QT/sure
1
0
Fork 0
mirror of https://github.com/we-promise/sure.git synced 2026-04-07 14:31:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
a0b1029ba99ab75afc8a3a34b429337d870e49a6
sure/app/controllers/invitations_controller.rb
MkDev11 87117445fe Fix OIDC household invitation (issue #900) (#904) 
* Fix OIDC household invitation (issue #900)

- Auto-add existing user when inviting by email (no invite email sent)
- Accept page: choose 'Create account' or 'Sign in' (supports OIDC)
- Store invitation token in session on sign-in; accept after login (password,
  OIDC, OIDC link, OIDC JIT, MFA)
- Invitation#accept_for!(user): add user to household and mark accepted
- Defensive guards: nil/blank user, token normalization, accept_for! return check

* Address PR review: rename accept_for! to accept_for, i18n OIDC notice, test fixes, stub Rails.application.config

* Fix flaky system test: assert only configure step, not flash message

Co-authored-by: Cursor <cursoragent@cursor.com>

---------

Signed-off-by: Juan José Mata <juanjo.mata@gmail.com>
Co-authored-by: mkdev11 <jaysmth689+github@users.noreply.github.com>
Co-authored-by: Juan José Mata <juanjo.mata@gmail.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-06 16:14:42 +01:00

69 lines
1.7 KiB
Ruby
Raw Blame History

class InvitationsController < ApplicationController
skip_authentication only: :accept
def new
@invitation = Invitation.new
end
def create
unless Current.user.admin?
flash[:alert] = t(".failure")
redirect_to settings_profile_path
return
end
@invitation = Current.family.invitations.build(invitation_params)
@invitation.inviter = Current.user
if @invitation.save
normalized_email = @invitation.email.to_s.strip.downcase
existing_user = User.find_by(email: normalized_email)
if existing_user && @invitation.accept_for(existing_user)
flash[:notice] = t(".existing_user_added")
elsif existing_user
flash[:alert] = t(".failure")
else
InvitationMailer.invite_email(@invitation).deliver_later unless self_hosted?
flash[:notice] = t(".success")
end
else
flash[:alert] = t(".failure")
end
redirect_to settings_profile_path
end
def accept
@invitation = Invitation.find_by!(token: params[:id])
if @invitation.pending?
render :accept_choice, layout: "auth"
else
raise ActiveRecord::RecordNotFound
end
end
def destroy
unless Current.user.admin?
flash[:alert] = t("invitations.destroy.not_authorized")
redirect_to settings_profile_path
return
end
@invitation = Current.family.invitations.find(params[:id])
if @invitation.destroy
flash[:notice] = t("invitations.destroy.success")
else
flash[:alert] = t("invitations.destroy.failure")
end
redirect_to settings_profile_path
end
private
def invitation_params
params.require(:invitation).permit(:email, :role)
end
end
Reference in New Issue View Git Blame Copy Permalink