2019-05-02 17:17:27 -05:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2022-11-01 11:33:32 -05:00
|
|
|
class InviteRedeemer
|
|
|
|
attr_reader :invite,
|
|
|
|
:email,
|
|
|
|
:username,
|
|
|
|
:name,
|
|
|
|
:password,
|
|
|
|
:user_custom_fields,
|
|
|
|
:ip_address,
|
|
|
|
:session,
|
|
|
|
:email_token,
|
|
|
|
:redeeming_user
|
|
|
|
|
|
|
|
def initialize(
|
|
|
|
invite: nil,
|
|
|
|
email: nil,
|
|
|
|
username: nil,
|
|
|
|
name: nil,
|
|
|
|
password: nil,
|
|
|
|
user_custom_fields: nil,
|
|
|
|
ip_address: nil,
|
|
|
|
session: nil,
|
|
|
|
email_token: nil,
|
|
|
|
redeeming_user: nil)
|
|
|
|
|
|
|
|
@invite = invite
|
|
|
|
@email = email
|
|
|
|
@username = username
|
|
|
|
@name = name
|
|
|
|
@password = password
|
|
|
|
@user_custom_fields = user_custom_fields
|
|
|
|
@ip_address = ip_address
|
|
|
|
@session = session
|
|
|
|
@email_token = email_token
|
|
|
|
@redeeming_user = redeeming_user
|
|
|
|
end
|
|
|
|
|
2013-05-30 10:33:11 -05:00
|
|
|
def redeem
|
|
|
|
Invite.transaction do
|
2022-06-20 22:56:50 -05:00
|
|
|
if can_redeem_invite? && mark_invite_redeemed
|
2014-07-01 11:52:52 -05:00
|
|
|
process_invitation
|
2021-04-21 04:36:32 -05:00
|
|
|
invited_user
|
2014-07-01 11:52:52 -05:00
|
|
|
end
|
2013-05-30 10:33:11 -05:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2013-08-28 02:18:31 -05:00
|
|
|
# extracted from User cause it is very specific to invites
|
2021-04-14 04:15:56 -05:00
|
|
|
def self.create_user_from_invite(email:, invite:, username: nil, name: nil, password: nil, user_custom_fields: nil, ip_address: nil, session: nil, email_token: nil)
|
2021-07-11 16:57:38 -05:00
|
|
|
if username && UsernameValidator.new(username).valid_format? && User.username_available?(username, email)
|
2014-07-14 10:56:26 -05:00
|
|
|
available_username = username
|
|
|
|
else
|
2020-06-09 10:19:32 -05:00
|
|
|
available_username = UserNameSuggester.suggest(email)
|
2014-07-14 10:56:26 -05:00
|
|
|
end
|
2013-08-28 02:18:31 -05:00
|
|
|
|
2021-07-11 16:57:38 -05:00
|
|
|
user = User.where(staged: true).with_email(email.strip.downcase).first
|
|
|
|
user.unstage! if user
|
|
|
|
user ||= User.new
|
|
|
|
|
2020-03-17 10:48:24 -05:00
|
|
|
user.attributes = {
|
2020-06-09 10:19:32 -05:00
|
|
|
email: email,
|
2018-01-19 08:29:15 -06:00
|
|
|
username: available_username,
|
2020-03-17 10:48:24 -05:00
|
|
|
name: name || available_username,
|
2018-12-10 16:24:02 -06:00
|
|
|
active: false,
|
2019-04-13 02:34:25 -05:00
|
|
|
trust_level: SiteSetting.default_invitee_trust_level,
|
|
|
|
ip_address: ip_address,
|
|
|
|
registration_ip_address: ip_address
|
2018-01-19 08:29:15 -06:00
|
|
|
}
|
|
|
|
|
2022-06-02 22:43:52 -05:00
|
|
|
if (!SiteSetting.must_approve_users && SiteSetting.invite_only) ||
|
|
|
|
(SiteSetting.must_approve_users? && EmailValidator.can_auto_approve_user?(user.email))
|
|
|
|
|
2022-06-02 09:10:48 -05:00
|
|
|
ReviewableUser.set_approved_fields!(user, Discourse.system_user)
|
2017-03-05 07:55:21 -06:00
|
|
|
end
|
|
|
|
|
2017-06-08 14:10:43 -05:00
|
|
|
user_fields = UserField.all
|
|
|
|
if user_custom_fields.present? && user_fields.present?
|
|
|
|
field_params = user_custom_fields || {}
|
|
|
|
fields = user.custom_fields
|
|
|
|
|
|
|
|
user_fields.each do |f|
|
|
|
|
field_val = field_params[f.id.to_s]
|
2018-09-06 17:02:47 -05:00
|
|
|
fields["#{User::USER_FIELD_PREFIX}#{f.id}"] = field_val[0...UserField.max_length] unless field_val.blank?
|
2017-06-08 14:10:43 -05:00
|
|
|
end
|
|
|
|
user.custom_fields = fields
|
|
|
|
end
|
|
|
|
|
2016-09-20 12:12:00 -05:00
|
|
|
user.moderator = true if invite.moderator? && invite.invited_by.staff?
|
2013-08-28 02:18:31 -05:00
|
|
|
|
2017-11-23 10:39:24 -06:00
|
|
|
if password
|
|
|
|
user.password = password
|
|
|
|
user.password_required!
|
|
|
|
end
|
|
|
|
|
2021-03-02 01:13:04 -06:00
|
|
|
authenticator = UserAuthenticator.new(user, session, require_password: false)
|
|
|
|
|
|
|
|
if !authenticator.has_authenticator? && !SiteSetting.enable_local_logins
|
|
|
|
raise ActiveRecord::RecordNotSaved.new(I18n.t("login.incorrect_username_email_or_password"))
|
|
|
|
end
|
|
|
|
|
|
|
|
authenticator.start
|
|
|
|
|
|
|
|
if authenticator.email_valid? && !authenticator.authenticated?
|
|
|
|
raise ActiveRecord::RecordNotSaved.new(I18n.t("login.incorrect_username_email_or_password"))
|
|
|
|
end
|
|
|
|
|
2017-11-23 10:39:24 -06:00
|
|
|
user.save!
|
2021-03-02 01:13:04 -06:00
|
|
|
authenticator.finish
|
2018-12-10 16:24:02 -06:00
|
|
|
|
2021-04-14 04:15:56 -05:00
|
|
|
if invite.emailed_status != Invite.emailed_status_types[:not_required] && email == invite.email && invite.email_token.present? && email_token == invite.email_token
|
2018-12-10 16:24:02 -06:00
|
|
|
user.activate
|
|
|
|
end
|
|
|
|
|
2017-11-23 10:39:24 -06:00
|
|
|
User.find(user.id)
|
2013-08-28 02:18:31 -05:00
|
|
|
end
|
|
|
|
|
2013-05-30 10:33:11 -05:00
|
|
|
private
|
|
|
|
|
2022-06-20 22:56:50 -05:00
|
|
|
def can_redeem_invite?
|
2022-11-01 11:33:32 -05:00
|
|
|
return false if !invite.redeemable?
|
2022-08-04 21:20:48 -05:00
|
|
|
|
2022-11-01 11:33:32 -05:00
|
|
|
# Invite has already been redeemed by anyone.
|
2022-06-20 22:56:50 -05:00
|
|
|
if !invite.is_invite_link? && InvitedUser.exists?(invite_id: invite.id)
|
|
|
|
return false
|
|
|
|
end
|
|
|
|
|
2022-11-01 11:33:32 -05:00
|
|
|
# Email will not be present if we are claiming an invite link, which
|
|
|
|
# does not have an email or domain scope on the invitation.
|
|
|
|
if email.present? || redeeming_user.present?
|
|
|
|
email_to_check = redeeming_user&.email || email
|
2022-06-20 22:56:50 -05:00
|
|
|
|
2022-11-01 11:33:32 -05:00
|
|
|
if invite.email.present? && !invite.email_matches?(email_to_check)
|
|
|
|
raise ActiveRecord::RecordNotSaved.new(I18n.t('invite.not_matching_email'))
|
|
|
|
end
|
2022-06-20 22:56:50 -05:00
|
|
|
|
2022-11-01 11:33:32 -05:00
|
|
|
if invite.domain.present? && !invite.domain_matches?(email_to_check)
|
|
|
|
raise ActiveRecord::RecordNotSaved.new(I18n.t('invite.domain_not_allowed'))
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
# Anon user is trying to redeem an invitation, if an existing user already
|
|
|
|
# redeemed it then we cannot redeem now.
|
|
|
|
redeeming_user ||= User.where(admin: false, staged: false).find_by_email(email)
|
|
|
|
if redeeming_user.present? && InvitedUser.exists?(user_id: redeeming_user.id, invite_id: invite.id)
|
2022-06-20 22:56:50 -05:00
|
|
|
return false
|
|
|
|
end
|
|
|
|
|
|
|
|
true
|
|
|
|
end
|
|
|
|
|
2022-11-01 11:33:32 -05:00
|
|
|
def invited_user
|
|
|
|
return @invited_user if defined?(@invited_user)
|
|
|
|
|
|
|
|
# The redeeming user is an already logged in user or a user who is
|
|
|
|
# activating their account who is redeeming the invite,
|
|
|
|
# which is valid for existing users to be invited to topics or groups.
|
|
|
|
if redeeming_user.present?
|
|
|
|
@invited_user = redeeming_user
|
|
|
|
return @invited_user
|
2022-06-20 22:56:50 -05:00
|
|
|
end
|
|
|
|
|
2022-11-01 11:33:32 -05:00
|
|
|
# If there was no logged in user then we must attempt to create
|
|
|
|
# one based on the provided params.
|
|
|
|
invited_user ||= InviteRedeemer.create_user_from_invite(
|
|
|
|
email: email,
|
|
|
|
invite: invite,
|
|
|
|
username: username,
|
|
|
|
name: name,
|
|
|
|
password: password,
|
|
|
|
user_custom_fields: user_custom_fields,
|
|
|
|
ip_address: ip_address,
|
|
|
|
session: session,
|
|
|
|
email_token: email_token
|
|
|
|
)
|
|
|
|
invited_user.send_welcome_message = false
|
|
|
|
@invited_user = invited_user
|
|
|
|
@invited_user
|
2013-05-30 10:33:11 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def process_invitation
|
|
|
|
add_to_private_topics_if_invited
|
2014-05-08 01:45:49 -05:00
|
|
|
add_user_to_groups
|
2013-05-30 10:33:11 -05:00
|
|
|
send_welcome_message
|
|
|
|
notify_invitee
|
|
|
|
end
|
|
|
|
|
|
|
|
def mark_invite_redeemed
|
2020-06-09 10:19:32 -05:00
|
|
|
@invited_user_record = InvitedUser.create!(invite_id: invite.id, redeemed_at: Time.zone.now)
|
2022-06-20 22:56:50 -05:00
|
|
|
|
2021-01-20 02:50:02 -06:00
|
|
|
if @invited_user_record.present?
|
2020-06-09 10:19:32 -05:00
|
|
|
Invite.increment_counter(:redemption_count, invite.id)
|
2019-05-13 02:42:13 -05:00
|
|
|
delete_duplicate_invites
|
|
|
|
end
|
|
|
|
|
2020-06-09 10:19:32 -05:00
|
|
|
@invited_user_record.present?
|
2013-05-30 10:33:11 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def add_to_private_topics_if_invited
|
2020-06-09 10:19:32 -05:00
|
|
|
topic_ids = Topic.where(archetype: Archetype::private_message).includes(:invites).where(invites: { email: email }).pluck(:id)
|
2019-03-29 11:03:33 -05:00
|
|
|
topic_ids.each do |id|
|
2020-06-01 21:33:30 -05:00
|
|
|
TopicAllowedUser.create!(user_id: invited_user.id, topic_id: id) unless TopicAllowedUser.exists?(user_id: invited_user.id, topic_id: id)
|
2013-05-30 10:33:11 -05:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2014-05-08 01:45:49 -05:00
|
|
|
def add_user_to_groups
|
2020-06-15 04:13:56 -05:00
|
|
|
guardian = Guardian.new(invite.invited_by)
|
2015-02-25 21:05:44 -06:00
|
|
|
new_group_ids = invite.groups.pluck(:id) - invited_user.group_users.pluck(:group_id)
|
|
|
|
new_group_ids.each do |id|
|
2020-06-15 04:13:56 -05:00
|
|
|
group = Group.find_by(id: id)
|
|
|
|
if guardian.can_edit_group?(group)
|
|
|
|
invited_user.group_users.create!(group_id: group.id)
|
|
|
|
DiscourseEvent.trigger(:user_added_to_group, invited_user, group, automatic: false)
|
|
|
|
end
|
2014-05-08 01:45:49 -05:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2013-05-30 10:33:11 -05:00
|
|
|
def send_welcome_message
|
2020-06-09 10:19:32 -05:00
|
|
|
@invited_user_record.update!(user_id: invited_user.id)
|
|
|
|
invited_user.send_welcome_message = true
|
2013-05-30 10:33:11 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def notify_invitee
|
2016-07-12 22:58:31 -05:00
|
|
|
if inviter = invite.invited_by
|
2020-06-01 21:45:18 -05:00
|
|
|
inviter.notifications.create!(
|
|
|
|
notification_type: Notification.types[:invitee_accepted],
|
|
|
|
data: { display_username: invited_user.username }.to_json
|
|
|
|
)
|
2016-07-12 22:58:31 -05:00
|
|
|
end
|
2013-05-30 10:33:11 -05:00
|
|
|
end
|
2015-03-25 11:55:18 -05:00
|
|
|
|
|
|
|
def delete_duplicate_invites
|
2021-03-03 03:45:29 -06:00
|
|
|
Invite
|
|
|
|
.where('invites.max_redemptions_allowed = 1')
|
2020-06-09 10:19:32 -05:00
|
|
|
.joins("LEFT JOIN invited_users ON invites.id = invited_users.invite_id")
|
|
|
|
.where('invited_users.user_id IS NULL')
|
|
|
|
.where('invites.email = ? AND invites.id != ?', email, invite.id)
|
|
|
|
.delete_all
|
2015-03-25 11:55:18 -05:00
|
|
|
end
|
2013-07-10 20:21:39 -05:00
|
|
|
end
|