3pp-mirror/penpot
1
0
Fork 0
mirror of https://github.com/penpot/penpot.git synced 2025-05-19 18:26:11 +02:00
Code Issues Projects Releases Packages Wiki Activity

🐛 Fix incorrect invitation flow

Browse source
This commit is contained in:
Andrey Antukh 2023-02-24 15:42:56 +01:00
parent 7771467aa0
commit 4d627f8993
1 changed files with 13 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

34
backend/src/app/rpc/commands/verify_token.clj
View file

@ -133,7 +133,7 @@
:opt-un [::spec.team-invitation/member-id])) :opt-un [::spec.team-invitation/member-id]))
(defmethod process-token :team-invitation (defmethod process-token :team-invitation
[{:keys [conn session] :as cfg} [{:keys [conn] :as cfg}
{:keys [::rpc/profile-id token]} {:keys [::rpc/profile-id token]}
{:keys [member-id team-id member-email] :as claims}] {:keys [member-id team-id member-email] :as claims}]
@ -152,9 +152,10 @@
(if (some? profile) (if (some? profile)
(if (or (= member-id profile-id) (if (or (= member-id profile-id)
(= member-email (:email profile))) (= member-email (:email profile)))
;; if we have logged-in user and it matches the invitation we
;; proceed with accepting the invitation and joining the ;; if we have logged-in user and it matches the invitation we proceed
;; current profile to the invited team. ;; with accepting the invitation and joining the current profile to the
;; invited team.
(let [profile (accept-invitation cfg claims invitation profile)] (let [profile (accept-invitation cfg claims invitation profile)]
(-> (assoc claims :state :created) (-> (assoc claims :state :created)
(rph/with-meta {::audit/name "accept-team-invitation" (rph/with-meta {::audit/name "accept-team-invitation"
@ -167,27 +168,14 @@
:code :invalid-token :code :invalid-token
:hint "logged-in user does not matches the invitation")) :hint "logged-in user does not matches the invitation"))
;; If we have not logged-in user, we try find the invited ;; If we have not logged-in user, and invitation comes with member-id we
;; profile by member-id or member-email props of the invitation ;; redirect user to login, if no memeber-id is present in the invitation
;; token; If profile is found, we accept the invitation and ;; token, we redirect user the the register page.
;; leave the user logged-in.
(if-let [member (db/get* conn :profile
(if member-id
{:id member-id}
{:email member-email})
{:columns [:id :email]})]
(let [profile (accept-invitation cfg claims invitation member)]
(-> (assoc claims :state :created)
(rph/with-transform (session/create-fn session (:id profile)))
(rph/with-meta {::audit/name "accept-team-invitation"
::audit/profile-id (:id profile)
::audit/props {:team-id (:team-id claims)
:role (:role claims)
:invitation-id (:id invitation)}})))
{:invitation-token token {:invitation-token token
:iss :team-invitation :iss :team-invitation
:redirect-to :auth-register :redirect-to (if member-id :auth-login :auth-register)
:state :pending})))) :state :pending})))
;; --- Default ;; --- Default