Complete invitation reg method (#4410)

7fb08aff · Ahmad Farhat · GitHub · f9934a47 · 7fb08aff · 7fb08aff
Unverified Commit 7fb08aff authored Jan 9, 2023 by Ahmad Farhat Committed by GitHub Jan 9, 2023
--- a/app/assets/locales/en.json
+++ b/app/assets/locales/en.json
@@ -167,6 +167,7 @@
      "invited_tab": "Invited",
      "invite_user": "Invite User",
      "send_invitation": "Send Invitation",
+      "enter_user_email": "Enter user's email",
      "new_user": "New User",
      "add_new_user": "New User",
      "create_new_user": "Create New User",

--- a/app/controllers/api/v1/users_controller.rb
+++ b/app/controllers/api/v1/users_controller.rb
@@ -17,7 +17,7 @@ module Api
        render_data data: user, status: :ok
      end

-      # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+      # rubocop:disable Metrics/AbcSize, Metrics/PerceivedComplexity
      # POST /api/v1/users.json
      # Expects: { user: { :name, :email, :password} }
      # Returns: { data: Array[serializable objects] , errors: Array[String] }
@@ -47,12 +47,6 @@ module Api
        user.pending! if !admin_create && registration_method == SiteSetting::REGISTRATION_METHODS[:approval]

        if user.save
-          # Delete invitation (ignore whether it exists or not)
-          if registration_method == SiteSetting::REGISTRATION_METHODS[:invite]
-            Invitation.delete_by(email: user_params[:email], provider: current_provider,
-                                 token: user_params[:invite_token])
-          end
-
          user.generate_session_token!
          session[:session_token] = user.session_token unless current_user # if this is NOT an admin creating a user

@@ -69,7 +63,7 @@ module Api
          render_error errors: Rails.configuration.custom_error_msgs[:record_invalid], status: :bad_request
        end
      end
-      # rubocop:enable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+      # rubocop:enable Metrics/AbcSize, Metrics/PerceivedComplexity

      def update
        user = User.find(params[:id])
@@ -141,7 +135,8 @@ module Api
      def valid_invite_token
        return false if user_params[:invite_token].blank?

-        Invitation.exists?(email: user_params[:email], provider: current_provider, token: user_params[:invite_token])
+        # Try to delete the invitation and return true if it succeeds
+        Invitation.destroy_by(email: user_params[:email], provider: current_provider, token: user_params[:invite_token]).present?
      end
    end
  end

--- a/app/controllers/external_controller.rb
+++ b/app/controllers/external_controller.rb
@@ -15,6 +15,13 @@ class ExternalController < ApplicationController
      verified: true
    }

+    registration_method = SettingGetter.new(setting_name: 'RegistrationMethod', provider: current_provider).call
+
+    # Check if they have a valid token
+    if registration_method == SiteSetting::REGISTRATION_METHODS[:invite] && !valid_invite_token(email: user_info[:email])
+      raise StandardError, Rails.configuration.custom_error_msgs[:invite_token_invalid]
+    end
+
    user = User.find_or_create_by!(external_id: credentials['uid'], provider:) do |u|
      user_info[:role] = default_role
      u.assign_attributes(user_info)
@@ -28,6 +35,9 @@ class ExternalController < ApplicationController
    user.generate_session_token!
    session[:session_token] = user.session_token

+    # Set to pending if registration method is approval
+    user.pending! if registration_method == SiteSetting::REGISTRATION_METHODS[:approval]
+
    # TODO: - Ahmad: deal with errors
    redirect_location = cookies[:location]
    cookies.delete(:location)
@@ -76,4 +86,13 @@ class ExternalController < ApplicationController
    meeting_id = meeting_id.split('_')[0] if meeting_id.end_with?('_')
    meeting_id
  end
+
+  def valid_invite_token(email:)
+    token = cookies[:inviteToken]
+
+    return false if token.blank?
+
+    # Try to delete the invitation and return true if it succeeds
+    Invitation.destroy_by(email:, provider: current_provider, token:).present?
+  end
 end
--- a/app/javascript/components/admin/manage_users/forms/InviteUserForm.jsx
+++ b/app/javascript/components/admin/manage_users/forms/InviteUserForm.jsx
@@ -7,14 +7,14 @@ import FormControl from '../../../shared_components/forms/FormControl';
 import Form from '../../../shared_components/forms/Form';
 import Spinner from '../../../shared_components/utilities/Spinner';
 import useCreateInvitation from '../../../../hooks/mutations/admin/manage_users/useCreateInvitation';
-import { createInvitaionFormFields } from '../../../../helpers/forms/CreateInvitationHelpers';
+import { createInvitationFormFields } from '../../../../helpers/forms/CreateInvitationHelpers';

 export default function InviteUserForm({ handleClose }) {
  const { t } = useTranslation();
  const methods = useForm();
  const createInvitation = useCreateInvitation({ onSettled: handleClose });
  const { isSubmitting } = methods.formState;
-  const fields = createInvitaionFormFields;
+  const fields = createInvitationFormFields;

  fields.emails.placeHolder = t('admin.manage_users.enter_user_email');


--- a/app/javascript/components/home/HomePage.jsx
+++ b/app/javascript/components/home/HomePage.jsx
@@ -20,7 +20,7 @@ export default function HomePage() {
  const { data: registrationMethod } = useSiteSetting('RegistrationMethod');

  useEffect(() => {
-    document.cookie = `token=${inviteToken};path=/;`;
+    document.cookie = `inviteToken=${inviteToken};path=/;`;
  }, [inviteToken]);

  // redirect user to correct page based on signed in status and CreateRoom permission

--- a/app/javascript/helpers/forms/CreateInvitationHelpers.jsx
+++ b/app/javascript/helpers/forms/CreateInvitationHelpers.jsx
@@ -7,7 +7,7 @@ export const validationSchema = yup.object({
      .email('Entered value does not match email format.'),
 });

-export const createInvitaionFormFields = {
+export const createInvitationFormFields = {
  emails: {
    label: 'Emails',
    controlId: 'createInvitationFormEmail',

--- a/spec/controllers/external_controller_spec.rb
+++ b/spec/controllers/external_controller_spec.rb
@@ -164,6 +164,68 @@ RSpec.describe ExternalController, type: :controller do
        expect(user.reload.role).to eq(new_role)
      end
    end
+
+    context 'Registration Method' do
+      context 'invite' do
+        before do
+          reg_method = instance_double(SettingGetter)
+          allow(SettingGetter).to receive(:new).with(setting_name: 'RegistrationMethod', provider: 'greenlight').and_return(reg_method)
+          allow(reg_method).to receive(:call).and_return('invite')
+        end
+
+        it 'creates a user account if they have a valid invitation' do
+          request.env['omniauth.auth'] = OmniAuth.config.mock_auth[:openid_connect]
+          invite = create(:invitation, email: OmniAuth.config.mock_auth[:openid_connect][:info][:email])
+          cookies[:inviteToken] = {
+            value: invite.token
+          }
+
+          expect { get :create_user, params: { provider: 'openid_connect' } }.to change(User, :count).by(1)
+        end
+
+        it 'deletes an invitation after using it' do
+          request.env['omniauth.auth'] = OmniAuth.config.mock_auth[:openid_connect]
+          invite = create(:invitation, email: OmniAuth.config.mock_auth[:openid_connect][:info][:email])
+          cookies[:inviteToken] = {
+            value: invite.token
+          }
+
+          expect { get :create_user, params: { provider: 'openid_connect' } }.to change(Invitation, :count).by(-1)
+        end
+
+        it 'returns an InviteInvalid error if no invite is passed' do
+          request.env['omniauth.auth'] = OmniAuth.config.mock_auth[:openid_connect]
+
+          expect { get :create_user, params: { provider: 'openid_connect' } }.to raise_error(StandardError)
+        end
+
+        it 'returns an InviteInvalid error if the token is wrong' do
+          request.env['omniauth.auth'] = OmniAuth.config.mock_auth[:openid_connect]
+          create(:invitation, email: OmniAuth.config.mock_auth[:openid_connect][:info][:email])
+          cookies[:inviteToken] = {
+            value: '123'
+          }
+
+          expect { get :create_user, params: { provider: 'openid_connect' } }.to raise_error(StandardError)
+        end
+      end
+
+      context 'approval' do
+        before do
+          reg_method = instance_double(SettingGetter)
+          allow(SettingGetter).to receive(:new).with(setting_name: 'RegistrationMethod', provider: 'greenlight').and_return(reg_method)
+          allow(reg_method).to receive(:call).and_return(SiteSetting::REGISTRATION_METHODS[:approval])
+        end
+
+        it 'sets a user to pending when registering' do
+          request.env['omniauth.auth'] = OmniAuth.config.mock_auth[:openid_connect]
+
+          expect { get :create_user, params: { provider: 'openid_connect' } }.to change(User, :count).by(1)
+
+          expect(User.find_by(email: OmniAuth.config.mock_auth[:openid_connect][:info][:email])).to be_pending
+        end
+      end
+    end
  end

  describe '#recording_ready' do