Refactor invites member method

- rendering 404 for this method was unituitive and was also causing issues with use in authenticate_user! method.

Refactor invites member method
- rendering 404 for this method was unituitive and was also causing issues with use in authenticate_user! method.
78142b39 · Doug Stull · 42f26785 · 78142b39 · 78142b39 · 78142b39
Commit 78142b39 authored Sep 18, 2020 by Doug Stull
3 changed files
--- a/app/controllers/invites_controller.rb
+++ b/app/controllers/invites_controller.rb
@@ -4,6 +4,7 @@ class InvitesController < ApplicationController
  include Gitlab::Utils::StrongMemoize

  before_action :member
+  before_action :ensure_member_exists
  before_action :invite_details
  skip_before_action :authenticate_user!, only: :decline

@@ -59,14 +60,16 @@ class InvitesController < ApplicationController
  end

  def member
-    return @member if defined?(@member)
-
-    @token = params[:id]
-    @member = Member.find_by_invite_token(@token)
+    strong_memoize(:member) do
+      @token = params[:id]
+      Member.find_by_invite_token(@token)
+    end
+  end

-    return render_404 unless @member
+  def ensure_member_exists
+    return if member

-    @member
+    render_404
  end

  def authenticate_user!
@@ -76,10 +79,7 @@ class InvitesController < ApplicationController
    notice << "or create an account" if Gitlab::CurrentSettings.allow_signup?
    notice = notice.join(' ') + "."

-    # this is temporary finder instead of using member method due to render_404 possibility
-    # will be resolved via https://gitlab.com/gitlab-org/gitlab/-/issues/245325
-    initial_member = Member.find_by_invite_token(params[:id])
-    redirect_params = initial_member ? { invite_email: initial_member.invite_email } : {}
+    redirect_params = member ? { invite_email: member.invite_email } : {}

    store_location_for :user, request.fullpath

@@ -87,20 +87,20 @@ class InvitesController < ApplicationController
  end

  def invite_details
-    @invite_details ||= case @member.source
+    @invite_details ||= case member.source
                        when Project
                          {
-                            name: @member.source.full_name,
-                            url: project_url(@member.source),
+                            name: member.source.full_name,
+                            url: project_url(member.source),
                            title: _("project"),
-                            path: project_path(@member.source)
+                            path: project_path(member.source)
                          }
                        when Group
                          {
-                            name: @member.source.name,
-                            url: group_url(@member.source),
+                            name: member.source.name,
+                            url: group_url(member.source),
                            title: _("group"),
-                            path: group_path(@member.source)
+                            path: group_path(member.source)
                          }
                        end
  end

--- a/changelogs/unreleased/245325-refactor-the-invites-controller-member-method.yml
+++ b/changelogs/unreleased/245325-refactor-the-invites-controller-member-method.yml
+---
+title: Refactor the invites controller member method
+merge_request: 42727
+author:
+type: other
--- a/spec/controllers/invites_controller_spec.rb
+++ b/spec/controllers/invites_controller_spec.rb
@@ -17,8 +17,16 @@ RSpec.describe InvitesController, :snowplow do
    }
  end

-  before do
-    controller.instance_variable_set(:@member, member)
+  shared_examples 'invalid token' do
+    context 'when invite token is not valid' do
+      let(:params) { { id: '_bogus_token_' } }
+
+      it 'renders the 404 page' do
+        request
+
+        expect(response).to have_gitlab_http_status(:not_found)
+      end
+    end
  end

  describe 'GET #show' do
@@ -39,7 +47,7 @@ RSpec.describe InvitesController, :snowplow do
      end

      it 'forces re-confirmation if email does not match signed in user' do
-        member.invite_email = 'bogus@email.com'
+        member.update!(invite_email: 'bogus@email.com')

        expect do
          request
@@ -80,6 +88,8 @@ RSpec.describe InvitesController, :snowplow do
          expect_snowplow_event(snowplow_event.merge(action: 'accepted'))
        end
      end
+
+      it_behaves_like 'invalid token'
    end

    context 'when not logged in' do
@@ -139,5 +149,27 @@ RSpec.describe InvitesController, :snowplow do
        expect_snowplow_event(snowplow_event.merge(action: 'accepted'))
      end
    end
+
+    it_behaves_like 'invalid token'
+  end
+
+  describe 'POST #decline for link in UI' do
+    before do
+      sign_in(user)
+    end
+
+    subject(:request) { post :decline, params: params }
+
+    it_behaves_like 'invalid token'
+  end
+
+  describe 'GET #decline for link in email' do
+    before do
+      sign_in(user)
+    end
+
+    subject(:request) { get :decline, params: params }
+
+    it_behaves_like 'invalid token'
  end
 end