2019-05-03 06:17:27 +08:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2013-02-06 03:16:51 +08:00
|
|
|
class Invite < ActiveRecord::Base
|
2017-05-02 17:43:33 +08:00
|
|
|
class UserExists < StandardError; end
|
2021-03-19 08:20:10 +08:00
|
|
|
class RedemptionFailed < StandardError; end
|
|
|
|
class ValidationFailed < StandardError; end
|
2021-03-03 17:45:29 +08:00
|
|
|
|
2015-01-20 02:50:01 +08:00
|
|
|
include RateLimiter::OnCreateRecord
|
2013-05-07 12:39:01 +08:00
|
|
|
include Trashable
|
2013-02-07 23:45:24 +08:00
|
|
|
|
2022-01-11 10:57:21 +08:00
|
|
|
# TODO(2021-05-22): remove
|
|
|
|
self.ignored_columns = %w{
|
|
|
|
user_id
|
|
|
|
redeemed_at
|
|
|
|
}
|
|
|
|
|
2019-07-19 13:59:12 +08:00
|
|
|
BULK_INVITE_EMAIL_LIMIT = 200
|
2021-12-13 13:39:14 +08:00
|
|
|
DOMAIN_REGEX = /\A(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)+([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])\z/
|
2019-07-19 13:59:12 +08:00
|
|
|
|
2015-01-20 02:50:01 +08:00
|
|
|
rate_limit :limit_invites_per_day
|
|
|
|
|
2013-03-01 02:54:12 +08:00
|
|
|
belongs_to :invited_by, class_name: 'User'
|
2013-02-06 03:16:51 +08:00
|
|
|
|
2020-06-09 23:19:32 +08:00
|
|
|
has_many :invited_users
|
|
|
|
has_many :users, through: :invited_users
|
2014-05-08 14:45:49 +08:00
|
|
|
has_many :invited_groups
|
|
|
|
has_many :groups, through: :invited_groups
|
2013-02-06 03:16:51 +08:00
|
|
|
has_many :topic_invites
|
2013-02-07 23:45:24 +08:00
|
|
|
has_many :topics, through: :topic_invites, source: :topic
|
2021-03-03 17:45:29 +08:00
|
|
|
|
2013-02-06 03:16:51 +08:00
|
|
|
validates_presence_of :invited_by_id
|
2020-06-03 10:13:25 +08:00
|
|
|
validates :email, email: true, allow_blank: true
|
2021-03-03 17:45:29 +08:00
|
|
|
validate :ensure_max_redemptions_allowed
|
2022-09-30 18:35:00 +08:00
|
|
|
validate :valid_redemption_count
|
2021-12-08 23:06:57 +08:00
|
|
|
validate :valid_domain, if: :will_save_change_to_domain?
|
2022-01-20 18:54:38 +08:00
|
|
|
validate :user_doesnt_already_exist, if: :will_save_change_to_email?
|
2022-09-30 18:35:00 +08:00
|
|
|
validate :email_xor_domain
|
2013-02-06 03:16:51 +08:00
|
|
|
|
|
|
|
before_create do
|
2021-04-15 00:22:16 +08:00
|
|
|
self.invite_key ||= SecureRandom.base58(10)
|
2020-06-09 23:19:32 +08:00
|
|
|
self.expires_at ||= SiteSetting.invite_expiry_days.days.from_now
|
2013-02-06 03:16:51 +08:00
|
|
|
end
|
|
|
|
|
2021-04-14 17:15:56 +08:00
|
|
|
before_save do
|
|
|
|
if will_save_change_to_email?
|
|
|
|
self.email_token = email.present? ? SecureRandom.hex : nil
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2014-07-14 23:56:26 +08:00
|
|
|
before_validation do
|
|
|
|
self.email = Email.downcase(email) unless email.nil?
|
2013-02-06 03:16:51 +08:00
|
|
|
end
|
|
|
|
|
2022-05-10 23:45:43 +08:00
|
|
|
attribute :email_already_exists
|
2013-02-07 23:45:24 +08:00
|
|
|
|
2019-07-19 13:59:12 +08:00
|
|
|
def self.emailed_status_types
|
|
|
|
@emailed_status_types ||= Enum.new(not_required: 0, pending: 1, bulk_pending: 2, sending: 3, sent: 4)
|
|
|
|
end
|
|
|
|
|
2013-02-06 03:16:51 +08:00
|
|
|
def user_doesnt_already_exist
|
2022-05-10 23:45:43 +08:00
|
|
|
self.email_already_exists = false
|
2013-02-06 03:16:51 +08:00
|
|
|
return if email.blank?
|
2018-01-19 22:29:15 +08:00
|
|
|
user = Invite.find_user_by_email(email)
|
2017-04-27 02:47:36 +08:00
|
|
|
|
2020-06-09 23:19:32 +08:00
|
|
|
if user && user.id != self.invited_users&.first&.user_id
|
2022-05-10 23:45:43 +08:00
|
|
|
self.email_already_exists = true
|
|
|
|
errors.add(:base, user_exists_error_msg(email))
|
2013-02-06 03:16:51 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2022-09-30 18:35:00 +08:00
|
|
|
def email_xor_domain
|
|
|
|
if email.present? && domain.present?
|
|
|
|
errors.add(:base, I18n.t('invite.email_xor_domain'))
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2020-06-09 23:19:32 +08:00
|
|
|
def is_invite_link?
|
2021-01-20 16:50:02 +08:00
|
|
|
email.blank?
|
2020-06-09 23:19:32 +08:00
|
|
|
end
|
|
|
|
|
2021-03-19 08:20:10 +08:00
|
|
|
def redeemable?
|
2021-03-26 00:26:22 +08:00
|
|
|
!redeemed? && !expired? && !deleted_at? && !destroyed? && link_valid?
|
2021-03-19 08:20:10 +08:00
|
|
|
end
|
|
|
|
|
2013-02-06 03:16:51 +08:00
|
|
|
def redeemed?
|
2020-06-09 23:19:32 +08:00
|
|
|
if is_invite_link?
|
|
|
|
redemption_count >= max_redemptions_allowed
|
|
|
|
else
|
|
|
|
self.invited_users.count > 0
|
|
|
|
end
|
2013-02-06 03:16:51 +08:00
|
|
|
end
|
|
|
|
|
2022-11-02 00:33:32 +08:00
|
|
|
def email_matches?(email)
|
|
|
|
email.downcase == self.email.downcase
|
|
|
|
end
|
|
|
|
|
|
|
|
def domain_matches?(email)
|
|
|
|
_, domain = email.split('@')
|
|
|
|
self.domain == domain
|
|
|
|
end
|
|
|
|
|
|
|
|
def can_be_redeemed_by?(user)
|
|
|
|
return false if !self.redeemable?
|
|
|
|
return true if self.email.blank? && self.domain.blank?
|
|
|
|
return true if self.email.present? && email_matches?(user.email)
|
|
|
|
self.domain.present? && domain_matches?(user.email)
|
|
|
|
end
|
|
|
|
|
2013-02-06 03:16:51 +08:00
|
|
|
def expired?
|
2020-06-09 23:19:32 +08:00
|
|
|
expires_at < Time.zone.now
|
2013-02-06 03:16:51 +08:00
|
|
|
end
|
|
|
|
|
2021-04-14 17:15:56 +08:00
|
|
|
def link(with_email_token: false)
|
|
|
|
with_email_token ? "#{Discourse.base_url}/invites/#{invite_key}?t=#{email_token}"
|
|
|
|
: "#{Discourse.base_url}/invites/#{invite_key}"
|
2015-08-31 22:06:13 +08:00
|
|
|
end
|
|
|
|
|
2021-03-03 17:45:29 +08:00
|
|
|
def link_valid?
|
|
|
|
invalidated_at.nil?
|
2015-08-31 22:06:13 +08:00
|
|
|
end
|
|
|
|
|
2021-03-03 17:45:29 +08:00
|
|
|
def self.generate(invited_by, opts = nil)
|
2016-09-21 01:12:00 +08:00
|
|
|
opts ||= {}
|
|
|
|
|
2021-03-03 17:45:29 +08:00
|
|
|
email = Email.downcase(opts[:email]) if opts[:email].present?
|
2014-05-09 09:45:18 +08:00
|
|
|
|
2022-05-10 23:45:43 +08:00
|
|
|
raise UserExists.new(new.user_exists_error_msg(email)) if find_user_by_email(email)
|
2014-05-09 09:45:18 +08:00
|
|
|
|
2021-03-03 17:45:29 +08:00
|
|
|
if email.present?
|
|
|
|
invite = Invite
|
|
|
|
.with_deleted
|
|
|
|
.where(email: email, invited_by_id: invited_by.id)
|
|
|
|
.order('created_at DESC')
|
|
|
|
.first
|
2014-01-22 04:13:55 +08:00
|
|
|
|
2021-03-03 17:45:29 +08:00
|
|
|
if invite && (invite.expired? || invite.deleted_at)
|
|
|
|
invite.destroy
|
|
|
|
invite = nil
|
|
|
|
end
|
2022-08-10 13:39:26 +08:00
|
|
|
email_digest = Digest::SHA256.hexdigest(email)
|
|
|
|
RateLimiter.new(invited_by, "reinvites-per-day-#{email_digest}", 3, 1.day.to_i).performed!
|
2014-01-22 04:13:55 +08:00
|
|
|
end
|
2013-11-07 01:56:26 +08:00
|
|
|
|
2021-03-03 17:45:29 +08:00
|
|
|
emailed_status = if opts[:skip_email] || invite&.emailed_status == emailed_status_types[:not_required]
|
|
|
|
emailed_status_types[:not_required]
|
|
|
|
elsif opts[:emailed_status].present?
|
|
|
|
opts[:emailed_status]
|
|
|
|
elsif email.present?
|
|
|
|
emailed_status_types[:pending]
|
|
|
|
else
|
|
|
|
emailed_status_types[:not_required]
|
|
|
|
end
|
2019-07-19 13:59:12 +08:00
|
|
|
|
2021-03-03 17:45:29 +08:00
|
|
|
if invite
|
2018-12-11 06:24:02 +08:00
|
|
|
invite.update_columns(
|
|
|
|
created_at: Time.zone.now,
|
|
|
|
updated_at: Time.zone.now,
|
2021-03-03 17:45:29 +08:00
|
|
|
expires_at: opts[:expires_at] || SiteSetting.invite_expiry_days.days.from_now,
|
2019-07-19 13:59:12 +08:00
|
|
|
emailed_status: emailed_status
|
2018-12-11 06:24:02 +08:00
|
|
|
)
|
|
|
|
else
|
2021-12-08 23:06:57 +08:00
|
|
|
create_args = opts.slice(:email, :domain, :moderator, :custom_message, :max_redemptions_allowed)
|
2021-03-03 17:45:29 +08:00
|
|
|
create_args[:invited_by] = invited_by
|
|
|
|
create_args[:email] = email
|
|
|
|
create_args[:emailed_status] = emailed_status
|
|
|
|
create_args[:expires_at] = opts[:expires_at] || SiteSetting.invite_expiry_days.days.from_now
|
2017-04-11 22:05:35 +08:00
|
|
|
|
2016-09-21 01:12:00 +08:00
|
|
|
invite = Invite.create!(create_args)
|
2013-11-07 01:56:26 +08:00
|
|
|
end
|
|
|
|
|
2021-03-03 17:45:29 +08:00
|
|
|
topic_id = opts[:topic]&.id || opts[:topic_id]
|
|
|
|
if topic_id.present?
|
|
|
|
invite.topic_invites.find_or_create_by!(topic_id: topic_id)
|
2014-05-09 09:45:18 +08:00
|
|
|
end
|
|
|
|
|
2021-03-03 17:45:29 +08:00
|
|
|
group_ids = opts[:group_ids]
|
2014-05-09 09:45:18 +08:00
|
|
|
if group_ids.present?
|
|
|
|
group_ids.each do |group_id|
|
2021-03-03 17:45:29 +08:00
|
|
|
invite.invited_groups.find_or_create_by!(group_id: group_id)
|
2014-05-09 09:45:18 +08:00
|
|
|
end
|
|
|
|
end
|
2013-11-07 01:56:26 +08:00
|
|
|
|
2019-07-19 13:59:12 +08:00
|
|
|
if emailed_status == emailed_status_types[:pending]
|
2021-03-03 17:45:29 +08:00
|
|
|
invite.update_column(:emailed_status, emailed_status_types[:sending])
|
2021-03-16 23:08:54 +08:00
|
|
|
Jobs.enqueue(:invite_email, invite_id: invite.id, invite_to_topic: opts[:invite_to_topic])
|
2019-07-19 13:59:12 +08:00
|
|
|
end
|
2014-05-09 09:45:18 +08:00
|
|
|
|
|
|
|
invite.reload
|
2013-11-07 01:56:26 +08:00
|
|
|
end
|
|
|
|
|
2022-11-02 00:33:32 +08:00
|
|
|
def redeem(
|
|
|
|
email: nil,
|
|
|
|
username: nil,
|
|
|
|
name: nil,
|
|
|
|
password: nil,
|
|
|
|
user_custom_fields: nil,
|
|
|
|
ip_address: nil,
|
|
|
|
session: nil,
|
|
|
|
email_token: nil,
|
|
|
|
redeeming_user: nil
|
|
|
|
)
|
2021-03-19 08:20:10 +08:00
|
|
|
return if !redeemable?
|
|
|
|
|
|
|
|
email = self.email if email.blank? && !is_invite_link?
|
2022-06-21 11:56:50 +08:00
|
|
|
|
2021-03-19 08:20:10 +08:00
|
|
|
InviteRedeemer.new(
|
|
|
|
invite: self,
|
|
|
|
email: email,
|
|
|
|
username: username,
|
|
|
|
name: name,
|
|
|
|
password: password,
|
|
|
|
user_custom_fields: user_custom_fields,
|
|
|
|
ip_address: ip_address,
|
2021-04-14 17:15:56 +08:00
|
|
|
session: session,
|
2022-11-02 00:33:32 +08:00
|
|
|
email_token: email_token,
|
|
|
|
redeeming_user: redeeming_user
|
2021-03-19 08:20:10 +08:00
|
|
|
).redeem
|
2020-06-09 23:19:32 +08:00
|
|
|
end
|
|
|
|
|
2022-11-02 00:33:32 +08:00
|
|
|
def self.redeem_for_existing_user(user)
|
|
|
|
invite = Invite.find_by(email: Email.downcase(user.email))
|
2022-08-05 10:20:48 +08:00
|
|
|
if invite.present? && invite.redeemable?
|
2022-11-02 00:33:32 +08:00
|
|
|
InviteRedeemer.new(invite: invite, redeeming_user: user).redeem
|
2022-08-05 10:20:48 +08:00
|
|
|
end
|
2021-03-03 17:45:29 +08:00
|
|
|
invite
|
2020-06-09 23:19:32 +08:00
|
|
|
end
|
|
|
|
|
2018-01-19 22:29:15 +08:00
|
|
|
def self.find_user_by_email(email)
|
2019-10-30 14:08:47 +08:00
|
|
|
User.with_email(Email.downcase(email)).where(staged: false).first
|
2018-01-19 22:29:15 +08:00
|
|
|
end
|
|
|
|
|
2021-03-03 17:45:29 +08:00
|
|
|
def self.pending(inviter)
|
|
|
|
Invite.distinct
|
2020-06-09 23:19:32 +08:00
|
|
|
.joins("LEFT JOIN invited_users ON invites.id = invited_users.invite_id")
|
|
|
|
.joins("LEFT JOIN users ON invited_users.user_id = users.id")
|
|
|
|
.where(invited_by_id: inviter.id)
|
2021-03-03 17:45:29 +08:00
|
|
|
.where('redemption_count < max_redemptions_allowed')
|
2021-03-06 19:29:35 +08:00
|
|
|
.where('expires_at > ?', Time.zone.now)
|
2020-06-09 23:19:32 +08:00
|
|
|
.order('invites.updated_at DESC')
|
2013-11-09 03:11:41 +08:00
|
|
|
end
|
|
|
|
|
2021-03-06 19:29:35 +08:00
|
|
|
def self.expired(inviter)
|
|
|
|
Invite.distinct
|
|
|
|
.joins("LEFT JOIN invited_users ON invites.id = invited_users.invite_id")
|
|
|
|
.joins("LEFT JOIN users ON invited_users.user_id = users.id")
|
|
|
|
.where(invited_by_id: inviter.id)
|
2021-03-24 00:57:39 +08:00
|
|
|
.where('redemption_count < max_redemptions_allowed')
|
|
|
|
.where('expires_at < ?', Time.zone.now)
|
2021-03-06 19:29:35 +08:00
|
|
|
.order('invites.expires_at ASC')
|
|
|
|
end
|
|
|
|
|
2021-03-03 17:45:29 +08:00
|
|
|
def self.redeemed_users(inviter)
|
|
|
|
InvitedUser
|
2021-03-06 19:29:35 +08:00
|
|
|
.joins("LEFT JOIN invites ON invites.id = invited_users.invite_id")
|
2020-06-09 23:19:32 +08:00
|
|
|
.includes(user: :user_stat)
|
|
|
|
.where('invited_users.user_id IS NOT NULL')
|
|
|
|
.where('invites.invited_by_id = ?', inviter.id)
|
2021-03-06 19:29:35 +08:00
|
|
|
.order('invited_users.redeemed_at DESC')
|
2020-06-09 23:19:32 +08:00
|
|
|
.references('invite')
|
|
|
|
.references('user')
|
|
|
|
.references('user_stat')
|
|
|
|
end
|
|
|
|
|
2014-01-22 05:53:46 +08:00
|
|
|
def self.invalidate_for_email(email)
|
2021-12-08 23:06:57 +08:00
|
|
|
invite = Invite.find_by(email: Email.downcase(email))
|
|
|
|
invite.update!(invalidated_at: Time.zone.now) if invite
|
|
|
|
|
|
|
|
invite
|
2014-01-22 05:53:46 +08:00
|
|
|
end
|
2014-05-28 04:14:37 +08:00
|
|
|
|
2014-10-07 02:48:56 +08:00
|
|
|
def resend_invite
|
2020-10-26 18:26:43 +08:00
|
|
|
self.update_columns(updated_at: Time.zone.now, invalidated_at: nil, expires_at: SiteSetting.invite_expiry_days.days.from_now)
|
2014-10-07 02:48:56 +08:00
|
|
|
Jobs.enqueue(:invite_email, invite_id: self.id)
|
|
|
|
end
|
|
|
|
|
2015-01-20 02:50:01 +08:00
|
|
|
def limit_invites_per_day
|
2015-02-11 14:45:46 +08:00
|
|
|
RateLimiter.new(invited_by, "invites-per-day", SiteSetting.max_invites_per_day, 1.day.to_i)
|
2015-01-20 02:50:01 +08:00
|
|
|
end
|
|
|
|
|
2014-05-28 04:14:37 +08:00
|
|
|
def self.base_directory
|
2014-11-26 00:55:09 +08:00
|
|
|
File.join(Rails.root, "public", "uploads", "csv", RailsMultisite::ConnectionManagement.current_db)
|
2014-05-28 04:14:37 +08:00
|
|
|
end
|
2020-06-09 23:19:32 +08:00
|
|
|
|
|
|
|
def ensure_max_redemptions_allowed
|
2021-03-03 17:45:29 +08:00
|
|
|
if self.max_redemptions_allowed.nil?
|
|
|
|
self.max_redemptions_allowed = 1
|
2021-03-06 19:29:35 +08:00
|
|
|
else
|
|
|
|
limit = invited_by&.staff? ? SiteSetting.invite_link_max_redemptions_limit
|
|
|
|
: SiteSetting.invite_link_max_redemptions_limit_users
|
|
|
|
|
2022-09-30 18:35:00 +08:00
|
|
|
if self.email.present? && self.max_redemptions_allowed != 1
|
|
|
|
errors.add(:max_redemptions_allowed, I18n.t("invite.max_redemptions_allowed_one"))
|
|
|
|
elsif !self.max_redemptions_allowed.between?(1, limit)
|
2021-03-06 19:29:35 +08:00
|
|
|
errors.add(:max_redemptions_allowed, I18n.t("invite_link.max_redemptions_limit", max_limit: limit))
|
|
|
|
end
|
2020-06-09 23:19:32 +08:00
|
|
|
end
|
|
|
|
end
|
2021-12-08 23:06:57 +08:00
|
|
|
|
2022-09-30 18:35:00 +08:00
|
|
|
def valid_redemption_count
|
|
|
|
if self.redemption_count > self.max_redemptions_allowed
|
|
|
|
errors.add(:redemption_count, I18n.t("invite.redemption_count_less_than_max", max_redemptions_allowed: self.max_redemptions_allowed))
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2021-12-08 23:06:57 +08:00
|
|
|
def valid_domain
|
|
|
|
return if self.domain.blank?
|
|
|
|
|
|
|
|
self.domain.downcase!
|
|
|
|
|
2021-12-13 13:39:14 +08:00
|
|
|
if self.domain !~ Invite::DOMAIN_REGEX
|
2022-01-18 20:38:31 +08:00
|
|
|
self.errors.add(:base, I18n.t('invite.domain_not_allowed'))
|
2021-12-08 23:06:57 +08:00
|
|
|
end
|
|
|
|
end
|
2022-01-18 20:38:31 +08:00
|
|
|
|
2022-05-10 23:45:43 +08:00
|
|
|
def user_exists_error_msg(email)
|
|
|
|
I18n.t("invite.user_exists", email: CGI.escapeHTML(email))
|
2022-01-18 20:38:31 +08:00
|
|
|
end
|
2013-02-06 03:16:51 +08:00
|
|
|
end
|
2013-05-24 10:48:32 +08:00
|
|
|
|
|
|
|
# == Schema Information
|
|
|
|
#
|
|
|
|
# Table name: invites
|
|
|
|
#
|
2020-06-09 23:19:32 +08:00
|
|
|
# id :integer not null, primary key
|
|
|
|
# invite_key :string(32) not null
|
|
|
|
# email :string
|
|
|
|
# invited_by_id :integer not null
|
|
|
|
# created_at :datetime not null
|
|
|
|
# updated_at :datetime not null
|
|
|
|
# deleted_at :datetime
|
|
|
|
# deleted_by_id :integer
|
|
|
|
# invalidated_at :datetime
|
|
|
|
# moderator :boolean default(FALSE), not null
|
|
|
|
# custom_message :text
|
|
|
|
# emailed_status :integer
|
|
|
|
# max_redemptions_allowed :integer default(1), not null
|
|
|
|
# redemption_count :integer default(0), not null
|
|
|
|
# expires_at :datetime not null
|
2021-07-06 06:14:15 +08:00
|
|
|
# email_token :string
|
2021-12-08 23:06:57 +08:00
|
|
|
# domain :string
|
2013-05-24 10:48:32 +08:00
|
|
|
#
|
|
|
|
# Indexes
|
|
|
|
#
|
2014-07-30 01:57:08 +08:00
|
|
|
# index_invites_on_email_and_invited_by_id (email,invited_by_id)
|
2019-07-19 13:59:12 +08:00
|
|
|
# index_invites_on_emailed_status (emailed_status)
|
2013-05-24 10:48:32 +08:00
|
|
|
# index_invites_on_invite_key (invite_key) UNIQUE
|
2019-12-30 14:13:27 +08:00
|
|
|
# index_invites_on_invited_by_id (invited_by_id)
|
2013-05-24 10:48:32 +08:00
|
|
|
#
|