From a157f4aaaa8315e83d5be79e12aa630f11524c20 Mon Sep 17 00:00:00 2001 From: Arpit Jalan Date: Wed, 4 Mar 2020 15:38:27 +0530 Subject: [PATCH] Remove invite_admin route. --- app/controllers/admin/users_controller.rb | 35 ---------------- config/routes.rb | 1 - spec/requests/admin/users_controller_spec.rb | 44 -------------------- 3 files changed, 80 deletions(-) diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb index 932de723b6f..7ced962b3d8 100644 --- a/app/controllers/admin/users_controller.rb +++ b/app/controllers/admin/users_controller.rb @@ -458,41 +458,6 @@ class Admin::UsersController < Admin::AdminController render json: { total: AdminUserIndexQuery.new(params).count_users } end - def invite_admin - raise Discourse::InvalidAccess.new unless is_api? - - email = params[:email] - unless user = User.find_by_email(email) - name = params[:name] if params[:name].present? - username = params[:username] if params[:username].present? - - user = User.new(email: email) - user.password = SecureRandom.hex - user.username = UserNameSuggester.suggest(username || name || email) - user.name = User.suggest_name(name || username || email) - end - - user.active = true - user.save! - user.grant_admin! - user.change_trust_level!(4) - user.email_tokens.update_all confirmed: true - - email_token = user.email_tokens.create(email: user.email) - - unless params[:send_email] == '0' || params[:send_email] == 'false' - Jobs.enqueue(:critical_user_email, - type: :account_created, - user_id: user.id, - email_token: email_token.token) - end - - render json: success_json.merge!( - password_url: "#{Discourse.base_url}#{password_reset_token_path(token: email_token.token)}" - ) - - end - def anonymize guardian.ensure_can_anonymize_user!(@user) if user = UserAnonymizer.new(@user, current_user).make_anonymous diff --git a/config/routes.rb b/config/routes.rb index 5d61ccc630b..8fd2d19727d 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -140,7 +140,6 @@ Discourse::Application.routes.draw do get 'users/:id/:username/tl3_requirements' => 'users#show' post "users/sync_sso" => "users#sync_sso", constraints: AdminConstraint.new - post "users/invite_admin" => "users#invite_admin", constraints: AdminConstraint.new resources :impersonate, constraints: AdminConstraint.new diff --git a/spec/requests/admin/users_controller_spec.rb b/spec/requests/admin/users_controller_spec.rb index 49a730ef641..92b79ce27f6 100644 --- a/spec/requests/admin/users_controller_spec.rb +++ b/spec/requests/admin/users_controller_spec.rb @@ -757,50 +757,6 @@ RSpec.describe Admin::UsersController do end end - describe '#invite_admin' do - let(:api_key) { Fabricate(:api_key, user: admin) } - let(:api_params) do - { api_key: api_key.key, api_username: admin.username } - end - - it "doesn't work when not via API" do - post "/admin/users/invite_admin.json", params: { - name: 'Bill', username: 'bill22', email: 'bill@bill.com' - } - - expect(response.status).to eq(403) - end - - it 'should invite admin' do - expect do - post "/admin/users/invite_admin.json", params: api_params.merge( - name: 'Bill', username: 'bill22', email: 'bill@bill.com' - ) - end.to change { Jobs::CriticalUserEmail.jobs.size }.by(1) - - expect(response.status).to eq(200) - - u = User.find_by_email('bill@bill.com') - expect(u.name).to eq("Bill") - expect(u.username).to eq("bill22") - expect(u.admin).to eq(true) - expect(u.active).to eq(true) - expect(u.approved).to eq(true) - end - - it "doesn't send the email with send_email falsey" do - expect do - post "/admin/users/invite_admin.json", params: api_params.merge( - name: 'Bill', username: 'bill22', email: 'bill@bill.com', send_email: '0' - ) - end.to change { Jobs::CriticalUserEmail.jobs.size }.by(0) - - expect(response.status).to eq(200) - json = ::JSON.parse(response.body) - expect(json["password_url"]).to be_present - end - end - describe '#sync_sso' do let(:sso) { SingleSignOn.new } let(:sso_secret) { "sso secret" }