Check that an invite link is valid before bypassing approval mode (#10657)

* Check that an invite link is valid before bypassing approval mode Fixes #10656 * Add tests * Only consider valid invite links in registration controller * fixup
author: ThibG <thib@sitedethib.com> 2019-05-02 04:30:12 +0200
committer: Eugen Rochko <eugen@zeonfederated.com> 2019-05-02 04:30:12 +0200
commit: 21a73c52a7d0d0149e1058aeec155fe1c87aaeff (patch)
tree: f3ab8ce5d5f7c793c072d2f8f2084762b6a6ce52 /app
parent: c4f24333002a6b1cec06f53c2910700648654487 (diff)
2 files changed, 3 insertions, 2 deletions
diff --git a/app/controllers/auth/registrations_controller.rb b/app/controllers/auth/registrations_controller.rb
index 5c1ff769a..83797cf1f 100644
--- a/app/controllers/auth/registrations_controller.rb
+++ b/app/controllers/auth/registrations_controller.rb
@@ -91,7 +91,8 @@ class Auth::RegistrationsController < Devise::RegistrationsController
   end
 
   def set_invite
-    @invite = invite_code.present? ? Invite.find_by(code: invite_code) : nil
+    invite = invite_code.present? ? Invite.find_by(code: invite_code) : nil
+    @invite = invite&.valid_for_use? ? invite : nil
   end
 
   def determine_layout
diff --git a/app/models/user.rb b/app/models/user.rb
index c42f6ad8d..432078651 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -114,7 +114,7 @@ class User < ApplicationRecord
   end
 
   def invited?
-    invite_id.present?
+    invite_id.present? && invite.valid_for_use?
   end
 
   def disable!
author	ThibG <thib@sitedethib.com>	2019-05-02 04:30:12 +0200
committer	Eugen Rochko <eugen@zeonfederated.com>	2019-05-02 04:30:12 +0200
commit	21a73c52a7d0d0149e1058aeec155fe1c87aaeff (patch)
tree	f3ab8ce5d5f7c793c072d2f8f2084762b6a6ce52 /app
parent	c4f24333002a6b1cec06f53c2910700648654487 (diff)