2019-05-02 18:17:27 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2021-03-29 07:03:19 -04:00
|
|
|
require 'csv'
|
|
|
|
|
2013-02-05 14:16:51 -05:00
|
|
|
class InvitesController < ApplicationController
|
|
|
|
|
2021-04-06 11:01:07 -04:00
|
|
|
requires_login only: [:create, :retrieve, :destroy, :destroy_all_expired, :resend_invite, :resend_all_invites, :upload_csv]
|
2018-01-31 20:26:45 -05:00
|
|
|
|
2017-08-31 00:06:56 -04:00
|
|
|
skip_before_action :check_xhr, except: [:perform_accept_invitation]
|
|
|
|
skip_before_action :preload_json, except: [:show]
|
|
|
|
skip_before_action :redirect_to_login_if_required
|
2013-06-05 14:12:37 -04:00
|
|
|
|
2021-03-02 02:13:04 -05:00
|
|
|
before_action :ensure_invites_allowed, only: [:show, :perform_accept_invitation]
|
2017-08-31 00:06:56 -04:00
|
|
|
before_action :ensure_new_registrations_allowed, only: [:show, :perform_accept_invitation]
|
2021-07-07 12:42:42 -04:00
|
|
|
before_action :ensure_not_logged_in, only: :perform_accept_invitation
|
2013-02-05 14:16:51 -05:00
|
|
|
|
|
|
|
def show
|
2017-01-24 15:15:29 -05:00
|
|
|
expires_now
|
2017-02-13 16:19:41 -05:00
|
|
|
|
2021-04-14 12:22:16 -04:00
|
|
|
RateLimiter.new(nil, "invites-show-#{request.remote_ip}", 100, 1.minute).performed!
|
|
|
|
|
2017-02-13 16:19:41 -05:00
|
|
|
invite = Invite.find_by(invite_key: params[:id])
|
2022-06-20 23:56:50 -04:00
|
|
|
|
2021-03-18 20:20:10 -04:00
|
|
|
if invite.present? && invite.redeemable?
|
2021-07-07 12:42:42 -04:00
|
|
|
if current_user
|
2022-06-20 23:56:50 -04:00
|
|
|
redeemed = false
|
|
|
|
|
|
|
|
begin
|
|
|
|
invite.redeem(email: current_user.email)
|
|
|
|
redeemed = true
|
|
|
|
rescue ActiveRecord::RecordNotSaved, Invite::UserExists
|
|
|
|
# This is not ideal but `Invite#redeem` raises either `Invite::UserExists` or `ActiveRecord::RecordNotSaved`
|
|
|
|
# error when it fails to redeem the invite. If redemption fails for a logged in user, we will just ignore it.
|
2021-07-07 12:42:42 -04:00
|
|
|
end
|
|
|
|
|
2022-06-20 23:56:50 -04:00
|
|
|
if redeemed && (topic = invite.topics.first) && current_user.guardian.can_see?(topic)
|
|
|
|
create_topic_invite_notifications(invite, current_user)
|
|
|
|
return redirect_to(topic.url)
|
2021-07-07 12:42:42 -04:00
|
|
|
end
|
|
|
|
|
2022-02-09 10:22:30 -05:00
|
|
|
return redirect_to(path("/"))
|
2021-07-07 12:42:42 -04:00
|
|
|
end
|
|
|
|
|
2021-03-18 13:09:23 -04:00
|
|
|
email = Email.obfuscate(invite.email)
|
|
|
|
|
|
|
|
# Show email if the user already authenticated their email
|
2021-07-21 03:03:04 -04:00
|
|
|
different_external_email = false
|
2022-06-20 23:56:50 -04:00
|
|
|
|
2021-03-18 13:09:23 -04:00
|
|
|
if session[:authentication]
|
|
|
|
auth_result = Auth::Result.from_session_data(session[:authentication], user: nil)
|
|
|
|
if invite.email == auth_result.email
|
|
|
|
email = invite.email
|
2021-07-21 03:03:04 -04:00
|
|
|
else
|
|
|
|
different_external_email = true
|
2021-03-18 13:09:23 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2021-05-26 04:47:44 -04:00
|
|
|
email_verified_by_link = invite.email_token.present? && params[:t] == invite.email_token
|
2022-06-20 23:56:50 -04:00
|
|
|
|
2021-05-26 04:47:44 -04:00
|
|
|
if email_verified_by_link
|
|
|
|
email = invite.email
|
|
|
|
end
|
|
|
|
|
2021-03-19 11:15:46 -04:00
|
|
|
hidden_email = email != invite.email
|
|
|
|
|
2021-11-30 07:59:37 -05:00
|
|
|
if hidden_email || invite.email.nil?
|
|
|
|
username = ""
|
|
|
|
else
|
|
|
|
username = UserNameSuggester.suggest(invite.email)
|
|
|
|
end
|
|
|
|
|
2021-03-29 07:03:19 -04:00
|
|
|
info = {
|
2020-09-30 11:02:33 -04:00
|
|
|
invited_by: UserNameSerializer.new(invite.invited_by, scope: guardian, root: false),
|
2021-03-18 13:09:23 -04:00
|
|
|
email: email,
|
2021-03-19 11:15:46 -04:00
|
|
|
hidden_email: hidden_email,
|
2021-11-30 07:59:37 -05:00
|
|
|
username: username,
|
2021-05-26 04:47:44 -04:00
|
|
|
is_invite_link: invite.is_invite_link?,
|
|
|
|
email_verified_by_link: email_verified_by_link
|
2021-03-29 07:03:19 -04:00
|
|
|
}
|
|
|
|
|
2021-07-21 03:03:04 -04:00
|
|
|
if different_external_email
|
|
|
|
info[:different_external_email] = true
|
|
|
|
end
|
|
|
|
|
2021-03-29 07:03:19 -04:00
|
|
|
if staged_user = User.where(staged: true).with_email(invite.email).first
|
2021-07-11 17:57:38 -04:00
|
|
|
info[:username] = staged_user.username
|
2021-03-29 07:03:19 -04:00
|
|
|
info[:user_fields] = staged_user.user_fields
|
|
|
|
end
|
|
|
|
|
|
|
|
store_preloaded("invite_info", MultiJson.dump(info))
|
2020-09-30 11:02:33 -04:00
|
|
|
|
2021-03-18 20:20:10 -04:00
|
|
|
secure_session["invite-key"] = invite.invite_key
|
|
|
|
|
2020-09-30 11:02:33 -04:00
|
|
|
render layout: 'application'
|
|
|
|
else
|
2021-03-18 20:20:10 -04:00
|
|
|
flash.now[:error] = if invite.blank?
|
2020-09-30 11:02:33 -04:00
|
|
|
I18n.t('invite.not_found', base_url: Discourse.base_url)
|
2021-03-18 20:20:10 -04:00
|
|
|
elsif invite.redeemed?
|
2021-04-02 04:11:07 -04:00
|
|
|
if invite.is_invite_link?
|
|
|
|
I18n.t('invite.not_found_template_link', site_name: SiteSetting.title, base_url: Discourse.base_url)
|
|
|
|
else
|
|
|
|
I18n.t('invite.not_found_template', site_name: SiteSetting.title, base_url: Discourse.base_url)
|
|
|
|
end
|
2021-03-18 20:20:10 -04:00
|
|
|
elsif invite.expired?
|
|
|
|
I18n.t('invite.expired', base_url: Discourse.base_url)
|
2019-01-02 21:16:05 -05:00
|
|
|
end
|
2021-03-03 04:45:29 -05:00
|
|
|
|
2017-02-13 16:19:41 -05:00
|
|
|
render layout: 'no_ember'
|
|
|
|
end
|
2021-04-14 12:22:16 -04:00
|
|
|
rescue RateLimiter::LimitExceeded => e
|
|
|
|
flash.now[:error] = e.description
|
|
|
|
render layout: 'no_ember'
|
2017-01-24 15:15:29 -05:00
|
|
|
end
|
|
|
|
|
2021-03-03 04:45:29 -05:00
|
|
|
def create
|
|
|
|
if params[:topic_id].present?
|
|
|
|
topic = Topic.find_by(id: params[:topic_id])
|
|
|
|
raise Discourse::InvalidParameters.new(:topic_id) if topic.blank?
|
|
|
|
guardian.ensure_can_invite_to!(topic)
|
|
|
|
end
|
2013-11-06 12:56:26 -05:00
|
|
|
|
2021-03-03 04:45:29 -05:00
|
|
|
if params[:group_ids].present? || params[:group_names].present?
|
|
|
|
groups = Group.lookup_groups(group_ids: params[:group_ids], group_names: params[:group_names])
|
|
|
|
end
|
2013-11-06 12:56:26 -05:00
|
|
|
|
2017-07-21 02:12:24 -04:00
|
|
|
guardian.ensure_can_invite_to_forum!(groups)
|
2014-07-29 13:57:08 -04:00
|
|
|
|
2022-02-16 11:35:02 -05:00
|
|
|
if !groups_can_see_topic?(groups, topic)
|
|
|
|
editable_topic_groups = topic.category.groups.filter { |g| guardian.can_edit_group?(g) }
|
|
|
|
return render_json_error(I18n.t("invite.requires_groups", groups: editable_topic_groups.pluck(:name).join(", ")))
|
|
|
|
end
|
|
|
|
|
2022-05-10 11:45:43 -04:00
|
|
|
invite = Invite.generate(current_user,
|
|
|
|
email: params[:email],
|
|
|
|
domain: params[:domain],
|
|
|
|
skip_email: params[:skip_email],
|
|
|
|
invited_by: current_user,
|
|
|
|
custom_message: params[:custom_message],
|
|
|
|
max_redemptions_allowed: params[:max_redemptions_allowed],
|
|
|
|
topic_id: topic&.id,
|
|
|
|
group_ids: groups&.map(&:id),
|
|
|
|
expires_at: params[:expires_at],
|
2022-09-12 13:16:53 -04:00
|
|
|
invite_to_topic: params[:invite_to_topic]
|
2022-05-10 11:45:43 -04:00
|
|
|
)
|
|
|
|
|
|
|
|
if invite.present?
|
|
|
|
render_serialized(invite, InviteSerializer, scope: guardian, root: nil, show_emails: params.has_key?(:email), show_warnings: true)
|
|
|
|
else
|
|
|
|
render json: failed_json, status: 422
|
2013-11-06 12:56:26 -05:00
|
|
|
end
|
2022-05-10 11:45:43 -04:00
|
|
|
rescue Invite::UserExists => e
|
|
|
|
return render json: {}, status: 200 if SiteSetting.hide_email_address_taken?
|
|
|
|
render_json_error(e.message)
|
|
|
|
rescue ActiveRecord::RecordInvalid => e
|
|
|
|
render_json_error(e.record.errors.full_messages.first)
|
2013-11-06 12:56:26 -05:00
|
|
|
end
|
|
|
|
|
2021-04-06 11:01:07 -04:00
|
|
|
def retrieve
|
|
|
|
params.require(:email)
|
|
|
|
|
|
|
|
invite = Invite.find_by(invited_by: current_user, email: params[:email])
|
|
|
|
raise Discourse::InvalidParameters.new(:email) if invite.blank?
|
|
|
|
|
|
|
|
guardian.ensure_can_invite_to_forum!(nil)
|
|
|
|
|
2021-07-06 05:49:26 -04:00
|
|
|
render_serialized(invite, InviteSerializer, scope: guardian, root: nil, show_emails: params.has_key?(:email), show_warnings: true)
|
2021-04-06 11:01:07 -04:00
|
|
|
end
|
|
|
|
|
2021-03-03 04:45:29 -05:00
|
|
|
def update
|
|
|
|
invite = Invite.find_by(invited_by: current_user, id: params[:id])
|
|
|
|
raise Discourse::InvalidParameters.new(:id) if invite.blank?
|
2020-06-09 11:19:32 -04:00
|
|
|
|
2021-03-03 04:45:29 -05:00
|
|
|
if params[:topic_id].present?
|
|
|
|
topic = Topic.find_by(id: params[:topic_id])
|
|
|
|
raise Discourse::InvalidParameters.new(:topic_id) if topic.blank?
|
|
|
|
guardian.ensure_can_invite_to!(topic)
|
2020-06-09 11:19:32 -04:00
|
|
|
end
|
2017-07-21 02:12:24 -04:00
|
|
|
|
2021-03-03 04:45:29 -05:00
|
|
|
if params[:group_ids].present? || params[:group_names].present?
|
|
|
|
groups = Group.lookup_groups(group_ids: params[:group_ids], group_names: params[:group_names])
|
2020-07-13 08:39:36 -04:00
|
|
|
end
|
2015-08-25 21:41:52 -04:00
|
|
|
|
2021-03-03 04:45:29 -05:00
|
|
|
guardian.ensure_can_invite_to_forum!(groups)
|
|
|
|
|
|
|
|
Invite.transaction do
|
|
|
|
if params.has_key?(:topic_id)
|
|
|
|
invite.topic_invites.destroy_all
|
|
|
|
invite.topic_invites.create!(topic_id: topic.id) if topic.present?
|
2020-06-09 11:19:32 -04:00
|
|
|
end
|
2020-06-09 21:29:28 -04:00
|
|
|
|
2021-03-03 04:45:29 -05:00
|
|
|
if params.has_key?(:group_ids) || params.has_key?(:group_names)
|
|
|
|
invite.invited_groups.destroy_all
|
|
|
|
groups.each { |group| invite.invited_groups.find_or_create_by!(group_id: group.id) } if groups.present?
|
|
|
|
end
|
2020-06-09 21:29:28 -04:00
|
|
|
|
2022-02-16 11:35:02 -05:00
|
|
|
if !groups_can_see_topic?(invite.groups, invite.topics.first)
|
|
|
|
editable_topic_groups = invite.topics.first.category.groups.filter { |g| guardian.can_edit_group?(g) }
|
|
|
|
return render_json_error(I18n.t("invite.requires_groups", groups: editable_topic_groups.pluck(:name).join(", ")))
|
|
|
|
end
|
|
|
|
|
2021-03-03 04:45:29 -05:00
|
|
|
if params.has_key?(:email)
|
|
|
|
old_email = invite.email.presence
|
|
|
|
new_email = params[:email].presence
|
|
|
|
|
2021-05-12 06:06:39 -04:00
|
|
|
if new_email
|
|
|
|
if Invite.where.not(id: invite.id).find_by(email: new_email.downcase, invited_by_id: current_user.id)&.redeemable?
|
2022-01-18 07:38:31 -05:00
|
|
|
return render_json_error(
|
|
|
|
I18n.t("invite.invite_exists", email: CGI.escapeHTML(new_email)),
|
|
|
|
status: 409
|
|
|
|
)
|
2021-05-12 06:06:39 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2021-03-03 04:45:29 -05:00
|
|
|
if old_email != new_email
|
2021-03-06 06:29:35 -05:00
|
|
|
invite.emailed_status = if new_email && !params[:skip_email]
|
|
|
|
Invite.emailed_status_types[:pending]
|
|
|
|
else
|
|
|
|
Invite.emailed_status_types[:not_required]
|
|
|
|
end
|
|
|
|
end
|
2021-12-08 10:06:57 -05:00
|
|
|
|
|
|
|
invite.domain = nil if invite.email.present?
|
|
|
|
end
|
|
|
|
|
|
|
|
if params.has_key?(:domain)
|
|
|
|
invite.domain = params[:domain]
|
|
|
|
|
|
|
|
if invite.domain.present?
|
|
|
|
invite.email = nil
|
|
|
|
invite.emailed_status = Invite.emailed_status_types[:not_required]
|
|
|
|
end
|
2021-03-06 06:29:35 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
if params[:send_email]
|
|
|
|
if invite.emailed_status != Invite.emailed_status_types[:pending]
|
|
|
|
begin
|
|
|
|
RateLimiter.new(current_user, "resend-invite-per-hour", 10, 1.hour).performed!
|
|
|
|
rescue RateLimiter::LimitExceeded
|
|
|
|
return render_json_error(I18n.t("rate_limiter.slow_down"))
|
|
|
|
end
|
2020-06-09 21:29:28 -04:00
|
|
|
end
|
2021-03-03 04:45:29 -05:00
|
|
|
|
2021-03-06 06:29:35 -05:00
|
|
|
invite.emailed_status = Invite.emailed_status_types[:pending]
|
2020-06-09 21:29:28 -04:00
|
|
|
end
|
2015-08-25 21:41:52 -04:00
|
|
|
|
2021-03-06 06:29:35 -05:00
|
|
|
begin
|
|
|
|
invite.update!(params.permit(:email, :custom_message, :max_redemptions_allowed, :expires_at))
|
|
|
|
rescue ActiveRecord::RecordInvalid => e
|
2022-05-10 11:45:43 -04:00
|
|
|
return render json: {}, status: 200 if SiteSetting.hide_email_address_taken? && e.record.email_already_exists?
|
2021-04-15 07:46:32 -04:00
|
|
|
return render_json_error(e.record.errors.full_messages.first)
|
2021-03-06 06:29:35 -05:00
|
|
|
end
|
2020-07-13 08:39:36 -04:00
|
|
|
end
|
2021-03-03 04:45:29 -05:00
|
|
|
|
|
|
|
if invite.emailed_status == Invite.emailed_status_types[:pending]
|
|
|
|
invite.update_column(:emailed_status, Invite.emailed_status_types[:sending])
|
2021-05-06 03:16:42 -04:00
|
|
|
Jobs.enqueue(:invite_email, invite_id: invite.id, invite_to_topic: params[:invite_to_topic])
|
2015-09-16 07:57:32 -04:00
|
|
|
end
|
2021-03-03 04:45:29 -05:00
|
|
|
|
2021-07-06 05:49:26 -04:00
|
|
|
render_serialized(invite, InviteSerializer, scope: guardian, root: nil, show_emails: params.has_key?(:email), show_warnings: true)
|
2015-08-25 21:41:52 -04:00
|
|
|
end
|
|
|
|
|
2013-02-05 14:16:51 -05:00
|
|
|
def destroy
|
2020-06-09 11:19:32 -04:00
|
|
|
params.require(:id)
|
2013-02-05 14:16:51 -05:00
|
|
|
|
2020-06-09 11:19:32 -04:00
|
|
|
invite = Invite.find_by(invited_by_id: current_user.id, id: params[:id])
|
|
|
|
raise Discourse::InvalidParameters.new(:id) if invite.blank?
|
2021-03-03 04:45:29 -05:00
|
|
|
|
2013-07-09 15:20:18 -04:00
|
|
|
invite.trash!(current_user)
|
2013-02-05 14:16:51 -05:00
|
|
|
|
2020-06-09 21:25:58 -04:00
|
|
|
render json: success_json
|
2013-02-05 14:16:51 -05:00
|
|
|
end
|
|
|
|
|
2021-03-18 20:20:10 -04:00
|
|
|
# For DiscourseConnect SSO, all invite acceptance is done
|
|
|
|
# via the SessionController#sso_login route
|
2021-03-03 04:45:29 -05:00
|
|
|
def perform_accept_invitation
|
|
|
|
params.require(:id)
|
2021-04-14 05:15:56 -04:00
|
|
|
params.permit(:email, :username, :name, :password, :timezone, :email_token, user_custom_fields: {})
|
2021-03-03 04:45:29 -05:00
|
|
|
|
|
|
|
invite = Invite.find_by(invite_key: params[:id])
|
|
|
|
|
|
|
|
if invite.present?
|
|
|
|
begin
|
2021-03-03 03:12:30 -05:00
|
|
|
attrs = {
|
2021-03-03 04:45:29 -05:00
|
|
|
username: params[:username],
|
|
|
|
name: params[:name],
|
|
|
|
password: params[:password],
|
|
|
|
user_custom_fields: params[:user_custom_fields],
|
2021-03-02 02:13:04 -05:00
|
|
|
ip_address: request.remote_ip,
|
|
|
|
session: session
|
2021-03-03 03:12:30 -05:00
|
|
|
}
|
|
|
|
|
2021-04-14 05:15:56 -04:00
|
|
|
if invite.is_invite_link?
|
|
|
|
params.require(:email)
|
|
|
|
attrs[:email] = params[:email]
|
|
|
|
else
|
|
|
|
attrs[:email] = invite.email
|
|
|
|
attrs[:email_token] = params[:email_token] if params[:email_token].present?
|
|
|
|
end
|
2021-03-03 03:12:30 -05:00
|
|
|
|
2021-03-18 20:20:10 -04:00
|
|
|
user = invite.redeem(**attrs)
|
2021-04-15 08:23:49 -04:00
|
|
|
rescue ActiveRecord::RecordInvalid, ActiveRecord::RecordNotSaved, Invite::UserExists => e
|
2021-03-03 04:45:29 -05:00
|
|
|
return render json: failed_json.merge(message: e.message), status: 412
|
|
|
|
end
|
|
|
|
|
|
|
|
if user.blank?
|
|
|
|
return render json: failed_json.merge(message: I18n.t('invite.not_found_json')), status: 404
|
|
|
|
end
|
|
|
|
|
2022-01-12 15:24:54 -05:00
|
|
|
log_on_user(user) if user.active? && user.guardian.can_access_forum?
|
2021-03-03 04:45:29 -05:00
|
|
|
user.update_timezone_if_missing(params[:timezone])
|
|
|
|
post_process_invite(user)
|
2021-08-26 03:43:56 -04:00
|
|
|
create_topic_invite_notifications(invite, user)
|
2021-03-03 04:45:29 -05:00
|
|
|
|
|
|
|
topic = invite.topics.first
|
|
|
|
response = {}
|
|
|
|
|
2021-06-30 05:00:47 -04:00
|
|
|
if user.present?
|
2022-01-12 15:24:54 -05:00
|
|
|
if user.active? && user.guardian.can_access_forum?
|
2021-06-30 05:00:47 -04:00
|
|
|
if user.guardian.can_see?(topic)
|
|
|
|
response[:redirect_to] = path(topic.relative_url)
|
|
|
|
else
|
|
|
|
response[:redirect_to] = path("/")
|
|
|
|
end
|
|
|
|
else
|
2022-01-12 15:24:54 -05:00
|
|
|
response[:message] = if user.active?
|
|
|
|
I18n.t('activation.approval_required')
|
|
|
|
else
|
|
|
|
I18n.t('invite.confirm_email')
|
|
|
|
end
|
|
|
|
|
2021-06-30 05:00:47 -04:00
|
|
|
if user.guardian.can_see?(topic)
|
|
|
|
cookies[:destination_url] = path(topic.relative_url)
|
|
|
|
end
|
|
|
|
end
|
2021-03-03 04:45:29 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
render json: success_json.merge(response)
|
|
|
|
else
|
|
|
|
render json: failed_json.merge(message: I18n.t('invite.not_found_json')), status: 404
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def destroy_all_expired
|
|
|
|
guardian.ensure_can_destroy_all_invites!(current_user)
|
|
|
|
|
|
|
|
Invite
|
|
|
|
.where(invited_by: current_user)
|
|
|
|
.where('expires_at < ?', Time.zone.now)
|
|
|
|
.find_each { |invite| invite.trash!(current_user) }
|
2017-06-29 10:32:07 -04:00
|
|
|
|
2020-06-09 21:25:58 -04:00
|
|
|
render json: success_json
|
2017-06-29 10:32:07 -04:00
|
|
|
end
|
|
|
|
|
2014-10-06 14:48:56 -04:00
|
|
|
def resend_invite
|
|
|
|
params.require(:email)
|
2016-06-06 15:36:59 -04:00
|
|
|
RateLimiter.new(current_user, "resend-invite-per-hour", 10, 1.hour).performed!
|
2014-10-06 14:48:56 -04:00
|
|
|
|
|
|
|
invite = Invite.find_by(invited_by_id: current_user.id, email: params[:email])
|
|
|
|
raise Discourse::InvalidParameters.new(:email) if invite.blank?
|
|
|
|
invite.resend_invite
|
2020-06-09 21:25:58 -04:00
|
|
|
render json: success_json
|
2016-06-06 15:36:59 -04:00
|
|
|
rescue RateLimiter::LimitExceeded
|
|
|
|
render_json_error(I18n.t("rate_limiter.slow_down"))
|
2014-10-06 14:48:56 -04:00
|
|
|
end
|
|
|
|
|
2016-06-02 15:09:02 -04:00
|
|
|
def resend_all_invites
|
2016-06-07 01:27:08 -04:00
|
|
|
guardian.ensure_can_resend_all_invites!(current_user)
|
2016-06-02 15:09:02 -04:00
|
|
|
|
2022-02-03 14:07:40 -05:00
|
|
|
begin
|
|
|
|
RateLimiter.new(current_user, "bulk-reinvite-per-day", 1, 1.day, apply_limit_to_staff: true).performed!
|
|
|
|
rescue RateLimiter::LimitExceeded
|
|
|
|
return render_json_error(I18n.t("rate_limiter.slow_down"))
|
|
|
|
end
|
|
|
|
|
2021-06-17 03:45:53 -04:00
|
|
|
Invite.pending(current_user)
|
2021-03-03 04:45:29 -05:00
|
|
|
.where('invites.email IS NOT NULL')
|
|
|
|
.find_each { |invite| invite.resend_invite }
|
|
|
|
|
2020-06-09 21:25:58 -04:00
|
|
|
render json: success_json
|
2016-06-02 15:09:02 -04:00
|
|
|
end
|
|
|
|
|
2016-12-04 11:06:35 -05:00
|
|
|
def upload_csv
|
2014-05-27 16:14:37 -04:00
|
|
|
guardian.ensure_can_bulk_invite_to_forum!(current_user)
|
|
|
|
|
2019-06-04 10:49:46 -04:00
|
|
|
hijack do
|
|
|
|
begin
|
|
|
|
file = params[:file] || params[:files].first
|
2016-12-04 11:06:35 -05:00
|
|
|
|
2021-03-29 07:03:19 -04:00
|
|
|
csv_header = nil
|
2019-06-04 10:49:46 -04:00
|
|
|
invites = []
|
2021-03-29 07:03:19 -04:00
|
|
|
|
|
|
|
CSV.foreach(file.tempfile, encoding: "bom|utf-8") do |row|
|
|
|
|
# Try to extract a CSV header, if it exists
|
|
|
|
if csv_header.nil?
|
|
|
|
if row[0] == 'email'
|
|
|
|
csv_header = row
|
|
|
|
next
|
|
|
|
else
|
|
|
|
csv_header = ["email", "groups", "topic_id"]
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
if row[0].present?
|
|
|
|
invites.push(csv_header.zip(row).map.to_h.filter { |k, v| v.present? })
|
|
|
|
end
|
|
|
|
|
|
|
|
break if invites.count >= SiteSetting.max_bulk_invites
|
2019-06-04 10:49:46 -04:00
|
|
|
end
|
2019-06-12 05:05:21 -04:00
|
|
|
|
2019-06-04 10:49:46 -04:00
|
|
|
if invites.present?
|
|
|
|
Jobs.enqueue(:bulk_invite, invites: invites, current_user_id: current_user.id)
|
2021-03-29 07:03:19 -04:00
|
|
|
|
|
|
|
if invites.count >= SiteSetting.max_bulk_invites
|
|
|
|
render json: failed_json.merge(errors: [I18n.t("bulk_invite.max_rows", max_bulk_invites: SiteSetting.max_bulk_invites)]), status: 422
|
2019-06-12 05:05:21 -04:00
|
|
|
else
|
|
|
|
render json: success_json
|
|
|
|
end
|
2019-06-04 10:49:46 -04:00
|
|
|
else
|
|
|
|
render json: failed_json.merge(errors: [I18n.t("bulk_invite.error")]), status: 422
|
|
|
|
end
|
2016-12-04 11:06:35 -05:00
|
|
|
end
|
2014-05-27 16:14:37 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2021-03-03 04:45:29 -05:00
|
|
|
private
|
2014-07-14 11:56:26 -04:00
|
|
|
|
2021-03-02 02:13:04 -05:00
|
|
|
def ensure_invites_allowed
|
2021-03-18 20:20:10 -04:00
|
|
|
if (!SiteSetting.enable_local_logins && Discourse.enabled_auth_providers.count == 0 && !SiteSetting.enable_discourse_connect)
|
2021-03-02 02:13:04 -05:00
|
|
|
raise Discourse::NotFound
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2014-07-14 15:42:14 -04:00
|
|
|
def ensure_new_registrations_allowed
|
|
|
|
unless SiteSetting.allow_new_registrations
|
|
|
|
flash[:error] = I18n.t('login.new_registrations_disabled')
|
2015-01-15 15:56:53 -05:00
|
|
|
render layout: 'no_ember'
|
2014-07-14 15:42:14 -04:00
|
|
|
false
|
|
|
|
end
|
|
|
|
end
|
2016-02-23 08:33:12 -05:00
|
|
|
|
|
|
|
def ensure_not_logged_in
|
|
|
|
if current_user
|
2020-10-24 11:51:01 -04:00
|
|
|
flash[:error] = I18n.t("login.already_logged_in")
|
2016-02-23 08:33:12 -05:00
|
|
|
render layout: 'no_ember'
|
|
|
|
false
|
|
|
|
end
|
|
|
|
end
|
2017-04-15 05:18:05 -04:00
|
|
|
|
2022-02-16 11:35:02 -05:00
|
|
|
def groups_can_see_topic?(groups, topic)
|
|
|
|
if topic&.read_restricted_category?
|
|
|
|
topic_groups = topic.category.groups
|
|
|
|
return false if (groups & topic_groups).blank?
|
|
|
|
end
|
|
|
|
|
|
|
|
true
|
|
|
|
end
|
|
|
|
|
2017-04-15 05:18:05 -04:00
|
|
|
def post_process_invite(user)
|
|
|
|
user.enqueue_welcome_message('welcome_invite') if user.send_welcome_message
|
2018-12-10 17:24:02 -05:00
|
|
|
|
2019-05-10 08:49:12 -04:00
|
|
|
Group.refresh_automatic_groups!(:admins, :moderators, :staff) if user.staff?
|
|
|
|
|
2017-04-15 05:18:05 -04:00
|
|
|
if user.has_password?
|
2021-11-25 02:34:39 -05:00
|
|
|
if !user.active
|
|
|
|
email_token = user.email_tokens.create!(email: user.email, scope: EmailToken.scopes[:signup])
|
|
|
|
EmailToken.enqueue_signup_email(email_token)
|
|
|
|
end
|
2021-02-08 05:04:33 -05:00
|
|
|
elsif !SiteSetting.enable_discourse_connect && SiteSetting.enable_local_logins
|
2017-04-18 04:55:52 -04:00
|
|
|
Jobs.enqueue(:invite_password_instructions_email, username: user.username)
|
2017-04-15 05:18:05 -04:00
|
|
|
end
|
2018-06-07 01:28:18 -04:00
|
|
|
end
|
2017-04-15 05:18:05 -04:00
|
|
|
|
2021-08-26 03:43:56 -04:00
|
|
|
def create_topic_invite_notifications(invite, user)
|
|
|
|
invite.topics.each do |topic|
|
|
|
|
if user.guardian.can_see?(topic)
|
|
|
|
last_notification = user.notifications
|
|
|
|
.where(notification_type: Notification.types[:invited_to_topic])
|
|
|
|
.where(topic_id: topic.id)
|
|
|
|
.where(post_number: 1)
|
|
|
|
.where('created_at > ?', 1.hour.ago)
|
|
|
|
|
|
|
|
if !last_notification.exists?
|
|
|
|
topic.create_invite_notification!(
|
|
|
|
user,
|
|
|
|
Notification.types[:invited_to_topic],
|
2022-07-12 23:58:01 -04:00
|
|
|
invite.invited_by
|
2021-08-26 03:43:56 -04:00
|
|
|
)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2013-02-05 14:16:51 -05:00
|
|
|
end
|