2019-05-02 18:17:27 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2016-06-06 15:36:59 -04:00
|
|
|
require_dependency 'rate_limiter'
|
|
|
|
|
2013-02-05 14:16:51 -05:00
|
|
|
class InvitesController < ApplicationController
|
|
|
|
|
2018-01-31 23:17:59 -05:00
|
|
|
requires_login only: [
|
2018-01-31 20:26:45 -05:00
|
|
|
:destroy, :create, :create_invite_link, :rescind_all_invites,
|
|
|
|
:resend_invite, :resend_all_invites, :upload_csv
|
|
|
|
]
|
|
|
|
|
2017-08-31 00:06:56 -04:00
|
|
|
skip_before_action :check_xhr, except: [:perform_accept_invitation]
|
|
|
|
skip_before_action :preload_json, except: [:show]
|
|
|
|
skip_before_action :redirect_to_login_if_required
|
2013-06-05 14:12:37 -04:00
|
|
|
|
2017-08-31 00:06:56 -04:00
|
|
|
before_action :ensure_new_registrations_allowed, only: [:show, :perform_accept_invitation]
|
|
|
|
before_action :ensure_not_logged_in, only: [:show, :perform_accept_invitation]
|
2013-02-05 14:16:51 -05:00
|
|
|
|
|
|
|
def show
|
2017-01-24 15:15:29 -05:00
|
|
|
expires_now
|
2017-02-13 16:19:41 -05:00
|
|
|
|
|
|
|
invite = Invite.find_by(invite_key: params[:id])
|
|
|
|
|
2019-01-02 21:16:05 -05:00
|
|
|
if invite.present?
|
|
|
|
if !invite.redeemed?
|
|
|
|
store_preloaded("invite_info", MultiJson.dump(
|
|
|
|
invited_by: UserNameSerializer.new(invite.invited_by, scope: guardian, root: false),
|
|
|
|
email: invite.email,
|
|
|
|
username: UserNameSuggester.suggest(invite.email))
|
|
|
|
)
|
|
|
|
|
|
|
|
render layout: 'application'
|
|
|
|
else
|
|
|
|
flash.now[:error] = I18n.t('invite.not_found_template', site_name: SiteSetting.title, base_url: Discourse.base_url)
|
|
|
|
render layout: 'no_ember'
|
|
|
|
end
|
2017-02-13 16:19:41 -05:00
|
|
|
else
|
2019-07-19 07:09:44 -04:00
|
|
|
flash.now[:error] = I18n.t('invite.not_found', base_url: Discourse.base_url)
|
2017-02-13 16:19:41 -05:00
|
|
|
render layout: 'no_ember'
|
|
|
|
end
|
2017-01-24 15:15:29 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def perform_accept_invitation
|
2017-05-29 03:45:01 -04:00
|
|
|
params.require(:id)
|
2017-10-04 17:04:24 -04:00
|
|
|
params.permit(:username, :name, :password, user_custom_fields: {})
|
2014-05-06 09:41:59 -04:00
|
|
|
invite = Invite.find_by(invite_key: params[:id])
|
2013-02-05 14:16:51 -05:00
|
|
|
|
|
|
|
if invite.present?
|
2017-02-13 16:19:41 -05:00
|
|
|
begin
|
2019-04-13 03:34:25 -04:00
|
|
|
user = invite.redeem(username: params[:username], name: params[:name], password: params[:password], user_custom_fields: params[:user_custom_fields], ip_address: request.remote_ip)
|
2017-02-13 16:19:41 -05:00
|
|
|
if user.present?
|
2019-01-07 03:52:08 -05:00
|
|
|
log_on_user(user) if user.active?
|
2017-04-15 05:18:05 -04:00
|
|
|
post_process_invite(user)
|
2013-02-05 14:16:51 -05:00
|
|
|
end
|
|
|
|
|
2019-01-07 03:52:08 -05:00
|
|
|
response = { success: true }
|
|
|
|
if user.present? && user.active?
|
|
|
|
topic = invite.topics.first
|
|
|
|
response[:redirect_to] = topic.present? ? path("#{topic.relative_url}") : path("/")
|
|
|
|
else
|
|
|
|
response[:message] = I18n.t('invite.confirm_email')
|
|
|
|
end
|
2017-02-13 16:19:41 -05:00
|
|
|
|
2019-01-07 03:52:08 -05:00
|
|
|
render json: response
|
2017-02-13 16:19:41 -05:00
|
|
|
rescue ActiveRecord::RecordInvalid, ActiveRecord::RecordNotSaved => e
|
|
|
|
render json: {
|
|
|
|
success: false,
|
2019-02-06 08:49:00 -05:00
|
|
|
errors: e.record&.errors&.to_hash || {},
|
|
|
|
message: I18n.t('invite.error_message')
|
2017-02-13 16:19:41 -05:00
|
|
|
}
|
|
|
|
end
|
2017-01-24 15:15:29 -05:00
|
|
|
else
|
2019-07-19 07:09:44 -04:00
|
|
|
render json: { success: false, message: I18n.t('invite.not_found_json') }
|
2017-01-24 15:15:29 -05:00
|
|
|
end
|
2013-02-05 14:16:51 -05:00
|
|
|
end
|
|
|
|
|
2013-11-06 12:56:26 -05:00
|
|
|
def create
|
|
|
|
params.require(:email)
|
|
|
|
|
2017-07-21 02:12:24 -04:00
|
|
|
groups = Group.lookup_groups(
|
|
|
|
group_ids: params[:group_ids],
|
|
|
|
group_names: params[:group_names]
|
|
|
|
)
|
2013-11-06 12:56:26 -05:00
|
|
|
|
2017-07-21 02:12:24 -04:00
|
|
|
guardian.ensure_can_invite_to_forum!(groups)
|
|
|
|
group_ids = groups.map(&:id)
|
2014-05-09 04:22:15 -04:00
|
|
|
|
2014-07-29 13:57:08 -04:00
|
|
|
invite_exists = Invite.where(email: params[:email], invited_by_id: current_user.id).first
|
2017-02-03 03:57:27 -05:00
|
|
|
if invite_exists && !guardian.can_send_multiple_invites?(current_user)
|
2017-02-03 05:05:33 -05:00
|
|
|
return render json: failed_json, status: 422
|
2014-07-29 13:57:08 -04:00
|
|
|
end
|
|
|
|
|
2015-12-14 11:02:23 -05:00
|
|
|
begin
|
2017-07-21 02:12:24 -04:00
|
|
|
if Invite.invite_by_email(params[:email], current_user, nil, group_ids, params[:custom_message])
|
2015-12-14 11:02:23 -05:00
|
|
|
render json: success_json
|
|
|
|
else
|
|
|
|
render json: failed_json, status: 422
|
|
|
|
end
|
2017-06-13 12:59:02 -04:00
|
|
|
rescue Invite::UserExists, ActiveRecord::RecordInvalid => e
|
2017-07-27 21:20:09 -04:00
|
|
|
render json: { errors: [e.message] }, status: 422
|
2013-11-06 12:56:26 -05:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2015-08-25 21:41:52 -04:00
|
|
|
def create_invite_link
|
|
|
|
params.require(:email)
|
2017-07-21 02:12:24 -04:00
|
|
|
|
|
|
|
groups = Group.lookup_groups(
|
|
|
|
group_ids: params[:group_ids],
|
|
|
|
group_names: params[:group_names]
|
|
|
|
)
|
|
|
|
guardian.ensure_can_invite_to_forum!(groups)
|
2017-10-09 06:22:41 -04:00
|
|
|
|
2015-08-31 10:06:13 -04:00
|
|
|
topic = Topic.find_by(id: params[:topic_id])
|
2017-10-09 06:22:41 -04:00
|
|
|
guardian.ensure_can_invite_to!(topic) if topic.present?
|
|
|
|
|
2017-07-21 02:12:24 -04:00
|
|
|
group_ids = groups.map(&:id)
|
2015-08-25 21:41:52 -04:00
|
|
|
|
|
|
|
invite_exists = Invite.where(email: params[:email], invited_by_id: current_user.id).first
|
2017-02-03 03:57:27 -05:00
|
|
|
if invite_exists && !guardian.can_send_multiple_invites?(current_user)
|
2017-02-03 05:05:33 -05:00
|
|
|
return render json: failed_json, status: 422
|
2015-08-25 21:41:52 -04:00
|
|
|
end
|
|
|
|
|
2015-12-14 11:02:23 -05:00
|
|
|
begin
|
|
|
|
# generate invite link
|
|
|
|
if invite_link = Invite.generate_invite_link(params[:email], current_user, topic, group_ids)
|
|
|
|
render_json_dump(invite_link)
|
|
|
|
else
|
|
|
|
render json: failed_json, status: 422
|
|
|
|
end
|
|
|
|
rescue => e
|
2017-07-27 21:20:09 -04:00
|
|
|
render json: { errors: [e.message] }, status: 422
|
2015-09-16 07:57:32 -04:00
|
|
|
end
|
2015-08-25 21:41:52 -04:00
|
|
|
end
|
|
|
|
|
2013-02-05 14:16:51 -05:00
|
|
|
def destroy
|
2013-06-05 03:04:03 -04:00
|
|
|
params.require(:email)
|
2013-02-05 14:16:51 -05:00
|
|
|
|
2014-05-06 09:41:59 -04:00
|
|
|
invite = Invite.find_by(invited_by_id: current_user.id, email: params[:email])
|
2013-02-05 14:16:51 -05:00
|
|
|
raise Discourse::InvalidParameters.new(:email) if invite.blank?
|
2013-07-09 15:20:18 -04:00
|
|
|
invite.trash!(current_user)
|
2013-02-05 14:16:51 -05:00
|
|
|
|
2017-08-31 00:06:56 -04:00
|
|
|
render body: nil
|
2013-02-05 14:16:51 -05:00
|
|
|
end
|
|
|
|
|
2017-06-29 10:32:07 -04:00
|
|
|
def rescind_all_invites
|
|
|
|
guardian.ensure_can_rescind_all_invites!(current_user)
|
|
|
|
|
2019-03-07 04:49:46 -05:00
|
|
|
Invite.rescind_all_expired_invites_from(current_user)
|
2017-08-31 00:06:56 -04:00
|
|
|
render body: nil
|
2017-06-29 10:32:07 -04:00
|
|
|
end
|
|
|
|
|
2014-10-06 14:48:56 -04:00
|
|
|
def resend_invite
|
|
|
|
params.require(:email)
|
2016-06-06 15:36:59 -04:00
|
|
|
RateLimiter.new(current_user, "resend-invite-per-hour", 10, 1.hour).performed!
|
2014-10-06 14:48:56 -04:00
|
|
|
|
|
|
|
invite = Invite.find_by(invited_by_id: current_user.id, email: params[:email])
|
|
|
|
raise Discourse::InvalidParameters.new(:email) if invite.blank?
|
|
|
|
invite.resend_invite
|
2017-08-31 00:06:56 -04:00
|
|
|
render body: nil
|
2016-06-06 15:36:59 -04:00
|
|
|
|
|
|
|
rescue RateLimiter::LimitExceeded
|
|
|
|
render_json_error(I18n.t("rate_limiter.slow_down"))
|
2014-10-06 14:48:56 -04:00
|
|
|
end
|
|
|
|
|
2016-06-02 15:09:02 -04:00
|
|
|
def resend_all_invites
|
2016-06-07 01:27:08 -04:00
|
|
|
guardian.ensure_can_resend_all_invites!(current_user)
|
2016-06-02 15:09:02 -04:00
|
|
|
|
|
|
|
Invite.resend_all_invites_from(current_user.id)
|
2017-08-31 00:06:56 -04:00
|
|
|
render body: nil
|
2016-06-02 15:09:02 -04:00
|
|
|
end
|
|
|
|
|
2016-12-04 11:06:35 -05:00
|
|
|
def upload_csv
|
2014-05-27 16:14:37 -04:00
|
|
|
guardian.ensure_can_bulk_invite_to_forum!(current_user)
|
|
|
|
|
2019-06-04 10:49:46 -04:00
|
|
|
hijack do
|
|
|
|
begin
|
|
|
|
file = params[:file] || params[:files].first
|
2016-12-04 11:06:35 -05:00
|
|
|
|
2019-06-12 05:05:21 -04:00
|
|
|
count = 0
|
2019-06-04 10:49:46 -04:00
|
|
|
invites = []
|
2019-06-12 05:05:21 -04:00
|
|
|
max_bulk_invites = SiteSetting.max_bulk_invites
|
2019-06-04 10:49:46 -04:00
|
|
|
CSV.foreach(file.tempfile) do |row|
|
2019-06-12 05:05:21 -04:00
|
|
|
count += 1
|
2019-06-12 07:14:17 -04:00
|
|
|
invites.push(email: row[0], groups: row[1], topic_id: row[2]) if row[0].present?
|
2019-06-12 05:05:21 -04:00
|
|
|
break if count >= max_bulk_invites
|
2019-06-04 10:49:46 -04:00
|
|
|
end
|
2019-06-12 05:05:21 -04:00
|
|
|
|
2019-06-04 10:49:46 -04:00
|
|
|
if invites.present?
|
|
|
|
Jobs.enqueue(:bulk_invite, invites: invites, current_user_id: current_user.id)
|
2019-06-12 05:05:21 -04:00
|
|
|
if count >= max_bulk_invites
|
|
|
|
render json: failed_json.merge(errors: [I18n.t("bulk_invite.max_rows", max_bulk_invites: max_bulk_invites)]), status: 422
|
|
|
|
else
|
|
|
|
render json: success_json
|
|
|
|
end
|
2019-06-04 10:49:46 -04:00
|
|
|
else
|
|
|
|
render json: failed_json.merge(errors: [I18n.t("bulk_invite.error")]), status: 422
|
|
|
|
end
|
|
|
|
rescue
|
|
|
|
render json: failed_json.merge(errors: [I18n.t("bulk_invite.error")]), status: 422
|
2016-12-04 11:06:35 -05:00
|
|
|
end
|
2014-05-27 16:14:37 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2014-07-14 11:56:26 -04:00
|
|
|
def fetch_username
|
|
|
|
params.require(:username)
|
|
|
|
params[:username]
|
|
|
|
end
|
|
|
|
|
|
|
|
def fetch_email
|
|
|
|
params.require(:email)
|
|
|
|
params[:email]
|
|
|
|
end
|
|
|
|
|
2014-07-14 15:42:14 -04:00
|
|
|
def ensure_new_registrations_allowed
|
|
|
|
unless SiteSetting.allow_new_registrations
|
|
|
|
flash[:error] = I18n.t('login.new_registrations_disabled')
|
2015-01-15 15:56:53 -05:00
|
|
|
render layout: 'no_ember'
|
2014-07-14 15:42:14 -04:00
|
|
|
false
|
|
|
|
end
|
|
|
|
end
|
2016-02-23 08:33:12 -05:00
|
|
|
|
|
|
|
def ensure_not_logged_in
|
|
|
|
if current_user
|
|
|
|
flash[:error] = I18n.t("login.already_logged_in", current_user: current_user.username)
|
|
|
|
render layout: 'no_ember'
|
|
|
|
false
|
|
|
|
end
|
|
|
|
end
|
2017-04-15 05:18:05 -04:00
|
|
|
|
|
|
|
private
|
|
|
|
|
2018-06-07 01:28:18 -04:00
|
|
|
def post_process_invite(user)
|
|
|
|
user.enqueue_welcome_message('welcome_invite') if user.send_welcome_message
|
2018-12-10 17:24:02 -05:00
|
|
|
|
2019-05-10 08:49:12 -04:00
|
|
|
Group.refresh_automatic_groups!(:admins, :moderators, :staff) if user.staff?
|
|
|
|
|
2018-06-07 01:28:18 -04:00
|
|
|
if user.has_password?
|
2018-12-10 17:24:02 -05:00
|
|
|
send_activation_email(user) unless user.active
|
2018-06-07 01:28:18 -04:00
|
|
|
elsif !SiteSetting.enable_sso && SiteSetting.enable_local_logins
|
|
|
|
Jobs.enqueue(:invite_password_instructions_email, username: user.username)
|
2017-04-15 05:18:05 -04:00
|
|
|
end
|
2018-06-07 01:28:18 -04:00
|
|
|
end
|
2017-04-15 05:18:05 -04:00
|
|
|
|
2018-12-10 17:24:02 -05:00
|
|
|
def send_activation_email(user)
|
2018-12-11 19:36:13 -05:00
|
|
|
email_token = user.email_tokens.create!(email: user.email)
|
2018-12-10 17:24:02 -05:00
|
|
|
|
|
|
|
Jobs.enqueue(:critical_user_email,
|
|
|
|
type: :signup,
|
|
|
|
user_id: user.id,
|
|
|
|
email_token: email_token.token
|
|
|
|
)
|
|
|
|
end
|
2013-02-05 14:16:51 -05:00
|
|
|
end
|