FIX: Ensure that login does not fail for users with invite records (#15647)

In the unlikely, but possible, scenario where a user has no email_tokens, and has an invite record for their email address, login would fail. This commit fixes the `Invite` `user_doesnt_already_exist` validation so that it only applies to new invites, or when changing the email address. This regressed in d8fe0f4199 (based on `git bisect`)
2025-02-25 18:55:32 -06:00 · 2022-01-20 10:54:38 +00:00
parent 5b7bddf966
commit 820564826e
2 changed files with 15 additions and 1 deletions
--- a/spec/requests/omniauth_callbacks_controller_spec.rb
+++ b/spec/requests/omniauth_callbacks_controller_spec.rb
@@ -411,6 +411,20 @@ RSpec.describe Users::OmniauthCallbacksController do
        expect(user.confirm_password?("securepassword")).to eq(false)
      end

+      it "should work if the user has no email_tokens, and an invite" do
+        # Confirming existing email_tokens has a side effect of redeeming invites.
+        # Pretend we don't have any email_tokens
+        user.email_tokens.destroy_all
+
+        invite = Fabricate(:invite, invited_by: Fabricate(:admin))
+        invite.update_column(:email, user.email) # (avoid validation)
+
+        get "/auth/google_oauth2/callback.json"
+        expect(response.status).to eq(302)
+
+        expect(invite.reload.invalidated_at).not_to eq(nil)
+      end
+
      it "should update name/username/email when SiteSetting.auth_overrides_* are enabled" do
        SiteSetting.email_editable = false
        SiteSetting.auth_overrides_email = true