Skip to content

Commit

Permalink
fix: confirms invite signups on email link click and sets temporary p…
Browse files Browse the repository at this point in the history 
…assword
  • Loading branch information
@awalias
awalias committed Nov 19, 2020
1 parent 012ed98 commit 7af29c7
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 4 deletions.
13 changes: 10 additions & 3 deletions api/verify.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,11 +10,13 @@ import (

"github.com/netlify/gotrue/models"
"github.com/netlify/gotrue/storage"
"github.com/sethvargo/go-password/password"
)

const (
signupVerification = "signup"
recoveryVerification = "recovery"
inviteVerification = "invite"
)

// VerifyParams are the parameters the Verify endpoint accepts
Expand Down Expand Up @@ -62,6 +64,8 @@ func (a *API) Verify(w http.ResponseWriter, r *http.Request) error {
switch params.Type {
case signupVerification:
user, terr = a.signupVerify(ctx, tx, params)
case inviteVerification:
user, terr = a.signupVerify(ctx, tx, params)
case recoveryVerification:
user, terr = a.recoverVerify(ctx, tx, params)
default:
Expand Down Expand Up @@ -130,10 +134,13 @@ func (a *API) signupVerify(ctx context.Context, conn *storage.Connection, params
var terr error
if user.EncryptedPassword == "" {
if user.InvitedAt != nil {
if params.Password == "" {
return unprocessableEntityError("Invited users must specify a password")
// sign them up with temporary password, and require application
// to present the user with a password set form
password, err := password.Generate(64, 10, 0, false, true)
if err != nil {
internalServerError("error creating user").WithInternalError(err)
}
if terr = user.UpdatePassword(tx, params.Password); terr != nil {
if terr = user.UpdatePassword(tx, password); terr != nil {
return internalServerError("Error storing password").WithInternalError(terr)
}
}
Expand Down
4 changes: 3 additions & 1 deletion mailer/template.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,9 @@ func (m TemplateMailer) ValidateEmail(email string) error {

// InviteMail sends a invite mail to a new user
func (m *TemplateMailer) InviteMail(user *models.User, referrerURL string) error {
url, err := getSiteURL(referrerURL, m.Config.SiteURL, m.Config.Mailer.URLPaths.Invite, "invite_token="+user.ConfirmationToken)
globalConfig, err := conf.LoadGlobal(configFile)

url, err := getSiteURL(referrerURL, globalConfig.API.ExternalURL, m.Config.Mailer.URLPaths.Invite, "token="+user.ConfirmationToken+"&type=invite")
if err != nil {
return err
}
Expand Down

0 comments on commit 7af29c7

Please sign in to comment.