Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FIX: Show invite validation errors to users (#12717) 

The server used to respond with a generic 'error, contact admin' message
which did not offer any hint what the error was. This happened even when
the error could be easily corrected by the user (for example, if they
chose a very common password).
This commit is contained in:
Dan Ungureanu 2021-04-15 15:23:49 +03:00 committed by GitHub
parent 4d87360f84
commit bfa301bd7b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 1 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/controllers/invites_controller.rb
View File

@ -228,9 +228,7 @@ class InvitesController < ApplicationController
end
user = invite.redeem(**attrs)
rescue ActiveRecord::RecordInvalid, ActiveRecord::RecordNotSaved => e
return render json: failed_json.merge(errors: e.record&.errors&.to_hash, message: I18n.t('invite.error_message')), status: 412
rescue Invite::UserExists => e
rescue ActiveRecord::RecordInvalid, ActiveRecord::RecordNotSaved, Invite::UserExists => e
return render json: failed_json.merge(message: e.message), status: 412
end

1
config/locales/server.en.yml
View File

@ -239,7 +239,6 @@ en:
<p>Otherwise please <a href="%{base_url}/password-reset">Reset Password</a>.</p>
not_found_template_link: |
<p>The invitation to <a href="%{base_url}">%{site_name}</a> can no longer be redeemed. Please ask the person who invited you to send you a new invitation.</p>
error_message: "There was an error accepting invite. Please contact the site's administrator."
user_exists: "There's no need to invite <b>%{email}</b>, they <a href='%{base_path}/u/%{username}/summary'>already have an account!</a>"
invalid_email: "%{email} isn't a valid email address."
confirm_email: "<p>Youre almost done! We sent an activation mail to your email address. Please follow the instructions in the mail to activate your account.</p><p>If it doesnt arrive, check your spam folder.</p>"

1
spec/requests/invites_controller_spec.rb
View File

@ -443,7 +443,6 @@ describe InvitesController do
it 'does not log in the user if there are validation errors' do
put "/invites/show/#{invite.invite_key}.json", params: { password: 'password' }
expect(response.status).to eq(412)
expect(response.parsed_body['errors']['password']).to be_present
end
it 'fails when local login is disabled and no external auth is configured' do