2019-05-02 18:17:27 -04:00
# frozen_string_literal: true
2022-11-13 21:02:06 -05:00
# NOTE: There are a _lot_ of complicated rules and conditions for our
# invite system, and the code is spread out through a lot of places.
# Tread lightly and read carefully when modifying this code. You may
# also want to look at:
#
# * InvitesController
# * SessionController
# * Invite model
# * User model
#
# Invites that are scoped to a specific email (email IS NOT NULL on the Invite
# model) have different rules to invites that are considered an "invite link",
# (email IS NULL) on the Invite model.
2022-11-01 12:33:32 -04:00
class InviteRedeemer
attr_reader :invite ,
:email ,
:username ,
:name ,
:password ,
:user_custom_fields ,
:ip_address ,
:session ,
:email_token ,
:redeeming_user
def initialize (
2022-11-13 21:02:06 -05:00
invite : ,
2022-11-01 12:33:32 -04:00
email : nil ,
username : nil ,
name : nil ,
password : nil ,
user_custom_fields : nil ,
ip_address : nil ,
session : nil ,
email_token : nil ,
redeeming_user : nil )
@invite = invite
@username = username
@name = name
@password = password
@user_custom_fields = user_custom_fields
@ip_address = ip_address
@session = session
@email_token = email_token
@redeeming_user = redeeming_user
2022-11-13 21:02:06 -05:00
ensure_email_is_present! ( email )
2022-11-01 12:33:32 -04:00
end
2013-05-30 11:33:11 -04:00
def redeem
Invite . transaction do
2022-06-20 23:56:50 -04:00
if can_redeem_invite? && mark_invite_redeemed
2014-07-01 12:52:52 -04:00
process_invitation
2021-04-21 05:36:32 -04:00
invited_user
2014-07-01 12:52:52 -04:00
end
2013-05-30 11:33:11 -04:00
end
end
2022-11-13 21:02:06 -05:00
# The email must be present in some form since many of the methods
# for processing + redemption rely on it. If it's still nil after
# these checks then we have hit an edge case and should not proceed!
def ensure_email_is_present! ( email )
if email . blank?
Rails . logger . warn (
" email param was blank in InviteRedeemer for invite ID #{ @invite . id } . The `redeeming_user` was #{ @redeeming_user . present? ? " (ID: #{ @redeeming_user . id } ) " : " not " } present. " ,
)
end
if email . blank? && @invite . is_email_invite?
@email = @invite . email
elsif @redeeming_user . present?
@email = @redeeming_user . email
else
@email = email
end
raise Discourse :: InvalidParameters if @email . blank?
end
# This will _never_ be called if there is a redeeming_user being passed
# in to InviteRedeemer -- see invited_user below.
2021-04-14 05:15:56 -04:00
def self . create_user_from_invite ( email : , invite : , username : nil , name : nil , password : nil , user_custom_fields : nil , ip_address : nil , session : nil , email_token : nil )
2021-07-11 17:57:38 -04:00
if username && UsernameValidator . new ( username ) . valid_format? && User . username_available? ( username , email )
2014-07-14 11:56:26 -04:00
available_username = username
else
2020-06-09 11:19:32 -04:00
available_username = UserNameSuggester . suggest ( email )
2014-07-14 11:56:26 -04:00
end
2013-08-28 03:18:31 -04:00
2021-07-11 17:57:38 -04:00
user = User . where ( staged : true ) . with_email ( email . strip . downcase ) . first
user . unstage! if user
user || = User . new
2020-03-17 11:48:24 -04:00
user . attributes = {
2020-06-09 11:19:32 -04:00
email : email ,
2018-01-19 09:29:15 -05:00
username : available_username ,
2020-03-17 11:48:24 -04:00
name : name || available_username ,
2018-12-10 17:24:02 -05:00
active : false ,
2019-04-13 03:34:25 -04:00
trust_level : SiteSetting . default_invitee_trust_level ,
ip_address : ip_address ,
registration_ip_address : ip_address
2018-01-19 09:29:15 -05:00
}
2022-06-02 23:43:52 -04:00
if ( ! SiteSetting . must_approve_users && SiteSetting . invite_only ) ||
( SiteSetting . must_approve_users? && EmailValidator . can_auto_approve_user? ( user . email ) )
2022-06-02 10:10:48 -04:00
ReviewableUser . set_approved_fields! ( user , Discourse . system_user )
2017-03-05 08:55:21 -05:00
end
2017-06-08 15:10:43 -04:00
user_fields = UserField . all
if user_custom_fields . present? && user_fields . present?
field_params = user_custom_fields || { }
fields = user . custom_fields
user_fields . each do | f |
field_val = field_params [ f . id . to_s ]
2018-09-06 18:02:47 -04:00
fields [ " #{ User :: USER_FIELD_PREFIX } #{ f . id } " ] = field_val [ 0 ... UserField . max_length ] unless field_val . blank?
2017-06-08 15:10:43 -04:00
end
user . custom_fields = fields
end
2016-09-20 13:12:00 -04:00
user . moderator = true if invite . moderator? && invite . invited_by . staff?
2013-08-28 03:18:31 -04:00
2017-11-23 11:39:24 -05:00
if password
user . password = password
user . password_required!
end
2021-03-02 02:13:04 -05:00
authenticator = UserAuthenticator . new ( user , session , require_password : false )
if ! authenticator . has_authenticator? && ! SiteSetting . enable_local_logins
raise ActiveRecord :: RecordNotSaved . new ( I18n . t ( " login.incorrect_username_email_or_password " ) )
end
authenticator . start
if authenticator . email_valid? && ! authenticator . authenticated?
raise ActiveRecord :: RecordNotSaved . new ( I18n . t ( " login.incorrect_username_email_or_password " ) )
end
2017-11-23 11:39:24 -05:00
user . save!
2021-03-02 02:13:04 -05:00
authenticator . finish
2018-12-10 17:24:02 -05:00
2022-11-13 21:02:06 -05:00
if invite . emailed_status != Invite . emailed_status_types [ :not_required ] &&
email == invite . email &&
invite . email_token . present? &&
email_token == invite . email_token
2018-12-10 17:24:02 -05:00
user . activate
end
2017-11-23 11:39:24 -05:00
User . find ( user . id )
2013-08-28 03:18:31 -04:00
end
2013-05-30 11:33:11 -04:00
private
2022-06-20 23:56:50 -04:00
def can_redeem_invite?
2022-11-01 12:33:32 -04:00
return false if ! invite . redeemable?
2022-11-13 21:02:06 -05:00
return false if email . blank?
2022-08-04 22:20:48 -04:00
2022-11-13 21:02:06 -05:00
# Invite scoped to email has already been redeemed by anyone.
if invite . is_email_invite? && InvitedUser . exists? ( invite_id : invite . id )
2022-06-20 23:56:50 -04:00
return false
end
2022-11-13 21:02:06 -05:00
# The email will be present for either an invite link (where the user provides
# us the email manually) or for an invite scoped to an email, where we
# prefill the email and do not let the user modify it.
#
# Note that an invite link can also have a domain scope which must be checked.
email_to_check = redeeming_user & . email || email
2022-06-20 23:56:50 -04:00
2022-11-13 21:02:06 -05:00
if invite . email . present? && ! invite . email_matches? ( email_to_check )
raise ActiveRecord :: RecordNotSaved . new ( I18n . t ( 'invite.not_matching_email' ) )
end
2022-06-20 23:56:50 -04:00
2022-11-13 21:02:06 -05:00
if invite . domain . present? && ! invite . domain_matches? ( email_to_check )
raise ActiveRecord :: RecordNotSaved . new ( I18n . t ( 'invite.domain_not_allowed' ) )
2022-11-01 12:33:32 -04:00
end
# Anon user is trying to redeem an invitation, if an existing user already
# redeemed it then we cannot redeem now.
redeeming_user || = User . where ( admin : false , staged : false ) . find_by_email ( email )
if redeeming_user . present? && InvitedUser . exists? ( user_id : redeeming_user . id , invite_id : invite . id )
2022-06-20 23:56:50 -04:00
return false
end
true
end
2022-11-13 21:02:06 -05:00
# Note that the invited_user is returned by #redeemed, so other places
# (e.g. the InvitesController) can perform further actions on it, this
# is why things like send_welcome_message are set without being saved
# on the model.
2022-11-01 12:33:32 -04:00
def invited_user
return @invited_user if defined? ( @invited_user )
# The redeeming user is an already logged in user or a user who is
# activating their account who is redeeming the invite,
# which is valid for existing users to be invited to topics or groups.
if redeeming_user . present?
@invited_user = redeeming_user
return @invited_user
2022-06-20 23:56:50 -04:00
end
2022-11-01 12:33:32 -04:00
# If there was no logged in user then we must attempt to create
# one based on the provided params.
invited_user || = InviteRedeemer . create_user_from_invite (
email : email ,
invite : invite ,
username : username ,
name : name ,
password : password ,
user_custom_fields : user_custom_fields ,
ip_address : ip_address ,
session : session ,
email_token : email_token
)
invited_user . send_welcome_message = false
@invited_user = invited_user
@invited_user
2013-05-30 11:33:11 -04:00
end
def process_invitation
add_to_private_topics_if_invited
2014-05-08 02:45:49 -04:00
add_user_to_groups
2013-05-30 11:33:11 -04:00
send_welcome_message
notify_invitee
end
def mark_invite_redeemed
2020-06-09 11:19:32 -04:00
@invited_user_record = InvitedUser . create! ( invite_id : invite . id , redeemed_at : Time . zone . now )
2022-06-20 23:56:50 -04:00
2021-01-20 03:50:02 -05:00
if @invited_user_record . present?
2020-06-09 11:19:32 -04:00
Invite . increment_counter ( :redemption_count , invite . id )
2019-05-13 03:42:13 -04:00
delete_duplicate_invites
end
2020-06-09 11:19:32 -04:00
@invited_user_record . present?
2013-05-30 11:33:11 -04:00
end
def add_to_private_topics_if_invited
2022-11-13 21:02:06 -05:00
# Should not happen because of ensure_email_is_present!, but better to cover bases.
return if email . blank?
topic_ids = TopicInvite . joins ( :invite )
. joins ( :topic )
. where ( " topics.archetype = ? " , Archetype :: private_message )
. where ( " invites.email = ? " , email )
. pluck ( :topic_id )
2019-03-29 12:03:33 -04:00
topic_ids . each do | id |
2022-11-13 21:02:06 -05:00
if ! TopicAllowedUser . exists? ( user_id : invited_user . id , topic_id : id )
TopicAllowedUser . create! ( user_id : invited_user . id , topic_id : id )
end
2013-05-30 11:33:11 -04:00
end
end
2014-05-08 02:45:49 -04:00
def add_user_to_groups
2020-06-15 05:13:56 -04:00
guardian = Guardian . new ( invite . invited_by )
2015-02-25 22:05:44 -05:00
new_group_ids = invite . groups . pluck ( :id ) - invited_user . group_users . pluck ( :group_id )
new_group_ids . each do | id |
2020-06-15 05:13:56 -04:00
group = Group . find_by ( id : id )
if guardian . can_edit_group? ( group )
invited_user . group_users . create! ( group_id : group . id )
2022-11-02 18:58:12 -04:00
GroupActionLogger . new ( invite . invited_by , group ) . log_add_user_to_group ( invited_user )
2020-06-15 05:13:56 -04:00
DiscourseEvent . trigger ( :user_added_to_group , invited_user , group , automatic : false )
end
2014-05-08 02:45:49 -04:00
end
end
2013-05-30 11:33:11 -04:00
def send_welcome_message
2020-06-09 11:19:32 -04:00
@invited_user_record . update! ( user_id : invited_user . id )
invited_user . send_welcome_message = true
2013-05-30 11:33:11 -04:00
end
def notify_invitee
2022-11-13 21:02:06 -05:00
return if invite . invited_by . blank?
invite . invited_by . notifications . create! (
notification_type : Notification . types [ :invitee_accepted ] ,
data : { display_username : invited_user . username } . to_json
)
2013-05-30 11:33:11 -04:00
end
2015-03-25 12:55:18 -04:00
def delete_duplicate_invites
2022-11-13 21:02:06 -05:00
# Should not happen because of ensure_email_is_present!, but better to cover bases.
return if email . blank?
2021-03-03 04:45:29 -05:00
Invite
. where ( 'invites.max_redemptions_allowed = 1' )
2020-06-09 11:19:32 -04:00
. joins ( " LEFT JOIN invited_users ON invites.id = invited_users.invite_id " )
. where ( 'invited_users.user_id IS NULL' )
. where ( 'invites.email = ? AND invites.id != ?' , email , invite . id )
. delete_all
2015-03-25 12:55:18 -04:00
end
2013-07-10 21:21:39 -04:00
end