discourse/spec/models
Martin Brennan a414520742
SECURITY: Prevent email from being nil in InviteRedeemer (#19004)
This commit adds some protections in InviteRedeemer to ensure that email
can never be nil, which could cause issues with inviting the invited
person to private topics since there was an incorrect inner join.

If the email is nil and the invite is scoped to an email, we just use
that invite.email unconditionally.  If a redeeming_user (an existing
user) is passed in when redeeming an email, we use their email to
override the passed in email.  Otherwise we just use the passed in
email.  We now raise an error after all this if the email is still nil.
This commit also adds some tests to catch the private topic fix, and
some general improvements and comments around the invite code.

This commit also includes a migration to delete TopicAllowedUser records
for users who were mistakenly added to topics as part of the invite
redemption process.
2022-11-14 12:02:06 +10:00
..
about_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
admin_dashboard_data_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
api_key_scope_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
api_key_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
application_request_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
associated_group_spec.rb Use service account credentials for fetching google hd groups (#18329) 2022-10-13 16:04:42 +01:00
badge_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
badge_type_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
bookmark_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
category_featured_topic_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
category_group_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
category_list_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
category_spec.rb FIX: Reset related site settings on general category delete (#18548) 2022-10-12 11:09:45 -06:00
category_user_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
child_theme_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
color_scheme_color_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
color_scheme_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
developer_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
digest_email_site_setting_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
directory_item_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
discourse_connect_spec.rb FIX: Don't attempt to add user again to a group when syncing groups via SSO (#18772) 2022-10-28 13:27:12 +03:00
do_not_disturb_timing_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
draft_sequence_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
draft_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
email_change_request_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
email_log_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
email_token_spec.rb FIX: do not redeem expired invites on new user signup (#17798) 2022-08-05 07:50:48 +05:30
embeddable_host_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
emoji_spec.rb FIX: do not include group less emojis in standard list (#18659) 2022-10-19 09:53:56 +02:00
given_daily_like_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
global_setting_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
group_archived_message_spec.rb DEV: Remove usages of enable_personal_messages (#18437) 2022-10-05 10:50:20 +10:00
group_associated_group_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
group_history_spec.rb DEV: Automatically require 'rails_helper' in all specs (#16077) 2022-03-01 17:50:50 +00:00
group_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
group_user_spec.rb FIX: Restore trust level when leaving group (#17954) 2022-08-29 13:00:48 +03:00
incoming_link_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
incoming_links_report_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
invite_redeemer_spec.rb SECURITY: Prevent email from being nil in InviteRedeemer (#19004) 2022-11-14 12:02:06 +10:00
invite_spec.rb SECURITY: Fix invite link email validation (#18817) 2022-11-01 16:33:32 +00:00
javascript_cache_spec.rb DEV: Automatically require 'rails_helper' in all specs (#16077) 2022-03-01 17:50:50 +00:00
locale_site_setting_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
mailing_list_mode_site_setting_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
notification_spec.rb DEV: Prioritize unread notifications in the experimental user menu (#18216) 2022-09-12 21:19:25 +03:00
optimized_image_spec.rb DEV: Rename secure_media to secure_uploads (#18376) 2022-09-29 09:24:33 +10:00
permalink_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
plugin_store_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
post_action_spec.rb FEATURE: Introduce personal_message_enabled_groups setting (#18042) 2022-09-26 13:58:40 +10:00
post_action_type_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
post_analyzer_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
post_detail_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
post_mover_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
post_reply_key_spec.rb DEV: Automatically require 'rails_helper' in all specs (#16077) 2022-03-01 17:50:50 +00:00
post_reply_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
post_revision_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
post_spec.rb DEV: Rename secure_media to secure_uploads (#18376) 2022-09-29 09:24:33 +10:00
post_timing_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
private_message_topic_tracking_state_spec.rb DEV: Remove usages of enable_personal_messages (#18437) 2022-10-05 10:50:20 +10:00
published_page_spec.rb DEV: Automatically require 'rails_helper' in all specs (#16077) 2022-03-01 17:50:50 +00:00
quoted_post_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
remote_theme_spec.rb SECURITY: Expand and improve SSRF Protections (#18815) 2022-11-01 16:33:17 +00:00
report_spec.rb DEV: Fix mocha deprecations (#18828) 2022-11-02 10:47:59 +01:00
reviewable_claimed_topic_spec.rb DEV: Automatically require 'rails_helper' in all specs (#16077) 2022-03-01 17:50:50 +00:00
reviewable_flagged_post_spec.rb DEV: Use AR enums in reviewables related code 2022-09-22 14:44:27 +02:00
reviewable_history_spec.rb DEV: Use AR enums in reviewables related code 2022-09-22 14:44:27 +02:00
reviewable_post_spec.rb DEV: Use AR enums in reviewables related code 2022-09-22 14:44:27 +02:00
reviewable_queued_post_spec.rb DEV: Use AR enums in reviewables related code 2022-09-22 14:44:27 +02:00
reviewable_score_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
reviewable_spec.rb DEV: Delete reviewable associations when deleting (#18472) 2022-10-05 13:38:41 -03:00
reviewable_user_spec.rb DEV: Fix mocha deprecations (#18828) 2022-11-02 10:47:59 +01:00
s3_region_site_setting_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
screened_email_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
screened_ip_address_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
screened_url_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
search_log_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
sidebar_section_link_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
site_setting_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
site_spec.rb FIX: do not show welcome CTA banner if the welcome topic is deleted (#18528) 2022-10-10 16:53:19 +05:30
sitemap_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
skipped_email_log_spec.rb DEV: Automatically require 'rails_helper' in all specs (#16077) 2022-03-01 17:50:50 +00:00
stylesheet_cache_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
tag_group_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
tag_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
tag_user_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
theme_field_spec.rb DEV: Introduce minification and source maps for Theme JS (#18646) 2022-10-18 18:20:10 +01:00
theme_modifier_set_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
theme_spec.rb DEV: Introduce minification and source maps for Theme JS (#18646) 2022-10-18 18:20:10 +01:00
top_menu_item_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
top_topic_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
topic_allowed_user_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
topic_converter_spec.rb FEATURE: Make General the default category (#18383) 2022-09-30 12:20:21 -06:00
topic_embed_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
topic_featured_users_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
topic_group_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
topic_invite_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
topic_link_click_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
topic_link_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
topic_list_spec.rb FIX: Avoid duplicate topic-list requests (#18073) 2022-08-24 11:54:01 +01:00
topic_participants_summary_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
topic_posters_summary_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
topic_spec.rb DEV: Remove remaining hardcoded ids (#18735) 2022-10-25 15:29:09 +08:00
topic_tag_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
topic_thumbnail_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
topic_timer_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
topic_tracking_state_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
topic_user_spec.rb DEV: Remove usages of enable_personal_messages (#18437) 2022-10-05 10:50:20 +10:00
topic_view_item_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
translation_override_spec.rb FEATURE: update bootstrap mode notice to add invite and wizard links (#17822) 2022-08-10 00:13:42 +05:30
trust_level3_requirements_spec.rb DEV: Remove usages of enable_personal_messages (#18437) 2022-10-05 10:50:20 +10:00
trust_level_and_staff_setting_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
trust_level_setting_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
unsubscribe_key_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
upload_reference_spec.rb FEATURE: Add dark mode option for category logos (#18460) 2022-10-07 11:00:44 -04:00
upload_spec.rb FIX: Correctly handle HTTP errors during dominant color calculation (#18565) 2022-10-12 15:50:44 +01:00
user_action_spec.rb FIX: action_code_path not being loaded for user-stream-item (#18577) 2022-10-13 19:10:18 +10:00
user_api_key_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
user_archived_message_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
user_associated_group_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
user_auth_token_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
user_avatar_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
user_badge_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
user_bookmark_list_spec.rb FIX: Return next bookmarks page only if it exists (#18139) 2022-09-01 13:04:00 +03:00
user_email_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
user_export_spec.rb DEV: Automatically require 'rails_helper' in all specs (#16077) 2022-03-01 17:50:50 +00:00
user_field_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
user_history_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
user_notification_schedule_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
user_option_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
user_profile_spec.rb SECURITY: Limit user profile field length (#18302) 2022-09-21 12:07:06 +10:00
user_profile_view_spec.rb DEV: Automatically require 'rails_helper' in all specs (#16077) 2022-03-01 17:50:50 +00:00
user_search_spec.rb DEV: Remove usages of enable_personal_messages (#18437) 2022-10-05 10:50:20 +10:00
user_second_factor_spec.rb DEV: Automatically require 'rails_helper' in all specs (#16077) 2022-03-01 17:50:50 +00:00
user_spec.rb FIX: Update sidebar links when promoted to admin (#18928) 2022-11-07 16:39:24 -07:00
user_stat_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
user_status_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
user_summary_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
user_visit_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
username_validator_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
watched_word_spec.rb FIX: Allow to add the same watched word with a different case (#17799) 2022-08-05 12:18:17 +02:00
web_crawler_request_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
web_hook_event_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
web_hook_spec.rb SECURITY: Expand and improve SSRF Protections (#18815) 2022-11-01 16:33:17 +00:00