Resolve invite bug on inviting a user

- was causing a regression where render_404 was being hit.

Resolve invite bug on inviting a user
- was causing a regression where render_404 was being hit.
f27f14f4 · Doug Stull · 63db21c1 · f27f14f4 · f27f14f4 · f27f14f4
Commit f27f14f4 authored Sep 04, 2020 by Doug Stull
5 changed files
--- a/app/controllers/invites_controller.rb
+++ b/app/controllers/invites_controller.rb
@@ -76,8 +76,12 @@ class InvitesController < ApplicationController
    notice << "or create an account" if Gitlab::CurrentSettings.allow_signup?
    notice = notice.join(' ') + "."

+    initial_member = Member.find_by_invite_token(params[:id])
+    redirect_params = initial_member ? { invite_email: member.invite_email } : {}
+
    store_location_for :user, request.fullpath
-    redirect_to new_user_session_path(invite_email: member.invite_email), notice: notice
+
+    redirect_to new_user_session_path(redirect_params), notice: notice
  end

  def invite_details

--- a/app/models/member.rb
+++ b/app/models/member.rb
@@ -161,8 +161,8 @@ class Member < ApplicationRecord
      where(user_id: user_ids).has_access.pluck(:user_id, :access_level).to_h
    end

-    def find_by_invite_token(invite_token)
-      invite_token = Devise.token_generator.digest(self, :invite_token, invite_token)
+    def find_by_invite_token(raw_invite_token)
+      invite_token = Devise.token_generator.digest(self, :invite_token, raw_invite_token)
      find_by(invite_token: invite_token)
    end


--- a/changelogs/unreleased/241359-nomethoderror-undefined-method-invite_email-for-actionview-outputb.yml
+++ b/changelogs/unreleased/241359-nomethoderror-undefined-method-invite_email-for-actionview-outputb.yml
+---
+title: 'Resolve NoMethodError: undefined method invite_email'
+merge_request: 41587
+author:
+type: fixed
--- a/spec/controllers/invites_controller_spec.rb
+++ b/spec/controllers/invites_controller_spec.rb
@@ -3,96 +3,122 @@
 require 'spec_helper'

 RSpec.describe InvitesController do
-  let(:token) { '123456' }
  let_it_be(:user) { create(:user) }
-  let(:member) { create(:project_member, :invited, invite_token: token, invite_email: user.email) }
+  let(:member) { create(:project_member, :invited, invite_email: user.email) }
+  let(:raw_invite_token) { member.raw_invite_token }
  let(:project_members) { member.source.users }
  let(:md5_member_global_id) { Digest::MD5.hexdigest(member.to_global_id.to_s) }
+  let(:params) { { id: raw_invite_token } }

  before do
    stub_application_setting(snowplow_enabled: true, snowplow_collector_hostname: 'localhost')
    controller.instance_variable_set(:@member, member)
-    sign_in(user)
  end

  describe 'GET #show' do
-    let(:params) { { id: token } }
-
    subject(:request) { get :show, params: params }

-    it 'accepts user if invite email matches signed in user' do
-      expect do
-        request
-      end.to change { project_members.include?(user) }.from(false).to(true)
-
-      expect(response).to have_gitlab_http_status(:found)
-      expect(flash[:notice]).to include 'You have been granted'
-    end
+    context 'when logged in' do
+      before do
+        sign_in(user)
+      end

-    it 'forces re-confirmation if email does not match signed in user' do
-      member.invite_email = 'bogus@email.com'
+      it 'accepts user if invite email matches signed in user' do
+        expect do
+          request
+        end.to change { project_members.include?(user) }.from(false).to(true)

-      expect do
-        request
-      end.not_to change { project_members.include?(user) }
+        expect(response).to have_gitlab_http_status(:found)
+        expect(flash[:notice]).to include 'You have been granted'
+      end

-      expect(response).to have_gitlab_http_status(:ok)
-      expect(flash[:notice]).to be_nil
-    end
+      it 'forces re-confirmation if email does not match signed in user' do
+        member.invite_email = 'bogus@email.com'

-    context 'when new_user_invite is not set' do
-      it 'does not track the user as experiment group' do
-        expect(Gitlab::Tracking).not_to receive(:event)
+        expect do
+          request
+        end.not_to change { project_members.include?(user) }

-        request
+        expect(response).to have_gitlab_http_status(:ok)
+        expect(flash[:notice]).to be_nil
      end
-    end

-    context 'when new_user_invite is experiment' do
-      let(:params) { { id: token, new_user_invite: 'experiment' } }
+      context 'when new_user_invite is not set' do
+        it 'does not track the user as experiment group' do
+          expect(Gitlab::Tracking).not_to receive(:event)

-      it 'tracks the user as experiment group' do
-        expect(Gitlab::Tracking).to receive(:event).and_call_original.with(
-          'Growth::Acquisition::Experiment::InviteEmail',
-          'opened',
-          property: 'experiment_group',
-          label: md5_member_global_id
-        )
-        expect(Gitlab::Tracking).to receive(:event).and_call_original.with(
-          'Growth::Acquisition::Experiment::InviteEmail',
-          'accepted',
-          property: 'experiment_group',
-          label: md5_member_global_id
-        )
+          request
+        end
+      end

-        request
+      context 'when new_user_invite is experiment' do
+        let(:params) { { id: raw_invite_token, new_user_invite: 'experiment' } }
+
+        it 'tracks the user as experiment group' do
+          expect(Gitlab::Tracking).to receive(:event).and_call_original.with(
+            'Growth::Acquisition::Experiment::InviteEmail',
+            'opened',
+            property: 'experiment_group',
+            label: md5_member_global_id
+          )
+          expect(Gitlab::Tracking).to receive(:event).and_call_original.with(
+            'Growth::Acquisition::Experiment::InviteEmail',
+            'accepted',
+            property: 'experiment_group',
+            label: md5_member_global_id
+          )
+
+          request
+        end
+      end
+
+      context 'when new_user_invite is control' do
+        let(:params) { { id: raw_invite_token, new_user_invite: 'control' } }
+
+        it 'tracks the user as control group' do
+          expect(Gitlab::Tracking).to receive(:event).and_call_original.with(
+            'Growth::Acquisition::Experiment::InviteEmail',
+            'opened',
+            property: 'control_group',
+            label: md5_member_global_id
+          )
+          expect(Gitlab::Tracking).to receive(:event).and_call_original.with(
+            'Growth::Acquisition::Experiment::InviteEmail',
+            'accepted',
+            property: 'control_group',
+            label: md5_member_global_id
+          )
+
+          request
+        end
      end
    end

-    context 'when new_user_invite is control' do
-      let(:params) { { id: token, new_user_invite: 'control' } }
+    context 'when not logged in' do
+      context 'when inviter is a member' do
+        it 'is redirected to a new session with invite email param' do
+          request

-      it 'tracks the user as control group' do
-        expect(Gitlab::Tracking).to receive(:event).and_call_original.with(
-          'Growth::Acquisition::Experiment::InviteEmail',
-          'opened',
-          property: 'control_group',
-          label: md5_member_global_id
-        )
-        expect(Gitlab::Tracking).to receive(:event).and_call_original.with(
-          'Growth::Acquisition::Experiment::InviteEmail',
-          'accepted',
-          property: 'control_group',
-          label: md5_member_global_id
-        )
+          expect(response).to redirect_to(new_user_session_path(invite_email: member.invite_email))
+        end
+      end

-        request
+      context 'when inviter is not a member' do
+        let(:params) { { id: '_bogus_token_' } }
+
+        it 'is redirected to a new session' do
+          request
+
+          expect(response).to redirect_to(new_user_session_path)
+        end
      end
    end
  end

  describe 'POST #accept' do
-    let(:params) { { id: token } }
+    before do
+      sign_in(user)
+    end

    subject(:request) { post :accept, params: params }

@@ -105,7 +131,7 @@ RSpec.describe InvitesController do
    end

    context 'when new_user_invite is experiment' do
-      let(:params) { { id: token, new_user_invite: 'experiment' } }
+      let(:params) { { id: raw_invite_token, new_user_invite: 'experiment' } }

      it 'tracks the user as experiment group' do
        expect(Gitlab::Tracking).to receive(:event).and_call_original.with(
@@ -120,7 +146,7 @@ RSpec.describe InvitesController do
    end

    context 'when new_user_invite is control' do
-      let(:params) { { id: token, new_user_invite: 'control' } }
+      let(:params) { { id: raw_invite_token, new_user_invite: 'control' } }

      it 'tracks the user as control group' do
        expect(Gitlab::Tracking).to receive(:event).and_call_original.with(

--- a/spec/models/member_spec.rb
+++ b/spec/models/member_spec.rb
@@ -630,6 +630,14 @@ RSpec.describe Member do
    end
  end

+  describe '.find_by_invite_token' do
+    let!(:member) { create(:project_member, invite_email: "user@example.com", user: nil) }
+
+    it 'finds the member' do
+      expect(described_class.find_by_invite_token(member.raw_invite_token)).to eq member
+    end
+  end
+
  describe "#invite_to_unknown_user?" do
    subject { member.invite_to_unknown_user? }