discourse/app/controllers/invites_controller.rb

class InvitesController < ApplicationController

  # TODO tighten this, why skip check on everything?
  skip_before_filter :check_xhr, :preload_json
  skip_before_filter :redirect_to_login_if_required

  before_filter :ensure_logged_in, only: [:destroy, :create, :create_invite_link, :resend_invite, :check_csv_chunk, :upload_csv_chunk]
  before_filter :ensure_new_registrations_allowed, only: [:show, :redeem_disposable_invite]
  before_filter :ensure_not_logged_in, only: [:show, :redeem_disposable_invite]

  def show
    invite = Invite.find_by(invite_key: params[:id])

    if invite.present?
      user = invite.redeem
      if user.present?
        log_on_user(user)

        # Send a welcome message if required
        user.enqueue_welcome_message('welcome_invite') if user.send_welcome_message

        topic = invite.topics.first
        if topic.present?
          redirect_to path("#{topic.relative_url}")
          return
        end
      end
    end

    redirect_to path("/")
  end

  def create
    params.require(:email)

    group_ids = Group.lookup_group_ids(params)

    guardian.ensure_can_invite_to_forum!(group_ids)

    invite_exists = Invite.where(email: params[:email], invited_by_id: current_user.id).first
    if invite_exists
      guardian.ensure_can_send_multiple_invites!(current_user)
    end

    begin
      if Invite.invite_by_email(params[:email], current_user, _topic=nil,  group_ids)
        render json: success_json
      else
        render json: failed_json, status: 422
      end
    rescue => e
      render json: {errors: [e.message]}, status: 422
    end
  end

  def create_invite_link
    params.require(:email)
    group_ids = Group.lookup_group_ids(params)
    topic = Topic.find_by(id: params[:topic_id])
    guardian.ensure_can_invite_to_forum!(group_ids)

    invite_exists = Invite.where(email: params[:email], invited_by_id: current_user.id).first
    if invite_exists
      guardian.ensure_can_send_multiple_invites!(current_user)
    end

    begin
      # generate invite link
      if invite_link = Invite.generate_invite_link(params[:email], current_user, topic, group_ids)
        render_json_dump(invite_link)
      else
        render json: failed_json, status: 422
      end
    rescue => e
      render json: {errors: [e.message]}, status: 422
    end
  end

  def create_disposable_invite
    guardian.ensure_can_create_disposable_invite!(current_user)
    params.permit(:username, :email, :quantity, :group_names)

    username_or_email = params[:username] ? fetch_username : fetch_email
    user = User.find_by_username_or_email(username_or_email)

    # generate invite tokens
    invite_tokens = Invite.generate_disposable_tokens(user, params[:quantity], params[:group_names])

    render_json_dump(invite_tokens)
  end

  def redeem_disposable_invite
    params.require(:email)
    params.permit(:username, :name, :topic)
    params[:email] = params[:email].split(' ').join('+')

    invite = Invite.find_by(invite_key: params[:token])

    if invite.present?
      user = Invite.redeem_from_token(params[:token], params[:email], params[:username], params[:name], params[:topic].to_i)
      if user.present?
        log_on_user(user)

        # Send a welcome message if required
        user.enqueue_welcome_message('welcome_invite') if user.send_welcome_message

        topic = invite.topics.first
        if topic.present?
          redirect_to path("#{topic.relative_url}")
          return
        end
      end
    end

    redirect_to path("/")
  end

  def destroy
    params.require(:email)

    invite = Invite.find_by(invited_by_id: current_user.id, email: params[:email])
    raise Discourse::InvalidParameters.new(:email) if invite.blank?
    invite.trash!(current_user)

    render nothing: true
  end

  def resend_invite
    params.require(:email)

    invite = Invite.find_by(invited_by_id: current_user.id, email: params[:email])
    raise Discourse::InvalidParameters.new(:email) if invite.blank?
    invite.resend_invite

    render nothing: true
  end

  def check_csv_chunk
    guardian.ensure_can_bulk_invite_to_forum!(current_user)

    filename           = params.fetch(:resumableFilename)
    identifier         = params.fetch(:resumableIdentifier)
    chunk_number       = params.fetch(:resumableChunkNumber)
    current_chunk_size = params.fetch(:resumableCurrentChunkSize).to_i

    # path to chunk file
    chunk = Invite.chunk_path(identifier, filename, chunk_number)
    # check chunk upload status
    status = HandleChunkUpload.check_chunk(chunk, current_chunk_size: current_chunk_size)

    render nothing: true, status: status
  end

  def upload_csv_chunk
    guardian.ensure_can_bulk_invite_to_forum!(current_user)

    filename = params.fetch(:resumableFilename)
    return render status: 415, text: I18n.t("bulk_invite.file_should_be_csv") unless (filename.to_s.end_with?(".csv") || filename.to_s.end_with?(".txt"))

    file               = params.fetch(:file)
    identifier         = params.fetch(:resumableIdentifier)
    chunk_number       = params.fetch(:resumableChunkNumber).to_i
    chunk_size         = params.fetch(:resumableChunkSize).to_i
    total_size         = params.fetch(:resumableTotalSize).to_i
    current_chunk_size = params.fetch(:resumableCurrentChunkSize).to_i

    # path to chunk file
    chunk = Invite.chunk_path(identifier, filename, chunk_number)
    # upload chunk
    HandleChunkUpload.upload_chunk(chunk, file: file)

    uploaded_file_size = chunk_number * chunk_size
    # when all chunks are uploaded
    if uploaded_file_size + current_chunk_size >= total_size
      # handle bulk_invite processing in a background thread
      Jobs.enqueue(:bulk_invite, filename: filename, identifier: identifier, chunks: chunk_number, current_user_id: current_user.id)
    end

    render nothing: true
  end

  def fetch_username
    params.require(:username)
    params[:username]
  end

  def fetch_email
    params.require(:email)
    params[:email]
  end

  def ensure_new_registrations_allowed
    unless SiteSetting.allow_new_registrations
      flash[:error] = I18n.t('login.new_registrations_disabled')
      render layout: 'no_ember'
      false
    end
  end

  def ensure_not_logged_in
    if current_user
      flash[:error] = I18n.t("login.already_logged_in", current_user: current_user.username)
      render layout: 'no_ember'
      false
    end
  end
end
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`class InvitesController < ApplicationController`

PERF: avoid preloading json in cases where it is not needed (uploads / avatars / non GET requests) 2015-05-20 03:12:16 -04:00			`# TODO tighten this, why skip check on everything?`
			`skip_before_filter :check_xhr, :preload_json`
Don't require authentication for invites 2013-06-05 14:12:37 -04:00			`skip_before_filter :redirect_to_login_if_required`

FEATURE: generate invite token 2015-08-25 21:41:52 -04:00			`before_filter :ensure_logged_in, only: [:destroy, :create, :create_invite_link, :resend_invite, :check_csv_chunk, :upload_csv_chunk]`
FEATURE: add site setting allow_new_registrations which can be used to block all new account registrations 2014-07-14 15:42:14 -04:00			`before_filter :ensure_new_registrations_allowed, only: [:show, :redeem_disposable_invite]`
FIX: invite link should not auto-accept invitation if user is already logged in 2016-02-23 08:33:12 -05:00			`before_filter :ensure_not_logged_in, only: [:show, :redeem_disposable_invite]`
Initial release of Discourse 2013-02-05 14:16:51 -05:00
			`def show`
Perform the where(...).first to find_by(...) refactoring. This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb" 2014-05-06 09:41:59 -04:00			`invite = Invite.find_by(invite_key: params[:id])`
Initial release of Discourse 2013-02-05 14:16:51 -05:00
			`if invite.present?`
			`user = invite.redeem`
Fix all the trailing whitespace 2013-02-07 10:45:24 -05:00			`if user.present?`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`log_on_user(user)`

			`# Send a welcome message if required`
			`user.enqueue_welcome_message('welcome_invite') if user.send_welcome_message`

			`topic = invite.topics.first`
			`if topic.present?`
FEATURE: add clean support for running Discourse in a subfolder To setup set DISCOURSE_RELATIVE_URL_ROOT to the folder you wish 2015-03-08 20:45:36 -04:00			`redirect_to path("#{topic.relative_url}")`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`return`
			`end`
			`end`
			`end`

FEATURE: add clean support for running Discourse in a subfolder To setup set DISCOURSE_RELATIVE_URL_ROOT to the folder you wish 2015-03-08 20:45:36 -04:00			`redirect_to path("/")`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`

Support for inviting to a forum from a user's invite page. 2013-11-06 12:56:26 -05:00			`def create`
			`params.require(:email)`

FEATURE: admins can invite users to groups via the web UI 2014-05-09 04:22:15 -04:00			`group_ids = Group.lookup_group_ids(params)`
Support for inviting to a forum from a user's invite page. 2013-11-06 12:56:26 -05:00
FEATURE: admins can invite users to groups via the web UI 2014-05-09 04:22:15 -04:00			`guardian.ensure_can_invite_to_forum!(group_ids)`

FEATURE: allow staff to send multiple invites to same email 2014-07-29 13:57:08 -04:00			`invite_exists = Invite.where(email: params[:email], invited_by_id: current_user.id).first`
			`if invite_exists`
			`guardian.ensure_can_send_multiple_invites!(current_user)`
			`end`

FIX: show proper message on invite error 2015-12-14 11:02:23 -05:00			`begin`
			`if Invite.invite_by_email(params[:email], current_user, _topic=nil, group_ids)`
			`render json: success_json`
			`else`
			`render json: failed_json, status: 422`
			`end`
			`rescue => e`
			`render json: {errors: [e.message]}, status: 422`
Support for inviting to a forum from a user's invite page. 2013-11-06 12:56:26 -05:00			`end`
			`end`

FEATURE: generate invite token 2015-08-25 21:41:52 -04:00			`def create_invite_link`
			`params.require(:email)`
			`group_ids = Group.lookup_group_ids(params)`
FEATURE: copy invite link for topic invites 2015-08-31 10:06:13 -04:00			`topic = Topic.find_by(id: params[:topic_id])`
FEATURE: generate invite token 2015-08-25 21:41:52 -04:00			`guardian.ensure_can_invite_to_forum!(group_ids)`

			`invite_exists = Invite.where(email: params[:email], invited_by_id: current_user.id).first`
			`if invite_exists`
			`guardian.ensure_can_send_multiple_invites!(current_user)`
			`end`

FIX: show proper message on invite error 2015-12-14 11:02:23 -05:00			`begin`
			`# generate invite link`
			`if invite_link = Invite.generate_invite_link(params[:email], current_user, topic, group_ids)`
			`render_json_dump(invite_link)`
			`else`
			`render json: failed_json, status: 422`
			`end`
			`rescue => e`
			`render json: {errors: [e.message]}, status: 422`
FIX: return 422 if the invite is already redeemed 2015-09-16 07:57:32 -04:00			`end`
FEATURE: generate invite token 2015-08-25 21:41:52 -04:00			`end`

FEATURE: disposable invite tokens 2014-07-14 11:56:26 -04:00			`def create_disposable_invite`
			`guardian.ensure_can_create_disposable_invite!(current_user)`
			`params.permit(:username, :email, :quantity, :group_names)`

			`username_or_email = params[:username] ? fetch_username : fetch_email`
			`user = User.find_by_username_or_email(username_or_email)`

			`# generate invite tokens`
			`invite_tokens = Invite.generate_disposable_tokens(user, params[:quantity], params[:group_names])`

			`render_json_dump(invite_tokens)`
			`end`

			`def redeem_disposable_invite`
			`params.require(:email)`
FEATURE: topic support in disposable invites 2014-07-15 07:10:35 -04:00			`params.permit(:username, :name, :topic)`
convert space to plus for invite email parameter 2014-08-06 04:32:00 -04:00			`params[:email] = params[:email].split(' ').join('+')`
FEATURE: disposable invite tokens 2014-07-14 11:56:26 -04:00
			`invite = Invite.find_by(invite_key: params[:token])`

			`if invite.present?`
FEATURE: topic support in disposable invites 2014-07-15 07:10:35 -04:00			`user = Invite.redeem_from_token(params[:token], params[:email], params[:username], params[:name], params[:topic].to_i)`
FEATURE: disposable invite tokens 2014-07-14 11:56:26 -04:00			`if user.present?`
			`log_on_user(user)`

			`# Send a welcome message if required`
			`user.enqueue_welcome_message('welcome_invite') if user.send_welcome_message`
FEATURE: topic support in disposable invites 2014-07-15 07:10:35 -04:00
			`topic = invite.topics.first`
			`if topic.present?`
FEATURE: add clean support for running Discourse in a subfolder To setup set DISCOURSE_RELATIVE_URL_ROOT to the folder you wish 2015-03-08 20:45:36 -04:00			`redirect_to path("#{topic.relative_url}")`
FEATURE: topic support in disposable invites 2014-07-15 07:10:35 -04:00			`return`
			`end`
FEATURE: disposable invite tokens 2014-07-14 11:56:26 -04:00			`end`
			`end`

FEATURE: add clean support for running Discourse in a subfolder To setup set DISCOURSE_RELATIVE_URL_ROOT to the folder you wish 2015-03-08 20:45:36 -04:00			`redirect_to path("/")`
FEATURE: disposable invite tokens 2014-07-14 11:56:26 -04:00			`end`

Initial release of Discourse 2013-02-05 14:16:51 -05:00			`def destroy`
Implemented strong_parameters for Invite/InvitesController. The email parameter is now required using strong parameters and will throw ActionController::ParameterMissing if it is missing. If the email address is incorrect or invalid, Discourse::InvalidParameters will still be thrown. 2013-06-05 03:04:03 -04:00			`params.require(:email)`
Initial release of Discourse 2013-02-05 14:16:51 -05:00
Perform the where(...).first to find_by(...) refactoring. This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb" 2014-05-06 09:41:59 -04:00			`invite = Invite.find_by(invited_by_id: current_user.id, email: params[:email])`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`raise Discourse::InvalidParameters.new(:email) if invite.blank?`
Add `deleted_by` to `Trashable` tables 2013-07-09 15:20:18 -04:00			`invite.trash!(current_user)`
Initial release of Discourse 2013-02-05 14:16:51 -05:00
			`render nothing: true`
			`end`

Feature: resend invites 2014-10-06 14:48:56 -04:00			`def resend_invite`
			`params.require(:email)`

			`invite = Invite.find_by(invited_by_id: current_user.id, email: params[:email])`
			`raise Discourse::InvalidParameters.new(:email) if invite.blank?`
			`invite.resend_invite`

			`render nothing: true`
			`end`

FEATURE: Bulk Invite 2014-05-27 16:14:37 -04:00			`def check_csv_chunk`
			`guardian.ensure_can_bulk_invite_to_forum!(current_user)`

			`filename = params.fetch(:resumableFilename)`
			`identifier = params.fetch(:resumableIdentifier)`
			`chunk_number = params.fetch(:resumableChunkNumber)`
			`current_chunk_size = params.fetch(:resumableCurrentChunkSize).to_i`

			`# path to chunk file`
			`chunk = Invite.chunk_path(identifier, filename, chunk_number)`
			`# check chunk upload status`
			`status = HandleChunkUpload.check_chunk(chunk, current_chunk_size: current_chunk_size)`

			`render nothing: true, status: status`
			`end`

			`def upload_csv_chunk`
			`guardian.ensure_can_bulk_invite_to_forum!(current_user)`

			`filename = params.fetch(:resumableFilename)`
FEATURE: support txt file to be uploaded for bulk invite 2014-07-02 09:51:15 -04:00			`return render status: 415, text: I18n.t("bulk_invite.file_should_be_csv") unless (filename.to_s.end_with?(".csv") \|\| filename.to_s.end_with?(".txt"))`
FEATURE: Bulk Invite 2014-05-27 16:14:37 -04:00
			`file = params.fetch(:file)`
			`identifier = params.fetch(:resumableIdentifier)`
			`chunk_number = params.fetch(:resumableChunkNumber).to_i`
			`chunk_size = params.fetch(:resumableChunkSize).to_i`
			`total_size = params.fetch(:resumableTotalSize).to_i`
			`current_chunk_size = params.fetch(:resumableCurrentChunkSize).to_i`

			`# path to chunk file`
			`chunk = Invite.chunk_path(identifier, filename, chunk_number)`
			`# upload chunk`
			`HandleChunkUpload.upload_chunk(chunk, file: file)`

			`uploaded_file_size = chunk_number * chunk_size`
			`# when all chunks are uploaded`
			`if uploaded_file_size + current_chunk_size >= total_size`
			`# handle bulk_invite processing in a background thread`
			`Jobs.enqueue(:bulk_invite, filename: filename, identifier: identifier, chunks: chunk_number, current_user_id: current_user.id)`
			`end`

			`render nothing: true`
			`end`

FEATURE: disposable invite tokens 2014-07-14 11:56:26 -04:00			`def fetch_username`
			`params.require(:username)`
			`params[:username]`
			`end`

			`def fetch_email`
			`params.require(:email)`
			`params[:email]`
			`end`

FEATURE: add site setting allow_new_registrations which can be used to block all new account registrations 2014-07-14 15:42:14 -04:00			`def ensure_new_registrations_allowed`
			`unless SiteSetting.allow_new_registrations`
			`flash[:error] = I18n.t('login.new_registrations_disabled')`
Rename `no_js` layout to `no_ember` While sometimes `no_js` was used for visitors without js (for example disabling it on your browser) it was also used for some pages that were disabled to JS capable browsers, including the 404 page. Even worse, sometimes it was used on pages that had Javascript, such as our `/activate-account` route. It has been renamed to `no_ember` to indicate what it really is, a layout for the site that doesn't load our Ember.js application. 2015-01-15 15:56:53 -05:00			`render layout: 'no_ember'`
FEATURE: add site setting allow_new_registrations which can be used to block all new account registrations 2014-07-14 15:42:14 -04:00			`false`
			`end`
			`end`
FIX: invite link should not auto-accept invitation if user is already logged in 2016-02-23 08:33:12 -05:00
			`def ensure_not_logged_in`
			`if current_user`
			`flash[:error] = I18n.t("login.already_logged_in", current_user: current_user.username)`
			`render layout: 'no_ember'`
			`false`
			`end`
			`end`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`