From 688755baf2a49636654c2dc4368cc5bca96c4dec Mon Sep 17 00:00:00 2001
From: Gerhard Schlager <mail@gerhard-schlager.at>
Date: Tue, 11 Dec 2018 18:04:07 +0100
Subject: [PATCH] DEV: Improve specs and handle invalid email token

Follow-up to 7977b09025751973f7ae1271f68aaab2716e01fa
---
 app/controllers/invites_controller.rb    |  1 +
 app/models/invite_redeemer.rb            |  2 +-
 spec/requests/invites_controller_spec.rb | 26 ++++++++++++++++++++----
 3 files changed, 24 insertions(+), 5 deletions(-)

diff --git a/app/controllers/invites_controller.rb b/app/controllers/invites_controller.rb
index ed4844c3573..dd8790b2c43 100644
--- a/app/controllers/invites_controller.rb
+++ b/app/controllers/invites_controller.rb
@@ -221,6 +221,7 @@ class InvitesController < ApplicationController
 
   def send_activation_email(user)
     email_token = user.email_tokens.create(email: user.email)
+    raise ActiveRecord::RecordInvalid.new(email_token) if !email_token.persisted?
 
     Jobs.enqueue(:critical_user_email,
                  type: :signup,
diff --git a/app/models/invite_redeemer.rb b/app/models/invite_redeemer.rb
index ffdd84cc837..bbf40ef0d20 100644
--- a/app/models/invite_redeemer.rb
+++ b/app/models/invite_redeemer.rb
@@ -59,7 +59,7 @@ InviteRedeemer = Struct.new(:invite, :username, :name, :password, :user_custom_f
     user.save!
 
     if invite.via_email
-      user.email_tokens.create(email: user.email)
+      user.email_tokens.create!(email: user.email)
       user.activate
     end
 
diff --git a/spec/requests/invites_controller_spec.rb b/spec/requests/invites_controller_spec.rb
index 37b2c7ec900..d51a3013edd 100644
--- a/spec/requests/invites_controller_spec.rb
+++ b/spec/requests/invites_controller_spec.rb
@@ -293,6 +293,8 @@ describe InvitesController do
             user.send_welcome_message = true
             put "/invites/show/#{invite.invite_key}.json"
             expect(response.status).to eq(200)
+            expect(JSON.parse(response.body)["success"]).to eq(true)
+
             expect(Jobs::SendSystemMessage.jobs.size).to eq(1)
           end
 
@@ -300,6 +302,8 @@ describe InvitesController do
             it "sends password reset email" do
               put "/invites/show/#{invite.invite_key}.json"
               expect(response.status).to eq(200)
+              expect(JSON.parse(response.body)["success"]).to eq(true)
+
               expect(Jobs::InvitePasswordInstructionsEmail.jobs.size).to eq(1)
               expect(Jobs::CriticalUserEmail.jobs.size).to eq(0)
             end
@@ -309,6 +313,8 @@ describe InvitesController do
               SiteSetting.enable_sso = true
               put "/invites/show/#{invite.invite_key}.json"
               expect(response.status).to eq(200)
+              expect(JSON.parse(response.body)["success"]).to eq(true)
+
               expect(Jobs::InvitePasswordInstructionsEmail.jobs.size).to eq(0)
               expect(Jobs::CriticalUserEmail.jobs.size).to eq(0)
             end
@@ -317,6 +323,8 @@ describe InvitesController do
               SiteSetting.enable_local_logins = false
               put "/invites/show/#{invite.invite_key}.json"
               expect(response.status).to eq(200)
+              expect(JSON.parse(response.body)["success"]).to eq(true)
+
               expect(Jobs::InvitePasswordInstructionsEmail.jobs.size).to eq(0)
               expect(Jobs::CriticalUserEmail.jobs.size).to eq(0)
             end
@@ -329,6 +337,7 @@ describe InvitesController do
               it "doesn't send an activation email and activates the user" do
                 put "/invites/show/#{invite.invite_key}.json", params: { password: "verystrongpassword" }
                 expect(response.status).to eq(200)
+                expect(JSON.parse(response.body)["success"]).to eq(true)
 
                 expect(Jobs::InvitePasswordInstructionsEmail.jobs.size).to eq(0)
                 expect(Jobs::CriticalUserEmail.jobs.size).to eq(0)
@@ -345,15 +354,24 @@ describe InvitesController do
               it "sends an activation email and doesn't activate the user" do
                 put "/invites/show/#{invite.invite_key}.json", params: { password: "verystrongpassword" }
                 expect(response.status).to eq(200)
-
-                expect(Jobs::InvitePasswordInstructionsEmail.jobs.size).to eq(0)
-                expect(Jobs::CriticalUserEmail.jobs.size).to eq(1)
-                expect(Jobs::CriticalUserEmail.jobs.first["args"].first["type"]).to eq("signup")
+                expect(JSON.parse(response.body)["success"]).to eq(true)
 
                 invited_user = User.find_by_email(invite.email)
                 expect(invited_user.active).to eq(false)
                 expect(invited_user.email_confirmed?).to eq(false)
+
+                expect(Jobs::InvitePasswordInstructionsEmail.jobs.size).to eq(0)
+                expect(Jobs::CriticalUserEmail.jobs.size).to eq(1)
+
+                tokens = EmailToken.where(user_id: invited_user.id, confirmed: false, expired: false).pluck(:token)
+                expect(tokens.size).to eq(1)
+
+                job_args = Jobs::CriticalUserEmail.jobs.first["args"].first
+                expect(job_args["type"]).to eq("signup")
+                expect(job_args["user_id"]).to eq(invited_user.id)
+                expect(job_args["email_token"]).to eq(tokens.first)
               end
+
             end
 
           end