Fix attempts to confirm team invite for mismatched email address
Currently, if a user tries to confirm an invite sent to them on an account with a mismatching email address, we simply redirect to the org (where they get a 403). This change ensures they get the proper error response message, and restyles the error page to be nicer. Fixes #2227 Fixes https://www.pivotaltracker.com/story/show/136088507
This commit is contained in:
Joseph Schorr
parent
2730c26b2e
commit
785c74de52
3 changed files with 118 additions and 10 deletions
|
|
@ -270,6 +270,10 @@ def delete_team_user_invite(team, user_obj):
|
|||
return True
|
||||
|
||||
|
||||
def lookup_team_invites_by_email(email):
|
||||
return TeamMemberInvite.select().where(TeamMemberInvite.email == email)
|
||||
|
||||
|
||||
def lookup_team_invites(user_obj):
|
||||
return TeamMemberInvite.select().where(TeamMemberInvite.user == user_obj)
|
||||
|
||||
|
|
@ -332,16 +336,12 @@ def confirm_team_invite(code, user_obj):
|
|||
same organization, they are automatically confirmed for all of them. """
|
||||
found = find_matching_team_invite(code, user_obj)
|
||||
|
||||
# If the invite is for a specific user, we have to confirm that here.
|
||||
if found.user is not None and found.user != user_obj:
|
||||
message = """This invite is intended for user "%s".
|
||||
Please login to that account and try again.""" % found.user.username
|
||||
raise DataModelException(message)
|
||||
|
||||
# Find all matching invitations for the user under the organization.
|
||||
code_found = False
|
||||
for invite in find_organization_invites(found.team.organization, user_obj):
|
||||
# Add the user to the team.
|
||||
try:
|
||||
code_found = True
|
||||
add_user_to_team(user_obj, invite.team)
|
||||
except UserAlreadyInTeam:
|
||||
# Ignore.
|
||||
|
|
@ -350,6 +350,16 @@ def confirm_team_invite(code, user_obj):
|
|||
# Delete the invite and return the team.
|
||||
invite.delete_instance()
|
||||
|
||||
if not code_found:
|
||||
if found.user:
|
||||
message = """This invite is intended for user "%s".
|
||||
Please login to that account and try again.""" % found.user.username
|
||||
raise DataModelException(message)
|
||||
else:
|
||||
message = """This invite is intended for email "%s".
|
||||
Please login to that account and try again.""" % found.email
|
||||
raise DataModelException(message)
|
||||
|
||||
team = found.team
|
||||
inviter = found.inviter
|
||||
return (team, inviter)
|
||||
|
|
|
|||
Reference in a new issue