Support invite codes for verification of email

Also changes the system so we don't apply the invite until it is called explicitly from the frontend

Fixes #241

test/test_api_usage.py

@@ -182,6 +182,12 @@ class ApiTestCase(unittest.TestCase):
     parsed = py_json.loads(data)
     return parsed
 
+
+  def assertNotInTeam(self, data, membername):
+    for memberData in data['members']:
+      if memberData['name'] == membername:
+        self.fail(membername + ' found in team: ' + json.dumps(data))
+
   def assertInTeam(self, data, membername):
     for member_data in data['members']:
       if member_data['name'] == membername:
@@ -469,7 +475,7 @@ class TestCreateNewUser(ApiTestCase):
   def test_createuser_withteaminvite(self):
     inviter = model.user.get_user(ADMIN_ACCESS_USER)
     team = model.team.get_organization_team(ORGANIZATION, 'owners')
-    invite = model.team.add_or_invite_to_team(inviter, team, None, 'foo@example.com')
+    invite = model.team.add_or_invite_to_team(inviter, team, None, NEW_USER_DETAILS['email'])
 
     details = {
       'invite_code': invite.invite_token
@@ -477,14 +483,42 @@ class TestCreateNewUser(ApiTestCase):
     details.update(NEW_USER_DETAILS)
 
     data = self.postJsonResponse(User, data=details, expected_code=200)
-    self.assertEquals(True, data['awaiting_verification'])
 
-    # Make sure the user was added to the team.
+    # Make sure the user is verified since the email address of the user matches
+    # that of the team invite.
+    self.assertFalse('awaiting_verification' in data)
+
+    # Make sure the user was not (yet) added to the team.
     self.login(ADMIN_ACCESS_USER)
     json = self.getJsonResponse(TeamMemberList,
                                 params=dict(orgname=ORGANIZATION,
                                             teamname='owners'))
-    self.assertInTeam(json, NEW_USER_DETAILS['username'])
+    self.assertNotInTeam(json, NEW_USER_DETAILS['username'])
+
+
+  def test_createuser_withteaminvite_differentemails(self):
+    inviter = model.user.get_user(ADMIN_ACCESS_USER)
+    team = model.team.get_organization_team(ORGANIZATION, 'owners')
+    invite = model.team.add_or_invite_to_team(inviter, team, None, 'differentemail@example.com')
+
+    details = {
+      'invite_code': invite.invite_token
+    }
+    details.update(NEW_USER_DETAILS)
+
+    data = self.postJsonResponse(User, data=details, expected_code=200)
+
+    # Make sure the user is *not* verified since the email address of the user
+    # does not match that of the team invite.
+    self.assertTrue(data['awaiting_verification'])
+
+    # Make sure the user was not (yet) added to the team.
+    self.login(ADMIN_ACCESS_USER)
+    json = self.getJsonResponse(TeamMemberList,
+                                params=dict(orgname=ORGANIZATION,
+                                            teamname='owners'))
+    self.assertNotInTeam(json, NEW_USER_DETAILS['username'])
+
 
 
 class TestSignin(ApiTestCase):
@@ -492,6 +526,38 @@ class TestSignin(ApiTestCase):
     self.postResponse(Signin, data=dict(username=u'\xe5\x8c\x97\xe4\xba\xac\xe5\xb8\x82',
                                         password='password'), expected_code=403)
 
+  def test_signin_invitecode(self):
+    # Create a new user (unverified)
+    data = self.postJsonResponse(User, data=NEW_USER_DETAILS, expected_code=200)
+    self.assertTrue(data['awaiting_verification'])
+
+    # Try to sign in without an invite code.
+    data = self.postJsonResponse(Signin, data=NEW_USER_DETAILS, expected_code=403)
+    self.assertTrue(data['needsEmailVerification'])
+
+    # Try to sign in with an invalid invite code.
+    details = {
+      'invite_code': 'someinvalidcode'
+    }
+    details.update(NEW_USER_DETAILS)
+
+    data = self.postJsonResponse(Signin, data=details, expected_code=403)
+    self.assertTrue(data['needsEmailVerification'])
+
+    # Sign in with an invite code and ensure the user becomes verified.
+    inviter = model.user.get_user(ADMIN_ACCESS_USER)
+    team = model.team.get_organization_team(ORGANIZATION, 'owners')
+    invite = model.team.add_or_invite_to_team(inviter, team, None, NEW_USER_DETAILS['email'])
+
+    details = {
+      'invite_code': invite.invite_token
+    }
+    details.update(NEW_USER_DETAILS)
+
+    data = self.postJsonResponse(Signin, data=details, expected_code=200)
+    self.assertFalse('needsEmailVerification' in data)
+
+
 
 class TestSignout(ApiTestCase):
   def test_signout(self):
@@ -1050,13 +1116,6 @@ class TestUpdateOrganizationTeamMember(ApiTestCase):
 
 
 class TestAcceptTeamMemberInvite(ApiTestCase):
-  def assertInTeam(self, data, membername):
-    for member_data in data['members']:
-      if member_data['name'] == membername:
-        return
-
-    self.fail(membername + ' not found in team: ' + py_json.dumps(data))
-
   def test_accept(self):
     self.login(ADMIN_ACCESS_USER)