| 
									
										
										
										
											2019-05-03 08:17:27 +10:00
										 |  |  | # frozen_string_literal: true | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-29 14:03:19 +03:00
										 |  |  | require 'csv' | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-02-05 14:16:51 -05:00
										 |  |  | class InvitesController < ApplicationController | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-04-07 03:01:07 +12:00
										 |  |  |   requires_login only: [:create, :retrieve, :destroy, :destroy_all_expired, :resend_invite, :resend_all_invites, :upload_csv] | 
					
						
							| 
									
										
										
										
											2018-02-01 12:26:45 +11:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-08-31 12:06:56 +08:00
										 |  |  |   skip_before_action :check_xhr, except: [:perform_accept_invitation] | 
					
						
							|  |  |  |   skip_before_action :preload_json, except: [:show] | 
					
						
							|  |  |  |   skip_before_action :redirect_to_login_if_required | 
					
						
							| 
									
										
										
										
											2013-06-05 11:12:37 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-02 15:13:04 +08:00
										 |  |  |   before_action :ensure_invites_allowed, only: [:show, :perform_accept_invitation] | 
					
						
							| 
									
										
										
										
											2017-08-31 12:06:56 +08:00
										 |  |  |   before_action :ensure_new_registrations_allowed, only: [:show, :perform_accept_invitation] | 
					
						
							| 
									
										
										
										
											2021-07-07 19:42:42 +03:00
										 |  |  |   before_action :ensure_not_logged_in, only: :perform_accept_invitation | 
					
						
							| 
									
										
										
										
											2013-02-05 14:16:51 -05:00
										 |  |  | 
 | 
					
						
							|  |  |  |   def show | 
					
						
							| 
									
										
										
										
											2017-01-25 01:45:29 +05:30
										 |  |  |     expires_now | 
					
						
							| 
									
										
										
										
											2017-02-13 16:19:41 -05:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-04-14 19:22:16 +03:00
										 |  |  |     RateLimiter.new(nil, "invites-show-#{request.remote_ip}", 100, 1.minute).performed! | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-02-13 16:19:41 -05:00
										 |  |  |     invite = Invite.find_by(invite_key: params[:id]) | 
					
						
							| 
									
										
										
										
											2021-03-19 10:20:10 +10:00
										 |  |  |     if invite.present? && invite.redeemable? | 
					
						
							| 
									
										
										
										
											2021-07-07 19:42:42 +03:00
										 |  |  |       if current_user | 
					
						
							|  |  |  |         added_to_group = false | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         if invite.groups.present? | 
					
						
							|  |  |  |           invite_by_guardian = Guardian.new(invite.invited_by) | 
					
						
							|  |  |  |           new_group_ids = invite.groups.pluck(:id) - current_user.group_users.pluck(:group_id) | 
					
						
							|  |  |  |           new_group_ids.each do |id| | 
					
						
							|  |  |  |             if group = Group.find_by(id: id) | 
					
						
							|  |  |  |               if invite_by_guardian.can_edit_group?(group) | 
					
						
							|  |  |  |                 group.add(current_user) | 
					
						
							|  |  |  |                 added_to_group = true | 
					
						
							|  |  |  |               end | 
					
						
							|  |  |  |             end | 
					
						
							|  |  |  |           end | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-08-26 10:43:56 +03:00
										 |  |  |         create_topic_invite_notifications(invite, current_user) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-07-07 19:42:42 +03:00
										 |  |  |         if topic = invite.topics.first | 
					
						
							|  |  |  |           new_guardian = Guardian.new(current_user) | 
					
						
							|  |  |  |           return redirect_to(topic.url) if new_guardian.can_see?(topic) | 
					
						
							|  |  |  |         elsif added_to_group | 
					
						
							|  |  |  |           return redirect_to(path("/")) | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         return ensure_not_logged_in | 
					
						
							|  |  |  |       end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-18 19:09:23 +02:00
										 |  |  |       email = Email.obfuscate(invite.email) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       # Show email if the user already authenticated their email | 
					
						
							| 
									
										
										
										
											2021-07-21 17:03:04 +10:00
										 |  |  |       different_external_email = false | 
					
						
							| 
									
										
										
										
											2021-03-18 19:09:23 +02:00
										 |  |  |       if session[:authentication] | 
					
						
							|  |  |  |         auth_result = Auth::Result.from_session_data(session[:authentication], user: nil) | 
					
						
							|  |  |  |         if invite.email == auth_result.email | 
					
						
							|  |  |  |           email = invite.email | 
					
						
							| 
									
										
										
										
											2021-07-21 17:03:04 +10:00
										 |  |  |         else | 
					
						
							|  |  |  |           different_external_email = true | 
					
						
							| 
									
										
										
										
											2021-03-18 19:09:23 +02:00
										 |  |  |         end | 
					
						
							|  |  |  |       end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-05-26 09:47:44 +01:00
										 |  |  |       email_verified_by_link = invite.email_token.present? && params[:t] == invite.email_token | 
					
						
							|  |  |  |       if email_verified_by_link | 
					
						
							|  |  |  |         email = invite.email | 
					
						
							|  |  |  |       end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-19 17:15:46 +02:00
										 |  |  |       hidden_email = email != invite.email | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-29 14:03:19 +03:00
										 |  |  |       info = { | 
					
						
							| 
									
										
										
										
											2020-09-30 20:32:33 +05:30
										 |  |  |         invited_by: UserNameSerializer.new(invite.invited_by, scope: guardian, root: false), | 
					
						
							| 
									
										
										
										
											2021-03-18 19:09:23 +02:00
										 |  |  |         email: email, | 
					
						
							| 
									
										
										
										
											2021-03-19 17:15:46 +02:00
										 |  |  |         hidden_email: hidden_email, | 
					
						
							|  |  |  |         username: hidden_email ? '' : UserNameSuggester.suggest(invite.email), | 
					
						
							| 
									
										
										
										
											2021-05-26 09:47:44 +01:00
										 |  |  |         is_invite_link: invite.is_invite_link?, | 
					
						
							|  |  |  |         email_verified_by_link: email_verified_by_link | 
					
						
							| 
									
										
										
										
											2021-03-29 14:03:19 +03:00
										 |  |  |       } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-07-21 17:03:04 +10:00
										 |  |  |       if different_external_email | 
					
						
							|  |  |  |         info[:different_external_email] = true | 
					
						
							|  |  |  |       end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-29 14:03:19 +03:00
										 |  |  |       if staged_user = User.where(staged: true).with_email(invite.email).first | 
					
						
							| 
									
										
										
										
											2021-07-12 00:57:38 +03:00
										 |  |  |         info[:username] = staged_user.username | 
					
						
							| 
									
										
										
										
											2021-03-29 14:03:19 +03:00
										 |  |  |         info[:user_fields] = staged_user.user_fields | 
					
						
							|  |  |  |       end | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       store_preloaded("invite_info", MultiJson.dump(info)) | 
					
						
							| 
									
										
										
										
											2020-09-30 20:32:33 +05:30
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-19 10:20:10 +10:00
										 |  |  |       secure_session["invite-key"] = invite.invite_key | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-09-30 20:32:33 +05:30
										 |  |  |       render layout: 'application' | 
					
						
							|  |  |  |     else | 
					
						
							| 
									
										
										
										
											2021-03-19 10:20:10 +10:00
										 |  |  |       flash.now[:error] = if invite.blank? | 
					
						
							| 
									
										
										
										
											2020-09-30 20:32:33 +05:30
										 |  |  |         I18n.t('invite.not_found', base_url: Discourse.base_url) | 
					
						
							| 
									
										
										
										
											2021-03-19 10:20:10 +10:00
										 |  |  |       elsif invite.redeemed? | 
					
						
							| 
									
										
										
										
											2021-04-02 11:11:07 +03:00
										 |  |  |         if invite.is_invite_link? | 
					
						
							|  |  |  |           I18n.t('invite.not_found_template_link', site_name: SiteSetting.title, base_url: Discourse.base_url) | 
					
						
							|  |  |  |         else | 
					
						
							|  |  |  |           I18n.t('invite.not_found_template', site_name: SiteSetting.title, base_url: Discourse.base_url) | 
					
						
							|  |  |  |         end | 
					
						
							| 
									
										
										
										
											2021-03-19 10:20:10 +10:00
										 |  |  |       elsif invite.expired? | 
					
						
							|  |  |  |         I18n.t('invite.expired', base_url: Discourse.base_url) | 
					
						
							| 
									
										
										
										
											2019-01-03 07:46:05 +05:30
										 |  |  |       end | 
					
						
							| 
									
										
										
										
											2021-03-03 11:45:29 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-02-13 16:19:41 -05:00
										 |  |  |       render layout: 'no_ember' | 
					
						
							|  |  |  |     end | 
					
						
							| 
									
										
										
										
											2021-04-14 19:22:16 +03:00
										 |  |  |   rescue RateLimiter::LimitExceeded => e | 
					
						
							|  |  |  |     flash.now[:error] = e.description | 
					
						
							|  |  |  |     render layout: 'no_ember' | 
					
						
							| 
									
										
										
										
											2017-01-25 01:45:29 +05:30
										 |  |  |   end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-03 11:45:29 +02:00
										 |  |  |   def create | 
					
						
							|  |  |  |     if params[:topic_id].present? | 
					
						
							|  |  |  |       topic = Topic.find_by(id: params[:topic_id]) | 
					
						
							|  |  |  |       raise Discourse::InvalidParameters.new(:topic_id) if topic.blank? | 
					
						
							|  |  |  |       guardian.ensure_can_invite_to!(topic) | 
					
						
							|  |  |  |     end | 
					
						
							| 
									
										
										
										
											2013-11-06 12:56:26 -05:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-03 11:45:29 +02:00
										 |  |  |     if params[:group_ids].present? || params[:group_names].present? | 
					
						
							|  |  |  |       groups = Group.lookup_groups(group_ids: params[:group_ids], group_names: params[:group_names]) | 
					
						
							|  |  |  |     end | 
					
						
							| 
									
										
										
										
											2013-11-06 12:56:26 -05:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-07-21 15:12:24 +09:00
										 |  |  |     guardian.ensure_can_invite_to_forum!(groups) | 
					
						
							| 
									
										
										
										
											2014-07-29 23:27:08 +05:30
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-12-14 21:32:23 +05:30
										 |  |  |     begin | 
					
						
							| 
									
										
										
										
											2021-03-03 11:45:29 +02:00
										 |  |  |       invite = Invite.generate(current_user, | 
					
						
							|  |  |  |         email: params[:email], | 
					
						
							|  |  |  |         skip_email: params[:skip_email], | 
					
						
							|  |  |  |         invited_by: current_user, | 
					
						
							|  |  |  |         custom_message: params[:custom_message], | 
					
						
							|  |  |  |         max_redemptions_allowed: params[:max_redemptions_allowed], | 
					
						
							|  |  |  |         topic_id: topic&.id, | 
					
						
							|  |  |  |         group_ids: groups&.map(&:id), | 
					
						
							|  |  |  |         expires_at: params[:expires_at], | 
					
						
							|  |  |  |       ) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       if invite.present? | 
					
						
							| 
									
										
										
										
											2021-07-06 12:49:26 +03:00
										 |  |  |         render_serialized(invite, InviteSerializer, scope: guardian, root: nil, show_emails: params.has_key?(:email), show_warnings: true) | 
					
						
							| 
									
										
										
										
											2015-12-14 21:32:23 +05:30
										 |  |  |       else | 
					
						
							|  |  |  |         render json: failed_json, status: 422
 | 
					
						
							|  |  |  |       end | 
					
						
							| 
									
										
										
										
											2021-04-15 14:46:32 +03:00
										 |  |  |     rescue Invite::UserExists => e | 
					
						
							| 
									
										
										
										
											2021-03-06 13:29:35 +02:00
										 |  |  |       render_json_error(e.message) | 
					
						
							| 
									
										
										
										
											2021-04-15 14:46:32 +03:00
										 |  |  |     rescue ActiveRecord::RecordInvalid => e | 
					
						
							|  |  |  |       render_json_error(e.record.errors.full_messages.first) | 
					
						
							| 
									
										
										
										
											2013-11-06 12:56:26 -05:00
										 |  |  |     end | 
					
						
							|  |  |  |   end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-04-07 03:01:07 +12:00
										 |  |  |   def retrieve | 
					
						
							|  |  |  |     params.require(:email) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     invite = Invite.find_by(invited_by: current_user, email: params[:email]) | 
					
						
							|  |  |  |     raise Discourse::InvalidParameters.new(:email) if invite.blank? | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     guardian.ensure_can_invite_to_forum!(nil) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-07-06 12:49:26 +03:00
										 |  |  |     render_serialized(invite, InviteSerializer, scope: guardian, root: nil, show_emails: params.has_key?(:email), show_warnings: true) | 
					
						
							| 
									
										
										
										
											2021-04-07 03:01:07 +12:00
										 |  |  |   end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-03 11:45:29 +02:00
										 |  |  |   def update | 
					
						
							|  |  |  |     invite = Invite.find_by(invited_by: current_user, id: params[:id]) | 
					
						
							|  |  |  |     raise Discourse::InvalidParameters.new(:id) if invite.blank? | 
					
						
							| 
									
										
										
										
											2020-06-09 20:49:32 +05:30
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-03 11:45:29 +02:00
										 |  |  |     if params[:topic_id].present? | 
					
						
							|  |  |  |       topic = Topic.find_by(id: params[:topic_id]) | 
					
						
							|  |  |  |       raise Discourse::InvalidParameters.new(:topic_id) if topic.blank? | 
					
						
							|  |  |  |       guardian.ensure_can_invite_to!(topic) | 
					
						
							| 
									
										
										
										
											2020-06-09 20:49:32 +05:30
										 |  |  |     end | 
					
						
							| 
									
										
										
										
											2017-07-21 15:12:24 +09:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-03 11:45:29 +02:00
										 |  |  |     if params[:group_ids].present? || params[:group_names].present? | 
					
						
							|  |  |  |       groups = Group.lookup_groups(group_ids: params[:group_ids], group_names: params[:group_names]) | 
					
						
							| 
									
										
										
										
											2020-07-13 18:09:36 +05:30
										 |  |  |     end | 
					
						
							| 
									
										
										
										
											2015-08-26 07:11:52 +05:30
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-03 11:45:29 +02:00
										 |  |  |     guardian.ensure_can_invite_to_forum!(groups) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     Invite.transaction do | 
					
						
							|  |  |  |       if params.has_key?(:topic_id) | 
					
						
							|  |  |  |         invite.topic_invites.destroy_all | 
					
						
							|  |  |  |         invite.topic_invites.create!(topic_id: topic.id) if topic.present? | 
					
						
							| 
									
										
										
										
											2020-06-09 20:49:32 +05:30
										 |  |  |       end | 
					
						
							| 
									
										
										
										
											2020-06-10 09:29:28 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-03 11:45:29 +02:00
										 |  |  |       if params.has_key?(:group_ids) || params.has_key?(:group_names) | 
					
						
							|  |  |  |         invite.invited_groups.destroy_all | 
					
						
							|  |  |  |         groups.each { |group| invite.invited_groups.find_or_create_by!(group_id: group.id) } if groups.present? | 
					
						
							|  |  |  |       end | 
					
						
							| 
									
										
										
										
											2020-06-10 09:29:28 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-03 11:45:29 +02:00
										 |  |  |       if params.has_key?(:email) | 
					
						
							|  |  |  |         old_email = invite.email.presence | 
					
						
							|  |  |  |         new_email = params[:email].presence | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-05-12 13:06:39 +03:00
										 |  |  |         if new_email | 
					
						
							|  |  |  |           if Invite.where.not(id: invite.id).find_by(email: new_email.downcase, invited_by_id: current_user.id)&.redeemable? | 
					
						
							|  |  |  |             return render_json_error(I18n.t("invite.invite_exists", email: new_email), status: 409) | 
					
						
							|  |  |  |           end | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-03 11:45:29 +02:00
										 |  |  |         if old_email != new_email | 
					
						
							| 
									
										
										
										
											2021-03-06 13:29:35 +02:00
										 |  |  |           invite.emailed_status = if new_email && !params[:skip_email] | 
					
						
							|  |  |  |             Invite.emailed_status_types[:pending] | 
					
						
							|  |  |  |           else | 
					
						
							|  |  |  |             Invite.emailed_status_types[:not_required] | 
					
						
							|  |  |  |           end | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  |       end | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       if params[:send_email] | 
					
						
							|  |  |  |         if invite.emailed_status != Invite.emailed_status_types[:pending] | 
					
						
							|  |  |  |           begin | 
					
						
							|  |  |  |             RateLimiter.new(current_user, "resend-invite-per-hour", 10, 1.hour).performed! | 
					
						
							|  |  |  |           rescue RateLimiter::LimitExceeded | 
					
						
							|  |  |  |             return render_json_error(I18n.t("rate_limiter.slow_down")) | 
					
						
							|  |  |  |           end | 
					
						
							| 
									
										
										
										
											2020-06-10 09:29:28 +08:00
										 |  |  |         end | 
					
						
							| 
									
										
										
										
											2021-03-03 11:45:29 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-06 13:29:35 +02:00
										 |  |  |         invite.emailed_status = Invite.emailed_status_types[:pending] | 
					
						
							| 
									
										
										
										
											2020-06-10 09:29:28 +08:00
										 |  |  |       end | 
					
						
							| 
									
										
										
										
											2015-08-26 07:11:52 +05:30
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-06 13:29:35 +02:00
										 |  |  |       begin | 
					
						
							|  |  |  |         invite.update!(params.permit(:email, :custom_message, :max_redemptions_allowed, :expires_at)) | 
					
						
							|  |  |  |       rescue ActiveRecord::RecordInvalid => e | 
					
						
							| 
									
										
										
										
											2021-04-15 14:46:32 +03:00
										 |  |  |         return render_json_error(e.record.errors.full_messages.first) | 
					
						
							| 
									
										
										
										
											2021-03-06 13:29:35 +02:00
										 |  |  |       end | 
					
						
							| 
									
										
										
										
											2020-07-13 18:09:36 +05:30
										 |  |  |     end | 
					
						
							| 
									
										
										
										
											2021-03-03 11:45:29 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |     if invite.emailed_status == Invite.emailed_status_types[:pending] | 
					
						
							|  |  |  |       invite.update_column(:emailed_status, Invite.emailed_status_types[:sending]) | 
					
						
							| 
									
										
										
										
											2021-05-06 10:16:42 +03:00
										 |  |  |       Jobs.enqueue(:invite_email, invite_id: invite.id, invite_to_topic: params[:invite_to_topic]) | 
					
						
							| 
									
										
										
										
											2015-09-16 17:27:32 +05:30
										 |  |  |     end | 
					
						
							| 
									
										
										
										
											2021-03-03 11:45:29 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-07-06 12:49:26 +03:00
										 |  |  |     render_serialized(invite, InviteSerializer, scope: guardian, root: nil, show_emails: params.has_key?(:email), show_warnings: true) | 
					
						
							| 
									
										
										
										
											2015-08-26 07:11:52 +05:30
										 |  |  |   end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-02-05 14:16:51 -05:00
										 |  |  |   def destroy | 
					
						
							| 
									
										
										
										
											2020-06-09 20:49:32 +05:30
										 |  |  |     params.require(:id) | 
					
						
							| 
									
										
										
										
											2013-02-05 14:16:51 -05:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-06-09 20:49:32 +05:30
										 |  |  |     invite = Invite.find_by(invited_by_id: current_user.id, id: params[:id]) | 
					
						
							|  |  |  |     raise Discourse::InvalidParameters.new(:id) if invite.blank? | 
					
						
							| 
									
										
										
										
											2021-03-03 11:45:29 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-07-09 15:20:18 -04:00
										 |  |  |     invite.trash!(current_user) | 
					
						
							| 
									
										
										
										
											2013-02-05 14:16:51 -05:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-06-10 09:25:58 +08:00
										 |  |  |     render json: success_json | 
					
						
							| 
									
										
										
										
											2013-02-05 14:16:51 -05:00
										 |  |  |   end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-19 10:20:10 +10:00
										 |  |  |   # For DiscourseConnect SSO, all invite acceptance is done | 
					
						
							|  |  |  |   # via the SessionController#sso_login route | 
					
						
							| 
									
										
										
										
											2021-03-03 11:45:29 +02:00
										 |  |  |   def perform_accept_invitation | 
					
						
							|  |  |  |     params.require(:id) | 
					
						
							| 
									
										
										
										
											2021-04-14 12:15:56 +03:00
										 |  |  |     params.permit(:email, :username, :name, :password, :timezone, :email_token, user_custom_fields: {}) | 
					
						
							| 
									
										
										
										
											2021-03-03 11:45:29 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |     invite = Invite.find_by(invite_key: params[:id]) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     if invite.present? | 
					
						
							|  |  |  |       begin | 
					
						
							| 
									
										
										
										
											2021-03-03 16:12:30 +08:00
										 |  |  |         attrs = { | 
					
						
							| 
									
										
										
										
											2021-03-03 11:45:29 +02:00
										 |  |  |           username: params[:username], | 
					
						
							|  |  |  |           name: params[:name], | 
					
						
							|  |  |  |           password: params[:password], | 
					
						
							|  |  |  |           user_custom_fields: params[:user_custom_fields], | 
					
						
							| 
									
										
										
										
											2021-03-02 15:13:04 +08:00
										 |  |  |           ip_address: request.remote_ip, | 
					
						
							|  |  |  |           session: session | 
					
						
							| 
									
										
										
										
											2021-03-03 16:12:30 +08:00
										 |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-04-14 12:15:56 +03:00
										 |  |  |         if invite.is_invite_link? | 
					
						
							|  |  |  |           params.require(:email) | 
					
						
							|  |  |  |           attrs[:email] = params[:email] | 
					
						
							|  |  |  |         else | 
					
						
							|  |  |  |           attrs[:email] = invite.email | 
					
						
							|  |  |  |           attrs[:email_token] = params[:email_token] if params[:email_token].present? | 
					
						
							|  |  |  |         end | 
					
						
							| 
									
										
										
										
											2021-03-03 16:12:30 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-19 10:20:10 +10:00
										 |  |  |         user = invite.redeem(**attrs) | 
					
						
							| 
									
										
										
										
											2021-04-15 15:23:49 +03:00
										 |  |  |       rescue ActiveRecord::RecordInvalid, ActiveRecord::RecordNotSaved, Invite::UserExists => e | 
					
						
							| 
									
										
										
										
											2021-03-03 11:45:29 +02:00
										 |  |  |         return render json: failed_json.merge(message: e.message), status: 412
 | 
					
						
							|  |  |  |       end | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       if user.blank? | 
					
						
							|  |  |  |         return render json: failed_json.merge(message: I18n.t('invite.not_found_json')), status: 404
 | 
					
						
							|  |  |  |       end | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       log_on_user(user) if user.active? | 
					
						
							|  |  |  |       user.update_timezone_if_missing(params[:timezone]) | 
					
						
							|  |  |  |       post_process_invite(user) | 
					
						
							| 
									
										
										
										
											2021-08-26 10:43:56 +03:00
										 |  |  |       create_topic_invite_notifications(invite, user) | 
					
						
							| 
									
										
										
										
											2021-03-03 11:45:29 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |       topic = invite.topics.first | 
					
						
							|  |  |  |       response = {} | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-06-30 12:00:47 +03:00
										 |  |  |       if user.present? | 
					
						
							|  |  |  |         if user.active? | 
					
						
							|  |  |  |           if user.guardian.can_see?(topic) | 
					
						
							|  |  |  |             response[:redirect_to] = path(topic.relative_url) | 
					
						
							|  |  |  |           else | 
					
						
							|  |  |  |             response[:redirect_to] = path("/") | 
					
						
							|  |  |  |           end | 
					
						
							|  |  |  |         else | 
					
						
							|  |  |  |           response[:message] = I18n.t('invite.confirm_email') | 
					
						
							|  |  |  |           if user.guardian.can_see?(topic) | 
					
						
							|  |  |  |             cookies[:destination_url] = path(topic.relative_url) | 
					
						
							|  |  |  |           end | 
					
						
							|  |  |  |         end | 
					
						
							| 
									
										
										
										
											2021-03-03 11:45:29 +02:00
										 |  |  |       end | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       render json: success_json.merge(response) | 
					
						
							|  |  |  |     else | 
					
						
							|  |  |  |       render json: failed_json.merge(message: I18n.t('invite.not_found_json')), status: 404
 | 
					
						
							|  |  |  |     end | 
					
						
							|  |  |  |   end | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   def destroy_all_expired | 
					
						
							|  |  |  |     guardian.ensure_can_destroy_all_invites!(current_user) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     Invite | 
					
						
							|  |  |  |       .where(invited_by: current_user) | 
					
						
							|  |  |  |       .where('expires_at < ?', Time.zone.now) | 
					
						
							|  |  |  |       .find_each { |invite| invite.trash!(current_user) } | 
					
						
							| 
									
										
										
										
											2017-06-29 20:02:07 +05:30
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-06-10 09:25:58 +08:00
										 |  |  |     render json: success_json | 
					
						
							| 
									
										
										
										
											2017-06-29 20:02:07 +05:30
										 |  |  |   end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-10-07 00:18:56 +05:30
										 |  |  |   def resend_invite | 
					
						
							|  |  |  |     params.require(:email) | 
					
						
							| 
									
										
										
										
											2016-06-07 01:06:59 +05:30
										 |  |  |     RateLimiter.new(current_user, "resend-invite-per-hour", 10, 1.hour).performed! | 
					
						
							| 
									
										
										
										
											2014-10-07 00:18:56 +05:30
										 |  |  | 
 | 
					
						
							|  |  |  |     invite = Invite.find_by(invited_by_id: current_user.id, email: params[:email]) | 
					
						
							|  |  |  |     raise Discourse::InvalidParameters.new(:email) if invite.blank? | 
					
						
							|  |  |  |     invite.resend_invite | 
					
						
							| 
									
										
										
										
											2020-06-10 09:25:58 +08:00
										 |  |  |     render json: success_json | 
					
						
							| 
									
										
										
										
											2016-06-07 01:06:59 +05:30
										 |  |  |   rescue RateLimiter::LimitExceeded | 
					
						
							|  |  |  |     render_json_error(I18n.t("rate_limiter.slow_down")) | 
					
						
							| 
									
										
										
										
											2014-10-07 00:18:56 +05:30
										 |  |  |   end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-06-03 00:39:02 +05:30
										 |  |  |   def resend_all_invites | 
					
						
							| 
									
										
										
										
											2016-06-07 10:57:08 +05:30
										 |  |  |     guardian.ensure_can_resend_all_invites!(current_user) | 
					
						
							| 
									
										
										
										
											2016-06-03 00:39:02 +05:30
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-06-17 10:45:53 +03:00
										 |  |  |     Invite.pending(current_user) | 
					
						
							| 
									
										
										
										
											2021-03-03 11:45:29 +02:00
										 |  |  |       .where('invites.email IS NOT NULL') | 
					
						
							|  |  |  |       .find_each { |invite| invite.resend_invite } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-06-10 09:25:58 +08:00
										 |  |  |     render json: success_json | 
					
						
							| 
									
										
										
										
											2016-06-03 00:39:02 +05:30
										 |  |  |   end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-12-04 21:36:35 +05:30
										 |  |  |   def upload_csv | 
					
						
							| 
									
										
										
										
											2014-05-28 01:44:37 +05:30
										 |  |  |     guardian.ensure_can_bulk_invite_to_forum!(current_user) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-06-04 20:19:46 +05:30
										 |  |  |     hijack do | 
					
						
							|  |  |  |       begin | 
					
						
							|  |  |  |         file = params[:file] || params[:files].first | 
					
						
							| 
									
										
										
										
											2016-12-04 21:36:35 +05:30
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-29 14:03:19 +03:00
										 |  |  |         csv_header = nil | 
					
						
							| 
									
										
										
										
											2019-06-04 20:19:46 +05:30
										 |  |  |         invites = [] | 
					
						
							| 
									
										
										
										
											2021-03-29 14:03:19 +03:00
										 |  |  | 
 | 
					
						
							|  |  |  |         CSV.foreach(file.tempfile, encoding: "bom|utf-8") do |row| | 
					
						
							|  |  |  |           # Try to extract a CSV header, if it exists | 
					
						
							|  |  |  |           if csv_header.nil? | 
					
						
							|  |  |  |             if row[0] == 'email' | 
					
						
							|  |  |  |               csv_header = row | 
					
						
							|  |  |  |               next | 
					
						
							|  |  |  |             else | 
					
						
							|  |  |  |               csv_header = ["email", "groups", "topic_id"] | 
					
						
							|  |  |  |             end | 
					
						
							|  |  |  |           end | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           if row[0].present? | 
					
						
							|  |  |  |             invites.push(csv_header.zip(row).map.to_h.filter { |k, v| v.present? }) | 
					
						
							|  |  |  |           end | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           break if invites.count >= SiteSetting.max_bulk_invites | 
					
						
							| 
									
										
										
										
											2019-06-04 20:19:46 +05:30
										 |  |  |         end | 
					
						
							| 
									
										
										
										
											2019-06-12 14:35:21 +05:30
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-06-04 20:19:46 +05:30
										 |  |  |         if invites.present? | 
					
						
							|  |  |  |           Jobs.enqueue(:bulk_invite, invites: invites, current_user_id: current_user.id) | 
					
						
							| 
									
										
										
										
											2021-03-29 14:03:19 +03:00
										 |  |  | 
 | 
					
						
							|  |  |  |           if invites.count >= SiteSetting.max_bulk_invites | 
					
						
							|  |  |  |             render json: failed_json.merge(errors: [I18n.t("bulk_invite.max_rows", max_bulk_invites: SiteSetting.max_bulk_invites)]), status: 422
 | 
					
						
							| 
									
										
										
										
											2019-06-12 14:35:21 +05:30
										 |  |  |           else | 
					
						
							|  |  |  |             render json: success_json | 
					
						
							|  |  |  |           end | 
					
						
							| 
									
										
										
										
											2019-06-04 20:19:46 +05:30
										 |  |  |         else | 
					
						
							|  |  |  |           render json: failed_json.merge(errors: [I18n.t("bulk_invite.error")]), status: 422
 | 
					
						
							|  |  |  |         end | 
					
						
							| 
									
										
										
										
											2016-12-04 21:36:35 +05:30
										 |  |  |       end | 
					
						
							| 
									
										
										
										
											2014-05-28 01:44:37 +05:30
										 |  |  |     end | 
					
						
							|  |  |  |   end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-03 11:45:29 +02:00
										 |  |  |   private | 
					
						
							| 
									
										
										
										
											2014-07-14 21:26:26 +05:30
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-02 15:13:04 +08:00
										 |  |  |   def ensure_invites_allowed | 
					
						
							| 
									
										
										
										
											2021-03-19 10:20:10 +10:00
										 |  |  |     if (!SiteSetting.enable_local_logins && Discourse.enabled_auth_providers.count == 0 && !SiteSetting.enable_discourse_connect) | 
					
						
							| 
									
										
										
										
											2021-03-02 15:13:04 +08:00
										 |  |  |       raise Discourse::NotFound | 
					
						
							|  |  |  |     end | 
					
						
							|  |  |  |   end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-07-14 15:42:14 -04:00
										 |  |  |   def ensure_new_registrations_allowed | 
					
						
							|  |  |  |     unless SiteSetting.allow_new_registrations | 
					
						
							|  |  |  |       flash[:error] = I18n.t('login.new_registrations_disabled') | 
					
						
							| 
									
										
										
										
											2015-01-15 15:56:53 -05:00
										 |  |  |       render layout: 'no_ember' | 
					
						
							| 
									
										
										
										
											2014-07-14 15:42:14 -04:00
										 |  |  |       false | 
					
						
							|  |  |  |     end | 
					
						
							|  |  |  |   end | 
					
						
							| 
									
										
										
										
											2016-02-23 19:03:12 +05:30
										 |  |  | 
 | 
					
						
							|  |  |  |   def ensure_not_logged_in | 
					
						
							|  |  |  |     if current_user | 
					
						
							| 
									
										
										
										
											2020-10-24 21:21:01 +05:30
										 |  |  |       flash[:error] = I18n.t("login.already_logged_in") | 
					
						
							| 
									
										
										
										
											2016-02-23 19:03:12 +05:30
										 |  |  |       render layout: 'no_ember' | 
					
						
							|  |  |  |       false | 
					
						
							|  |  |  |     end | 
					
						
							|  |  |  |   end | 
					
						
							| 
									
										
										
										
											2017-04-15 14:48:05 +05:30
										 |  |  | 
 | 
					
						
							|  |  |  |   def post_process_invite(user) | 
					
						
							|  |  |  |     user.enqueue_welcome_message('welcome_invite') if user.send_welcome_message | 
					
						
							| 
									
										
										
										
											2018-12-10 23:24:02 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-05-10 15:49:12 +03:00
										 |  |  |     Group.refresh_automatic_groups!(:admins, :moderators, :staff) if user.staff? | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-04-15 14:48:05 +05:30
										 |  |  |     if user.has_password? | 
					
						
							| 
									
										
										
										
											2018-12-10 23:24:02 +01:00
										 |  |  |       send_activation_email(user) unless user.active | 
					
						
							| 
									
										
										
										
											2021-02-08 10:04:33 +00:00
										 |  |  |     elsif !SiteSetting.enable_discourse_connect && SiteSetting.enable_local_logins | 
					
						
							| 
									
										
										
										
											2017-04-18 14:25:52 +05:30
										 |  |  |       Jobs.enqueue(:invite_password_instructions_email, username: user.username) | 
					
						
							| 
									
										
										
										
											2017-04-15 14:48:05 +05:30
										 |  |  |     end | 
					
						
							| 
									
										
										
										
											2018-06-07 13:28:18 +08:00
										 |  |  |   end | 
					
						
							| 
									
										
										
										
											2017-04-15 14:48:05 +05:30
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-08-26 10:43:56 +03:00
										 |  |  |   def create_topic_invite_notifications(invite, user) | 
					
						
							|  |  |  |     invite.topics.each do |topic| | 
					
						
							|  |  |  |       if user.guardian.can_see?(topic) | 
					
						
							|  |  |  |         last_notification = user.notifications | 
					
						
							|  |  |  |           .where(notification_type: Notification.types[:invited_to_topic]) | 
					
						
							|  |  |  |           .where(topic_id: topic.id) | 
					
						
							|  |  |  |           .where(post_number: 1) | 
					
						
							|  |  |  |           .where('created_at > ?', 1.hour.ago) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         if !last_notification.exists? | 
					
						
							|  |  |  |           topic.create_invite_notification!( | 
					
						
							|  |  |  |             user, | 
					
						
							|  |  |  |             Notification.types[:invited_to_topic], | 
					
						
							|  |  |  |             invite.invited_by.username | 
					
						
							|  |  |  |           ) | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  |       end | 
					
						
							|  |  |  |     end | 
					
						
							|  |  |  |   end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-12-10 23:24:02 +01:00
										 |  |  |   def send_activation_email(user) | 
					
						
							| 
									
										
										
										
											2018-12-12 08:36:13 +08:00
										 |  |  |     email_token = user.email_tokens.create!(email: user.email) | 
					
						
							| 
									
										
										
										
											2018-12-10 23:24:02 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  |     Jobs.enqueue(:critical_user_email, | 
					
						
							|  |  |  |                  type: :signup, | 
					
						
							|  |  |  |                  user_id: user.id, | 
					
						
							|  |  |  |                  email_token: email_token.token | 
					
						
							|  |  |  |     ) | 
					
						
							|  |  |  |   end | 
					
						
							| 
									
										
										
										
											2013-02-05 14:16:51 -05:00
										 |  |  | end |