mirror of
https://github.com/we-promise/sure.git
synced 2026-07-12 12:55:20 +00:00
* fix(invitations): allow re-inviting after an unaccepted invite expires An expired, never-accepted invitation still occupies the partial unique index `index_invitations_on_email_and_family_id_pending` (predicate `accepted_at IS NULL`), but the `pending` scope excludes it via the `expires_at > now` clause. The duplicate-guard validation therefore passes and the INSERT collides with the index, raising ActiveRecord::RecordNotUnique — surfaced to the admin as a 500 with no way to re-invite that address through the UI. Remove the stale expired row inside the create transaction (before_create) so the unique slot is freed and the re-invite succeeds. It runs only after validations pass, so a still-pending (non-expired) invitation can never be removed here. Add a controller-level rescue of ActiveRecord::RecordNotUnique as a safety net against a concurrent double-submit race. Closes #2535 * refactor(invitations): scope RecordNotUnique rescue to the save The method-level `rescue ActiveRecord::RecordNotUnique` wrapped the whole create action, so any future write after @invitation.save (e.g. accept_for) would silently be reported as a generic invite failure. Extract save_invitation to scope the rescue to the save alone, and add a regression test that drives the raced unique-index path directly. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
82 lines
2.3 KiB
Ruby
82 lines
2.3 KiB
Ruby
class InvitationsController < ApplicationController
|
|
skip_authentication only: :accept
|
|
def new
|
|
@invitation = Invitation.new
|
|
end
|
|
|
|
def create
|
|
unless Current.user.admin?
|
|
flash[:alert] = t(".failure")
|
|
redirect_to settings_profile_path
|
|
return
|
|
end
|
|
|
|
@invitation = Current.family.invitations.build(invitation_params)
|
|
@invitation.inviter = Current.user
|
|
|
|
if save_invitation
|
|
normalized_email = @invitation.email.to_s.strip.downcase
|
|
existing_user = User.find_by(email: normalized_email)
|
|
if existing_user && @invitation.would_orphan_owned_accounts?(existing_user)
|
|
flash[:alert] = t(".existing_user_has_family_data")
|
|
elsif existing_user && @invitation.accept_for(existing_user)
|
|
flash[:notice] = t(".existing_user_added")
|
|
elsif existing_user
|
|
flash[:alert] = t(".failure")
|
|
else
|
|
InvitationMailer.invite_email(@invitation).deliver_later unless self_hosted?
|
|
flash[:notice] = t(".success")
|
|
end
|
|
else
|
|
flash[:alert] = t(".failure")
|
|
end
|
|
|
|
redirect_to settings_profile_path
|
|
end
|
|
|
|
def accept
|
|
@invitation = Invitation.find_by!(token: params[:id])
|
|
|
|
if @invitation.pending?
|
|
render :accept_choice, layout: "auth"
|
|
else
|
|
raise ActiveRecord::RecordNotFound
|
|
end
|
|
end
|
|
|
|
def destroy
|
|
unless Current.user.admin?
|
|
flash[:alert] = t("invitations.destroy.not_authorized")
|
|
redirect_to settings_profile_path
|
|
return
|
|
end
|
|
|
|
@invitation = Current.family.invitations.find(params[:id])
|
|
|
|
if @invitation.destroy
|
|
flash[:notice] = t("invitations.destroy.success")
|
|
else
|
|
flash[:alert] = t("invitations.destroy.failure")
|
|
end
|
|
|
|
redirect_to settings_profile_path
|
|
end
|
|
|
|
private
|
|
|
|
def invitation_params
|
|
params.require(:invitation).permit(:email, :role)
|
|
end
|
|
|
|
# Persist the invitation, treating a raced partial-unique-index violation as
|
|
# an ordinary save failure. A concurrent double-submit can still slip between
|
|
# the `no_duplicate_pending_invitation_in_family` validation and the INSERT.
|
|
# Scoping the rescue to the save alone keeps later writes in #create (e.g.
|
|
# accept_for) from silently swallowing a genuine RecordNotUnique.
|
|
def save_invitation
|
|
@invitation.save
|
|
rescue ActiveRecord::RecordNotUnique
|
|
false
|
|
end
|
|
end
|