From ef68e11137e35cde505e9cee45ea32f88feeee48 Mon Sep 17 00:00:00 2001 From: Dan Ungureanu Date: Wed, 2 Sep 2020 13:24:49 +0300 Subject: [PATCH] FIX: Check if invite has expired before showing it (#10581) --- app/controllers/invites_controller.rb | 2 +- spec/requests/invites_controller_spec.rb | 12 ++++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/app/controllers/invites_controller.rb b/app/controllers/invites_controller.rb index 6c5e2c42152..ed8255e2391 100644 --- a/app/controllers/invites_controller.rb +++ b/app/controllers/invites_controller.rb @@ -19,7 +19,7 @@ class InvitesController < ApplicationController invite = Invite.find_by(invite_key: params[:id]) - if invite.present? + if invite.present? && !invite.expired? if !invite.redeemed? store_preloaded("invite_info", MultiJson.dump( invited_by: UserNameSerializer.new(invite.invited_by, scope: guardian, root: false), diff --git a/spec/requests/invites_controller_spec.rb b/spec/requests/invites_controller_spec.rb index 1b21baf8ba8..031ed10fa4e 100644 --- a/spec/requests/invites_controller_spec.rb +++ b/spec/requests/invites_controller_spec.rb @@ -20,6 +20,18 @@ describe InvitesController do expect(CGI.unescapeHTML(body)).to include(I18n.t('invite.not_found', base_url: Discourse.base_url)) end + it "returns error if invite expired" do + invite.update(expires_at: 1.day.ago) + + get "/invites/#{invite.invite_key}" + + expect(response.status).to eq(200) + + body = response.body + expect(body).to_not have_tag(:script, with: { src: '/assets/application.js' }) + expect(CGI.unescapeHTML(body)).to include(I18n.t('invite.not_found', base_url: Discourse.base_url)) + end + it "renders the accept invite page if invite exists" do get "/invites/#{invite.invite_key}"