chunk, :upload_csv_chunk] before_filter :ensure_logged_in, only: [:destroy, :create, :create_invite_link, :resend_invite, :check_csv_chunk, :upload_csv_chunk]
before_filter :ensure_new_registrations_allowed, only: [:show, :redeem_disposable_invite] before_filter :ensure_new_registrations_allowed, only: [:show, :redeem_disposable_invite]
before_filter :ensure_not_logged_in, only: [:show, :redeem_disposable_invite]
def show def show
invite = Invite.find_by(invite_key: params[:id]) invite = Invite.find_by(invite_key: params[:id])
@ -195,4 +196,12 @@ class InvitesController < ApplicationController
false false
end end
end end
def ensure_not_logged_in
if current_user
flash[:error] = I18n.t("login.already_logged_in", current_user: current_user.username)
render layout: 'no_ember'
false
end
end
end end

7
app/views/invites/redeem_disposable_invite.html.erb Normal file
View file

@ -0,0 +1,7 @@
<div id='simple-container'>
<%if flash[:error]%>
<div class='alert alert-error'>
<%=flash[:error]%>
</div>
<%end%>
</div>

1
config/locales/server.en.yml
View file

@ -1386,6 +1386,7 @@ en:
reserved_username: "That username is not allowed." reserved_username: "That username is not allowed."
missing_user_field: "You have not completed all the user fields" missing_user_field: "You have not completed all the user fields"
close_window: "Authentication is complete. Close this window to continue." close_window: "Authentication is complete. Close this window to continue."
already_logged_in: "Oops, looks like you are attempting to accept an invitation for another user. If you are not %{current_user}, please log out and try again?"
user: user:
no_accounts_associated: "No accounts associated" no_accounts_associated: "No accounts associated"

10
spec/controllers/invites_controller_spec.rb
View file

@ -218,6 +218,16 @@ describe InvitesController do
end end
end end
context 'user is already logged in' do
let!(:user) { log_in }
let(:topic) { Fabricate(:topic) }
let(:invite) { topic.invite_by_email(topic.user, "iceking@adventuretime.ooo") }
it "doesn't redeem the invite" do
Invite.any_instance.stubs(:redeem).never
get :show, id: invite.invite_key
end
end
end end
context '.create_disposable_invite' do context '.create_disposable_invite' do