FIX: Don't create email invites when SSO is on or local logins are off (#11951)
A more general, lower-level change in addition to #11950. Most code paths already check if SSO is enabled or if local logins are disabled before trying to create an email invite. This is a safety net to ensure no invalid invites sneak by. Also includes: FIX: Don't allow to bulk invite when SSO is on (or when local logins are disabled) This mirrors can_invite_to_forum? and other email invite code paths.
This commit is contained in:
parent
704778f448
commit
8ad5284cf7
|
@ -39,6 +39,7 @@ class Invite < ActiveRecord::Base
|
|||
|
||||
validate :ensure_max_redemptions_allowed
|
||||
validate :user_doesnt_already_exist
|
||||
validate :ensure_no_invalid_email_invites
|
||||
attr_accessor :email_already_exists
|
||||
|
||||
scope :single_use_invites, -> { where('invites.max_redemptions_allowed = 1') }
|
||||
|
@ -355,6 +356,16 @@ class Invite < ActiveRecord::Base
|
|||
end
|
||||
end
|
||||
end
|
||||
|
||||
def ensure_no_invalid_email_invites
|
||||
return if email.blank?
|
||||
|
||||
if SiteSetting.enable_sso?
|
||||
errors.add(:email, I18n.t("invite.disabled_errors.sso_enabled"))
|
||||
elsif !SiteSetting.enable_local_logins?
|
||||
errors.add(:email, I18n.t("invite.disabled_errors.local_logins_disabled"))
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
# == Schema Information
|
||||
|
|
|
@ -395,7 +395,9 @@ class Guardian
|
|||
end
|
||||
|
||||
def can_bulk_invite_to_forum?(user)
|
||||
user.admin?
|
||||
user.admin? &&
|
||||
!SiteSetting.enable_sso &&
|
||||
SiteSetting.enable_local_logins
|
||||
end
|
||||
|
||||
def can_send_invite_links?(user)
|
||||
|
|
|
@ -50,6 +50,17 @@ describe Invite do
|
|||
end
|
||||
end
|
||||
|
||||
context "SSO validation" do
|
||||
it "prevents creating an email invite when SSO is enabled" do
|
||||
SiteSetting.sso_url = "https://www.example.com/sso"
|
||||
SiteSetting.enable_sso = true
|
||||
|
||||
invite = Fabricate.build(:invite, email: "test@mail.com")
|
||||
expect(invite).not_to be_valid
|
||||
expect(invite.errors.details[:email].first[:error]).to eq(I18n.t("invite.disabled_errors.sso_enabled"))
|
||||
end
|
||||
end
|
||||
|
||||
context '#create' do
|
||||
context 'saved' do
|
||||
subject { Fabricate(:invite) }
|
||||
|
|
|
@ -443,6 +443,7 @@ describe InvitesController do
|
|||
end
|
||||
|
||||
it "does not send password reset email if sso is enabled" do
|
||||
invite # create the invite before enabling SSO
|
||||
SiteSetting.sso_url = "https://www.example.com/sso"
|
||||
SiteSetting.enable_sso = true
|
||||
put "/invites/show/#{invite.invite_key}.json"
|
||||
|
@ -453,6 +454,7 @@ describe InvitesController do
|
|||
end
|
||||
|
||||
it "does not send password reset email if local login is disabled" do
|
||||
invite # create the invite before enabling SSO
|
||||
SiteSetting.enable_local_logins = false
|
||||
put "/invites/show/#{invite.invite_key}.json"
|
||||
expect(response.status).to eq(200)
|
||||
|
|
Loading…
Reference in New Issue