about summary refs log tree commit diff
path: root/app
diff options
context:
space:
mode:
authorThibG <thib@sitedethib.com>2019-05-02 04:30:12 +0200
committerEugen Rochko <eugen@zeonfederated.com>2019-05-02 04:30:12 +0200
commit21a73c52a7d0d0149e1058aeec155fe1c87aaeff (patch)
treef3ab8ce5d5f7c793c072d2f8f2084762b6a6ce52 /app
parentc4f24333002a6b1cec06f53c2910700648654487 (diff)
Check that an invite link is valid before bypassing approval mode (#10657)
* Check that an invite link is valid before bypassing approval mode

Fixes #10656

* Add tests

* Only consider valid invite links in registration controller

* fixup
Diffstat (limited to 'app')
-rw-r--r--app/controllers/auth/registrations_controller.rb3
-rw-r--r--app/models/user.rb2
2 files changed, 3 insertions, 2 deletions
diff --git a/app/controllers/auth/registrations_controller.rb b/app/controllers/auth/registrations_controller.rb
index 5c1ff769a..83797cf1f 100644
--- a/app/controllers/auth/registrations_controller.rb
+++ b/app/controllers/auth/registrations_controller.rb
@@ -91,7 +91,8 @@ class Auth::RegistrationsController < Devise::RegistrationsController
   end
 
   def set_invite
-    @invite = invite_code.present? ? Invite.find_by(code: invite_code) : nil
+    invite = invite_code.present? ? Invite.find_by(code: invite_code) : nil
+    @invite = invite&.valid_for_use? ? invite : nil
   end
 
   def determine_layout
diff --git a/app/models/user.rb b/app/models/user.rb
index c42f6ad8d..432078651 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -114,7 +114,7 @@ class User < ApplicationRecord
   end
 
   def invited?
-    invite_id.present?
+    invite_id.present? && invite.valid_for_use?
   end
 
   def disable!