mirror of
https://github.com/discourse/discourse.git
synced 2024-11-27 03:10:46 -06:00
FIX: allow API to create users when invite_only is true
This commit is contained in:
parent
e8bbc147ad
commit
7a4082cbad
@ -182,7 +182,8 @@ class UsersController < ApplicationController
|
||||
render json: {
|
||||
success: true,
|
||||
active: user.active?,
|
||||
message: activation.message
|
||||
message: activation.message,
|
||||
user_id: user.id
|
||||
}
|
||||
else
|
||||
render json: {
|
||||
@ -501,10 +502,14 @@ class UsersController < ApplicationController
|
||||
end
|
||||
|
||||
def suspicious?(params)
|
||||
return false if current_user && is_api? && current_user.admin?
|
||||
|
||||
honeypot_or_challenge_fails?(params) || SiteSetting.invite_only?
|
||||
end
|
||||
|
||||
def honeypot_or_challenge_fails?(params)
|
||||
return false if is_api?
|
||||
|
||||
params[:password_confirmation] != honeypot_value ||
|
||||
params[:challenge] != challenge_value.try(:reverse)
|
||||
end
|
||||
|
41
spec/integration/invite_only_registration_spec.rb
Normal file
41
spec/integration/invite_only_registration_spec.rb
Normal file
@ -0,0 +1,41 @@
|
||||
# encoding: UTF-8
|
||||
|
||||
require 'spec_helper'
|
||||
|
||||
describe 'invite only' do
|
||||
|
||||
describe '#create invite only' do
|
||||
it 'can create user via API' do
|
||||
|
||||
SiteSetting.invite_only = true
|
||||
|
||||
admin = Fabricate(:admin)
|
||||
api_key = Fabricate(:api_key, user: admin)
|
||||
|
||||
xhr :post, '/users',
|
||||
name: 'bob',
|
||||
username: 'bob',
|
||||
password: 'strongpassword',
|
||||
email: 'bob@bob.com',
|
||||
api_key: api_key.key,
|
||||
api_username: admin.username
|
||||
|
||||
user_id = JSON.parse(response.body)["user_id"]
|
||||
user_id.should be > 0
|
||||
|
||||
# activate and approve
|
||||
xhr :put, "/admin/users/#{user_id}/activate",
|
||||
api_key: api_key.key,
|
||||
api_username: admin.username
|
||||
|
||||
xhr :put, "/admin/users/#{user_id}/approve",
|
||||
api_key: api_key.key,
|
||||
api_username: admin.username
|
||||
|
||||
u = User.find(user_id)
|
||||
u.active.should == true
|
||||
u.approved.should == true
|
||||
|
||||
end
|
||||
end
|
||||
end
|
Loading…
Reference in New Issue
Block a user