Merge branch 'feature/767-multiple-use-invite-token' into 'develop'

Feature/767 multiple use invite token See merge request pleroma/pleroma!1032
2019-04-10 10:10:08 +00:00 · 2019-04-10 10:10:08 +00:00 · e5d553aa45
commit e5d553aa45
parent 6504b43f96 fee50636d0
14 changed files with 1003 additions and 112 deletions
--- a/lib/pleroma/web/admin_api/admin_api_controller.ex
+++ b/lib/pleroma/web/admin_api/admin_api_controller.ex
@ -5,6 +5,7 @@
 defmodule Pleroma.Web.AdminAPI.AdminAPIController do
  use Pleroma.Web, :controller
  alias Pleroma.User
+  alias Pleroma.UserInviteToken
  alias Pleroma.Web.ActivityPub.Relay
  alias Pleroma.Web.AdminAPI.AccountView
  alias Pleroma.Web.AdminAPI.Search
@ -235,7 +236,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
    with true <-
           Pleroma.Config.get([:instance, :invites_enabled]) &&
             !Pleroma.Config.get([:instance, :registrations_open]),
-         {:ok, invite_token} <- Pleroma.UserInviteToken.create_token(),
+         {:ok, invite_token} <- UserInviteToken.create_invite(),
         email <-
           Pleroma.UserEmail.user_invitation_email(user, invite_token, email, params["name"]),
         {:ok, _} <- Pleroma.Mailer.deliver(email) do
@ -244,11 +245,29 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
  end

  @doc "Get a account registeration invite token (base64 string)"
-  def get_invite_token(conn, _params) do
-    {:ok, token} = Pleroma.UserInviteToken.create_token()
+  def get_invite_token(conn, params) do
+    options = params["invite"] || %{}
+    {:ok, invite} = UserInviteToken.create_invite(options)

    conn
-    |> json(token.token)
+    |> json(invite.token)
+  end
+
+  @doc "Get list of created invites"
+  def invites(conn, _params) do
+    invites = UserInviteToken.list_invites()
+
+    conn
+    |> json(AccountView.render("invites.json", %{invites: invites}))
+  end
+
+  @doc "Revokes invite by token"
+  def revoke_invite(conn, %{"token" => token}) do
+    invite = UserInviteToken.find_by_token!(token)
+    {:ok, updated_invite} = UserInviteToken.update_invite(invite, %{used: true})
+
+    conn
+    |> json(AccountView.render("invite.json", %{invite: updated_invite}))
  end

  @doc "Get a password reset token (base64 string) for given nickname"
--- a/lib/pleroma/web/admin_api/views/account_view.ex
+++ b/lib/pleroma/web/admin_api/views/account_view.ex
@ -26,4 +26,22 @@ defmodule Pleroma.Web.AdminAPI.AccountView do
      "tags" => user.tags || []
    }
  end
+
+  def render("invite.json", %{invite: invite}) do
+    %{
+      "id" => invite.id,
+      "token" => invite.token,
+      "used" => invite.used,
+      "expires_at" => invite.expires_at,
+      "uses" => invite.uses,
+      "max_use" => invite.max_use,
+      "invite_type" => invite.invite_type
+    }
+  end
+
+  def render("invites.json", %{invites: invites}) do
+    %{
+      invites: render_many(invites, AccountView, "invite.json", as: :invite)
+    }
+  end
 end
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@ -168,6 +168,8 @@ defmodule Pleroma.Web.Router do
    delete("/relay", AdminAPIController, :relay_unfollow)

    get("/invite_token", AdminAPIController, :get_invite_token)
+    get("/invites", AdminAPIController, :invites)
+    post("/revoke_invite", AdminAPIController, :revoke_invite)
    post("/email_invite", AdminAPIController, :email_invite)

    get("/password_reset", AdminAPIController, :get_password_reset)
--- a/lib/pleroma/web/twitter_api/twitter_api.ex
+++ b/lib/pleroma/web/twitter_api/twitter_api.ex
@ -129,7 +129,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do
  end

  def register_user(params) do
-    token_string = params["token"]
+    token = params["token"]

    params = %{
      nickname: params["nickname"],
@ -163,36 +163,49 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do
      {:error, %{error: Jason.encode!(%{captcha: [error]})}}
    else
      registrations_open = Pleroma.Config.get([:instance, :registrations_open])
+      registration_process(registrations_open, params, token)
+    end
+  end

-      # no need to query DB if registration is open
-      token =
-        unless registrations_open || is_nil(token_string) do
-          Repo.get_by(UserInviteToken, %{token: token_string})
-        end
-
-      cond do
-        registrations_open || (!is_nil(token) && !token.used) ->
-          changeset = User.register_changeset(%User{}, params)
-
-          with {:ok, user} <- User.register(changeset) do
-            !registrations_open && UserInviteToken.mark_as_used(token.token)
-
-            {:ok, user}
-          else
-            {:error, changeset} ->
-              errors =
-                Ecto.Changeset.traverse_errors(changeset, fn {msg, _opts} -> msg end)
-                |> Jason.encode!()
-
-              {:error, %{error: errors}}
-          end
-
-        !registrations_open && is_nil(token) ->
-          {:error, "Invalid token"}
-
-        !registrations_open && token.used ->
-          {:error, "Expired token"}
+  defp registration_process(registration_open, params, token)
+       when registration_open == false or is_nil(registration_open) do
+    invite =
+      unless is_nil(token) do
+        Repo.get_by(UserInviteToken, %{token: token})
      end
+
+    valid_invite? = invite && UserInviteToken.valid_invite?(invite)
+
+    case invite do
+      nil ->
+        {:error, "Invalid token"}
+
+      invite when valid_invite? ->
+        UserInviteToken.update_usage!(invite)
+        create_user(params)
+
+      _ ->
+        {:error, "Expired token"}
+    end
+  end
+
+  defp registration_process(true, params, _token) do
+    create_user(params)
+  end
+
+  defp create_user(params) do
+    changeset = User.register_changeset(%User{}, params)
+
+    case User.register(changeset) do
+      {:ok, user} ->
+        {:ok, user}
+
+      {:error, changeset} ->
+        errors =
+          Ecto.Changeset.traverse_errors(changeset, fn {msg, _opts} -> msg end)
+          |> Jason.encode!()
+
+        {:error, %{error: errors}}
    end
  end