discourse/app/controllers/invites_controller.rb

# frozen_string_literal: true

class InvitesController < ApplicationController

  requires_login only: [
    :destroy, :create, :create_invite_link, :rescind_all_invites,
    :resend_invite, :resend_all_invites, :upload_csv
  ]

  skip_before_action :check_xhr, except: [:perform_accept_invitation]
  skip_before_action :preload_json, except: [:show]
  skip_before_action :redirect_to_login_if_required

  before_action :ensure_new_registrations_allowed, only: [:show, :perform_accept_invitation]
  before_action :ensure_not_logged_in, only: [:show, :perform_accept_invitation]

  def show
    expires_now

    invite = Invite.find_by(invite_key: params[:id])

    if invite.present?
      if !invite.redeemed?
        store_preloaded("invite_info", MultiJson.dump(
          invited_by: UserNameSerializer.new(invite.invited_by, scope: guardian, root: false),
          email: invite.email,
          username: UserNameSuggester.suggest(invite.email))
        )

        render layout: 'application'
      else
        flash.now[:error] = I18n.t('invite.not_found_template', site_name: SiteSetting.title, base_url: Discourse.base_url)
        render layout: 'no_ember'
      end
    else
      flash.now[:error] = I18n.t('invite.not_found', base_url: Discourse.base_url)
      render layout: 'no_ember'
    end
  end

  def perform_accept_invitation
    params.require(:id)
    params.permit(:username, :name, :password, user_custom_fields: {})
    invite = Invite.find_by(invite_key: params[:id])

    if invite.present?
      begin
        user = invite.redeem(username: params[:username], name: params[:name], password: params[:password], user_custom_fields: params[:user_custom_fields], ip_address: request.remote_ip)
        if user.present?
          log_on_user(user) if user.active?
          post_process_invite(user)
        end

        response = { success: true }
        if user.present? && user.active?
          topic = invite.topics.first
          response[:redirect_to] = topic.present? ? path("#{topic.relative_url}") : path("/")
        else
          response[:message] = I18n.t('invite.confirm_email')
        end

        render json: response
      rescue ActiveRecord::RecordInvalid, ActiveRecord::RecordNotSaved => e
        render json: {
          success: false,
          errors: e.record&.errors&.to_hash || {},
          message: I18n.t('invite.error_message')
        }
      end
    else
      render json: { success: false, message: I18n.t('invite.not_found_json') }
    end
  end

  def create
    params.require(:email)

    groups = Group.lookup_groups(
      group_ids: params[:group_ids],
      group_names: params[:group_names]
    )

    guardian.ensure_can_invite_to_forum!(groups)
    group_ids = groups.map(&:id)

    invite_exists = Invite.where(email: params[:email], invited_by_id: current_user.id).first
    if invite_exists && !guardian.can_send_multiple_invites?(current_user)
      return render json: failed_json, status: 422
    end

    begin
      if Invite.invite_by_email(params[:email], current_user, nil, group_ids, params[:custom_message])
        render json: success_json
      else
        render json: failed_json, status: 422
      end
    rescue Invite::UserExists, ActiveRecord::RecordInvalid => e
      render json: { errors: [e.message] }, status: 422
    end
  end

  def create_invite_link
    params.require(:email)

    groups = Group.lookup_groups(
      group_ids: params[:group_ids],
      group_names: params[:group_names]
    )
    guardian.ensure_can_invite_to_forum!(groups)

    topic = Topic.find_by(id: params[:topic_id])
    guardian.ensure_can_invite_to!(topic) if topic.present?

    group_ids = groups.map(&:id)

    invite_exists = Invite.where(email: params[:email], invited_by_id: current_user.id).first
    if invite_exists && !guardian.can_send_multiple_invites?(current_user)
      return render json: failed_json, status: 422
    end

    begin
      # generate invite link
      if invite_link = Invite.generate_invite_link(params[:email], current_user, topic, group_ids)
        render_json_dump(invite_link)
      else
        render json: failed_json, status: 422
      end
    rescue => e
      render json: { errors: [e.message] }, status: 422
    end
  end

  def destroy
    params.require(:email)

    invite = Invite.find_by(invited_by_id: current_user.id, email: params[:email])
    raise Discourse::InvalidParameters.new(:email) if invite.blank?
    invite.trash!(current_user)

    render body: nil
  end

  def rescind_all_invites
    guardian.ensure_can_rescind_all_invites!(current_user)

    Invite.rescind_all_expired_invites_from(current_user)
    render body: nil
  end

  def resend_invite
    params.require(:email)
    RateLimiter.new(current_user, "resend-invite-per-hour", 10, 1.hour).performed!

    invite = Invite.find_by(invited_by_id: current_user.id, email: params[:email])
    raise Discourse::InvalidParameters.new(:email) if invite.blank?
    invite.resend_invite
    render body: nil

  rescue RateLimiter::LimitExceeded
    render_json_error(I18n.t("rate_limiter.slow_down"))
  end

  def resend_all_invites
    guardian.ensure_can_resend_all_invites!(current_user)

    Invite.resend_all_invites_from(current_user.id)
    render body: nil
  end

  def upload_csv
    guardian.ensure_can_bulk_invite_to_forum!(current_user)

    hijack do
      begin
        file = params[:file] || params[:files].first

        count = 0
        invites = []
        max_bulk_invites = SiteSetting.max_bulk_invites
        CSV.foreach(file.tempfile) do |row|
          count += 1
          invites.push(email: row[0], groups: row[1], topic_id: row[2]) if row[0].present?
          break if count >= max_bulk_invites
        end

        if invites.present?
          Jobs.enqueue(:bulk_invite, invites: invites, current_user_id: current_user.id)
          if count >= max_bulk_invites
            render json: failed_json.merge(errors: [I18n.t("bulk_invite.max_rows", max_bulk_invites: max_bulk_invites)]), status: 422
          else
            render json: success_json
          end
        else
          render json: failed_json.merge(errors: [I18n.t("bulk_invite.error")]), status: 422
        end
      rescue
        render json: failed_json.merge(errors: [I18n.t("bulk_invite.error")]), status: 422
      end
    end
  end

  def fetch_username
    params.require(:username)
    params[:username]
  end

  def fetch_email
    params.require(:email)
    params[:email]
  end

  def ensure_new_registrations_allowed
    unless SiteSetting.allow_new_registrations
      flash[:error] = I18n.t('login.new_registrations_disabled')
      render layout: 'no_ember'
      false
    end
  end

  def ensure_not_logged_in
    if current_user
      flash[:error] = I18n.t("login.already_logged_in", current_user: current_user.username)
      render layout: 'no_ember'
      false
    end
  end

  private

  def post_process_invite(user)
    user.enqueue_welcome_message('welcome_invite') if user.send_welcome_message

    Group.refresh_automatic_groups!(:admins, :moderators, :staff) if user.staff?

    if user.has_password?
      send_activation_email(user) unless user.active
    elsif !SiteSetting.enable_sso && SiteSetting.enable_local_logins
      Jobs.enqueue(:invite_password_instructions_email, username: user.username)
    end
  end

  def send_activation_email(user)
    email_token = user.email_tokens.create!(email: user.email)

    Jobs.enqueue(:critical_user_email,
                 type: :signup,
                 user_id: user.id,
                 email_token: email_token.token
    )
  end
end
DEV: enable frozen string literal on all files This reduces chances of errors where consumers of strings mutate inputs and reduces memory usage of the app. Test suite passes now, but there may be some stuff left, so we will run a few sites on a branch prior to merging 2019-05-02 18:17:27 -04:00			`# frozen_string_literal: true`

Initial release of Discourse 2013-02-05 14:16:51 -05:00			`class InvitesController < ApplicationController`

Refactor requires login logic, reduce duplicate code This also corrects the positioning in the chain of the check and removes misuse of prepend_before_action 2018-01-31 23:17:59 -05:00			`requires_login only: [`
FIX: don't return 200s when login is required to paths When running `ensure_login_required` it should always happen prior to `check_xhr` cause check xhr will trigger a 200 response 2018-01-31 20:26:45 -05:00			`:destroy, :create, :create_invite_link, :rescind_all_invites,`
			`:resend_invite, :resend_all_invites, :upload_csv`
			`]`

Fix all the errors to get our tests green on Rails 5.1. 2017-08-31 00:06:56 -04:00			`skip_before_action :check_xhr, except: [:perform_accept_invitation]`
			`skip_before_action :preload_json, except: [:show]`
			`skip_before_action :redirect_to_login_if_required`
Don't require authentication for invites 2013-06-05 14:12:37 -04:00
Fix all the errors to get our tests green on Rails 5.1. 2017-08-31 00:06:56 -04:00			`before_action :ensure_new_registrations_allowed, only: [:show, :perform_accept_invitation]`
			`before_action :ensure_not_logged_in, only: [:show, :perform_accept_invitation]`
Initial release of Discourse 2013-02-05 14:16:51 -05:00
			`def show`
FEATURE: add explicit confirmation button to accept the invite 2017-01-24 15:15:29 -05:00			`expires_now`
FEATURE: new invite acceptance page, where username can be chosen and password can be set 2017-02-13 16:19:41 -05:00
			`invite = Invite.find_by(invite_key: params[:id])`

FIX: show accurate error message based on invite token validity 2019-01-02 21:16:05 -05:00			`if invite.present?`
			`if !invite.redeemed?`
			`store_preloaded("invite_info", MultiJson.dump(`
			`invited_by: UserNameSerializer.new(invite.invited_by, scope: guardian, root: false),`
			`email: invite.email,`
			`username: UserNameSuggester.suggest(invite.email))`
			`)`

			`render layout: 'application'`
			`else`
			`flash.now[:error] = I18n.t('invite.not_found_template', site_name: SiteSetting.title, base_url: Discourse.base_url)`
			`render layout: 'no_ember'`
			`end`
FEATURE: new invite acceptance page, where username can be chosen and password can be set 2017-02-13 16:19:41 -05:00			`else`
UX: update invite 'not found' message 2019-07-19 07:09:44 -04:00			`flash.now[:error] = I18n.t('invite.not_found', base_url: Discourse.base_url)`
FEATURE: new invite acceptance page, where username can be chosen and password can be set 2017-02-13 16:19:41 -05:00			`render layout: 'no_ember'`
			`end`
FEATURE: add explicit confirmation button to accept the invite 2017-01-24 15:15:29 -05:00			`end`

			`def perform_accept_invitation`
FEATURE: require name when accepting invite if 'full name required' setting is enabled 2017-05-29 03:45:01 -04:00			`params.require(:id)`
FIX: user fields in invite signups were broken 2017-10-04 17:04:24 -04:00			`params.permit(:username, :name, :password, user_custom_fields: {})`
Perform the where(...).first to find_by(...) refactoring. This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb" 2014-05-06 09:41:59 -04:00			`invite = Invite.find_by(invite_key: params[:id])`
Initial release of Discourse 2013-02-05 14:16:51 -05:00
			`if invite.present?`
FEATURE: new invite acceptance page, where username can be chosen and password can be set 2017-02-13 16:19:41 -05:00			`begin`
FIX: save registration IP address for invited users 2019-04-13 03:34:25 -04:00			`user = invite.redeem(username: params[:username], name: params[:name], password: params[:password], user_custom_fields: params[:user_custom_fields], ip_address: request.remote_ip)`
FEATURE: new invite acceptance page, where username can be chosen and password can be set 2017-02-13 16:19:41 -05:00			`if user.present?`
FIX: better accept invite flow when user is invited via a link 2019-01-07 03:52:08 -05:00			`log_on_user(user) if user.active?`
FIX: send activation email when accepting invite if password is set 2017-04-15 05:18:05 -04:00			`post_process_invite(user)`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`

FIX: better accept invite flow when user is invited via a link 2019-01-07 03:52:08 -05:00			`response = { success: true }`
			`if user.present? && user.active?`
			`topic = invite.topics.first`
			`response[:redirect_to] = topic.present? ? path("#{topic.relative_url}") : path("/")`
			`else`
			`response[:message] = I18n.t('invite.confirm_email')`
			`end`
FEATURE: new invite acceptance page, where username can be chosen and password can be set 2017-02-13 16:19:41 -05:00
FIX: better accept invite flow when user is invited via a link 2019-01-07 03:52:08 -05:00			`render json: response`
FEATURE: new invite acceptance page, where username can be chosen and password can be set 2017-02-13 16:19:41 -05:00			`rescue ActiveRecord::RecordInvalid, ActiveRecord::RecordNotSaved => e`
			`render json: {`
			`success: false,`
FIX: include error message if the "accept invite" process fails 2019-02-06 08:49:00 -05:00			`errors: e.record&.errors&.to_hash \|\| {},`
			`message: I18n.t('invite.error_message')`
FEATURE: new invite acceptance page, where username can be chosen and password can be set 2017-02-13 16:19:41 -05:00			`}`
			`end`
FEATURE: add explicit confirmation button to accept the invite 2017-01-24 15:15:29 -05:00			`else`
UX: update invite 'not found' message 2019-07-19 07:09:44 -04:00			`render json: { success: false, message: I18n.t('invite.not_found_json') }`
FEATURE: add explicit confirmation button to accept the invite 2017-01-24 15:15:29 -05:00			`end`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`

Support for inviting to a forum from a user's invite page. 2013-11-06 12:56:26 -05:00			`def create`
			`params.require(:email)`

FIX: Group owners should be able to invite users to their groups. https://meta.discourse.org/t/group-owner-cannot-send-an-invite-to-a-group/60617/12 2017-07-21 02:12:24 -04:00			`groups = Group.lookup_groups(`
			`group_ids: params[:group_ids],`
			`group_names: params[:group_names]`
			`)`
Support for inviting to a forum from a user's invite page. 2013-11-06 12:56:26 -05:00
FIX: Group owners should be able to invite users to their groups. https://meta.discourse.org/t/group-owner-cannot-send-an-invite-to-a-group/60617/12 2017-07-21 02:12:24 -04:00			`guardian.ensure_can_invite_to_forum!(groups)`
			`group_ids = groups.map(&:id)`
FEATURE: admins can invite users to groups via the web UI 2014-05-09 04:22:15 -04:00
FEATURE: allow staff to send multiple invites to same email 2014-07-29 13:57:08 -04:00			`invite_exists = Invite.where(email: params[:email], invited_by_id: current_user.id).first`
FIX: sane error message when inviting an existing user 2017-02-03 03:57:27 -05:00			`if invite_exists && !guardian.can_send_multiple_invites?(current_user)`
fix the build 2017-02-03 05:05:33 -05:00			`return render json: failed_json, status: 422`
FEATURE: allow staff to send multiple invites to same email 2014-07-29 13:57:08 -04:00			`end`

FIX: show proper message on invite error 2015-12-14 11:02:23 -05:00			`begin`
FIX: Group owners should be able to invite users to their groups. https://meta.discourse.org/t/group-owner-cannot-send-an-invite-to-a-group/60617/12 2017-07-21 02:12:24 -04:00			`if Invite.invite_by_email(params[:email], current_user, nil, group_ids, params[:custom_message])`
FIX: show proper message on invite error 2015-12-14 11:02:23 -05:00			`render json: success_json`
			`else`
			`render json: failed_json, status: 422`
			`end`
FIX: show invite validation error message in response 2017-06-13 12:59:02 -04:00			`rescue Invite::UserExists, ActiveRecord::RecordInvalid => e`
Add rubocop to our build. (#5004) 2017-07-27 21:20:09 -04:00			`render json: { errors: [e.message] }, status: 422`
Support for inviting to a forum from a user's invite page. 2013-11-06 12:56:26 -05:00			`end`
			`end`

FEATURE: generate invite token 2015-08-25 21:41:52 -04:00			`def create_invite_link`
			`params.require(:email)`
FIX: Group owners should be able to invite users to their groups. https://meta.discourse.org/t/group-owner-cannot-send-an-invite-to-a-group/60617/12 2017-07-21 02:12:24 -04:00
			`groups = Group.lookup_groups(`
			`group_ids: params[:group_ids],`
			`group_names: params[:group_names]`
			`)`
			`guardian.ensure_can_invite_to_forum!(groups)`
SECURITY: verify that inviter can invite new user to a topic 2017-10-09 06:22:41 -04:00
FEATURE: copy invite link for topic invites 2015-08-31 10:06:13 -04:00			`topic = Topic.find_by(id: params[:topic_id])`
SECURITY: verify that inviter can invite new user to a topic 2017-10-09 06:22:41 -04:00			`guardian.ensure_can_invite_to!(topic) if topic.present?`

FIX: Group owners should be able to invite users to their groups. https://meta.discourse.org/t/group-owner-cannot-send-an-invite-to-a-group/60617/12 2017-07-21 02:12:24 -04:00			`group_ids = groups.map(&:id)`
FEATURE: generate invite token 2015-08-25 21:41:52 -04:00
			`invite_exists = Invite.where(email: params[:email], invited_by_id: current_user.id).first`
FIX: sane error message when inviting an existing user 2017-02-03 03:57:27 -05:00			`if invite_exists && !guardian.can_send_multiple_invites?(current_user)`
fix the build 2017-02-03 05:05:33 -05:00			`return render json: failed_json, status: 422`
FEATURE: generate invite token 2015-08-25 21:41:52 -04:00			`end`

FIX: show proper message on invite error 2015-12-14 11:02:23 -05:00			`begin`
			`# generate invite link`
			`if invite_link = Invite.generate_invite_link(params[:email], current_user, topic, group_ids)`
			`render_json_dump(invite_link)`
			`else`
			`render json: failed_json, status: 422`
			`end`
			`rescue => e`
Add rubocop to our build. (#5004) 2017-07-27 21:20:09 -04:00			`render json: { errors: [e.message] }, status: 422`
FIX: return 422 if the invite is already redeemed 2015-09-16 07:57:32 -04:00			`end`
FEATURE: generate invite token 2015-08-25 21:41:52 -04:00			`end`

Initial release of Discourse 2013-02-05 14:16:51 -05:00			`def destroy`
Implemented strong_parameters for Invite/InvitesController. The email parameter is now required using strong parameters and will throw ActionController::ParameterMissing if it is missing. If the email address is incorrect or invalid, Discourse::InvalidParameters will still be thrown. 2013-06-05 03:04:03 -04:00			`params.require(:email)`
Initial release of Discourse 2013-02-05 14:16:51 -05:00
Perform the where(...).first to find_by(...) refactoring. This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb" 2014-05-06 09:41:59 -04:00			`invite = Invite.find_by(invited_by_id: current_user.id, email: params[:email])`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`raise Discourse::InvalidParameters.new(:email) if invite.blank?`
Add `deleted_by` to `Trashable` tables 2013-07-09 15:20:18 -04:00			`invite.trash!(current_user)`
Initial release of Discourse 2013-02-05 14:16:51 -05:00
Fix all the errors to get our tests green on Rails 5.1. 2017-08-31 00:06:56 -04:00			`render body: nil`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`

FEATURE: remove all invites https://meta.discourse.org/t/remove-all-invitations-button-for-the-admin-panel/65207 2017-06-29 10:32:07 -04:00			`def rescind_all_invites`
			`guardian.ensure_can_rescind_all_invites!(current_user)`

FEATURE: remove all expired invitations by default 2019-03-07 04:49:46 -05:00			`Invite.rescind_all_expired_invites_from(current_user)`
Fix all the errors to get our tests green on Rails 5.1. 2017-08-31 00:06:56 -04:00			`render body: nil`
FEATURE: remove all invites https://meta.discourse.org/t/remove-all-invitations-button-for-the-admin-panel/65207 2017-06-29 10:32:07 -04:00			`end`

Feature: resend invites 2014-10-06 14:48:56 -04:00			`def resend_invite`
			`params.require(:email)`
FEATURE: rate limit resend invites 2016-06-06 15:36:59 -04:00			`RateLimiter.new(current_user, "resend-invite-per-hour", 10, 1.hour).performed!`
Feature: resend invites 2014-10-06 14:48:56 -04:00
			`invite = Invite.find_by(invited_by_id: current_user.id, email: params[:email])`
			`raise Discourse::InvalidParameters.new(:email) if invite.blank?`
			`invite.resend_invite`
Fix all the errors to get our tests green on Rails 5.1. 2017-08-31 00:06:56 -04:00			`render body: nil`
FEATURE: rate limit resend invites 2016-06-06 15:36:59 -04:00
			`rescue RateLimiter::LimitExceeded`
			`render_json_error(I18n.t("rate_limiter.slow_down"))`
Feature: resend invites 2014-10-06 14:48:56 -04:00			`end`

FEATURE: Resend all pending invitations 2016-06-02 15:09:02 -04:00			`def resend_all_invites`
FIX: only staff can access 'resend all invites' feature 2016-06-07 01:27:08 -04:00			`guardian.ensure_can_resend_all_invites!(current_user)`
FEATURE: Resend all pending invitations 2016-06-02 15:09:02 -04:00
			`Invite.resend_all_invites_from(current_user.id)`
Fix all the errors to get our tests green on Rails 5.1. 2017-08-31 00:06:56 -04:00			`render body: nil`
FEATURE: Resend all pending invitations 2016-06-02 15:09:02 -04:00			`end`

FIX: simplify CSV file upload 2016-12-04 11:06:35 -05:00			`def upload_csv`
FEATURE: Bulk Invite 2014-05-27 16:14:37 -04:00			`guardian.ensure_can_bulk_invite_to_forum!(current_user)`

FIX: use hijack for processing bulk invites (#7679) FIX: do not store bulk invite CSV file on server 2019-06-04 10:49:46 -04:00			`hijack do`
			`begin`
			`file = params[:file] \|\| params[:files].first`
FIX: simplify CSV file upload 2016-12-04 11:06:35 -05:00
DEV: optimize bulk invite process 2019-06-12 05:05:21 -04:00			`count = 0`
FIX: use hijack for processing bulk invites (#7679) FIX: do not store bulk invite CSV file on server 2019-06-04 10:49:46 -04:00			`invites = []`
DEV: optimize bulk invite process 2019-06-12 05:05:21 -04:00			`max_bulk_invites = SiteSetting.max_bulk_invites`
FIX: use hijack for processing bulk invites (#7679) FIX: do not store bulk invite CSV file on server 2019-06-04 10:49:46 -04:00			`CSV.foreach(file.tempfile) do \|row\|`
DEV: optimize bulk invite process 2019-06-12 05:05:21 -04:00			`count += 1`
Fix the build. 2019-06-12 07:14:17 -04:00			`invites.push(email: row[0], groups: row[1], topic_id: row[2]) if row[0].present?`
DEV: optimize bulk invite process 2019-06-12 05:05:21 -04:00			`break if count >= max_bulk_invites`
FIX: use hijack for processing bulk invites (#7679) FIX: do not store bulk invite CSV file on server 2019-06-04 10:49:46 -04:00			`end`
DEV: optimize bulk invite process 2019-06-12 05:05:21 -04:00
FIX: use hijack for processing bulk invites (#7679) FIX: do not store bulk invite CSV file on server 2019-06-04 10:49:46 -04:00			`if invites.present?`
			`Jobs.enqueue(:bulk_invite, invites: invites, current_user_id: current_user.id)`
DEV: optimize bulk invite process 2019-06-12 05:05:21 -04:00			`if count >= max_bulk_invites`
			`render json: failed_json.merge(errors: [I18n.t("bulk_invite.max_rows", max_bulk_invites: max_bulk_invites)]), status: 422`
			`else`
			`render json: success_json`
			`end`
FIX: use hijack for processing bulk invites (#7679) FIX: do not store bulk invite CSV file on server 2019-06-04 10:49:46 -04:00			`else`
			`render json: failed_json.merge(errors: [I18n.t("bulk_invite.error")]), status: 422`
			`end`
			`rescue`
			`render json: failed_json.merge(errors: [I18n.t("bulk_invite.error")]), status: 422`
FIX: simplify CSV file upload 2016-12-04 11:06:35 -05:00			`end`
FEATURE: Bulk Invite 2014-05-27 16:14:37 -04:00			`end`
			`end`

FEATURE: disposable invite tokens 2014-07-14 11:56:26 -04:00			`def fetch_username`
			`params.require(:username)`
			`params[:username]`
			`end`

			`def fetch_email`
			`params.require(:email)`
			`params[:email]`
			`end`

FEATURE: add site setting allow_new_registrations which can be used to block all new account registrations 2014-07-14 15:42:14 -04:00			`def ensure_new_registrations_allowed`
			`unless SiteSetting.allow_new_registrations`
			`flash[:error] = I18n.t('login.new_registrations_disabled')`
Rename `no_js` layout to `no_ember` While sometimes `no_js` was used for visitors without js (for example disabling it on your browser) it was also used for some pages that were disabled to JS capable browsers, including the 404 page. Even worse, sometimes it was used on pages that had Javascript, such as our `/activate-account` route. It has been renamed to `no_ember` to indicate what it really is, a layout for the site that doesn't load our Ember.js application. 2015-01-15 15:56:53 -05:00			`render layout: 'no_ember'`
FEATURE: add site setting allow_new_registrations which can be used to block all new account registrations 2014-07-14 15:42:14 -04:00			`false`
			`end`
			`end`
FIX: invite link should not auto-accept invitation if user is already logged in 2016-02-23 08:33:12 -05:00
			`def ensure_not_logged_in`
			`if current_user`
			`flash[:error] = I18n.t("login.already_logged_in", current_user: current_user.username)`
			`render layout: 'no_ember'`
			`false`
			`end`
			`end`
FIX: send activation email when accepting invite if password is set 2017-04-15 05:18:05 -04:00
			`private`

Make rubocop happy again. 2018-06-07 01:28:18 -04:00			`def post_process_invite(user)`
			`user.enqueue_welcome_message('welcome_invite') if user.send_welcome_message`
FEATURE: Activate users invited via email when invite is redeemed Do not send an activation email to users invited via email. They already confirmed their email address by clicking the invite link. Users invited via link will need to confirm their email address before they can login. 2018-12-10 17:24:02 -05:00
FIX: Refresh automatic groups after inviting moderators. 2019-05-10 08:49:12 -04:00			`Group.refresh_automatic_groups!(:admins, :moderators, :staff) if user.staff?`

Make rubocop happy again. 2018-06-07 01:28:18 -04:00			`if user.has_password?`
FEATURE: Activate users invited via email when invite is redeemed Do not send an activation email to users invited via email. They already confirmed their email address by clicking the invite link. Users invited via link will need to confirm their email address before they can login. 2018-12-10 17:24:02 -05:00			`send_activation_email(user) unless user.active`
Make rubocop happy again. 2018-06-07 01:28:18 -04:00			`elsif !SiteSetting.enable_sso && SiteSetting.enable_local_logins`
			`Jobs.enqueue(:invite_password_instructions_email, username: user.username)`
FIX: send activation email when accepting invite if password is set 2017-04-15 05:18:05 -04:00			`end`
Make rubocop happy again. 2018-06-07 01:28:18 -04:00			`end`
FIX: send activation email when accepting invite if password is set 2017-04-15 05:18:05 -04:00
FEATURE: Activate users invited via email when invite is redeemed Do not send an activation email to users invited via email. They already confirmed their email address by clicking the invite link. Users invited via link will need to confirm their email address before they can login. 2018-12-10 17:24:02 -05:00			`def send_activation_email(user)`
DEV: Let `create!` handle the check for persistence. This is unlikely to fail but we want to know when it does. 2018-12-11 19:36:13 -05:00			`email_token = user.email_tokens.create!(email: user.email)`
FEATURE: Activate users invited via email when invite is redeemed Do not send an activation email to users invited via email. They already confirmed their email address by clicking the invite link. Users invited via link will need to confirm their email address before they can login. 2018-12-10 17:24:02 -05:00
			`Jobs.enqueue(:critical_user_email,`
			`type: :signup,`
			`user_id: user.id,`
			`email_token: email_token.token`
			`)`
			`end`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`