From 9e9c6247ce46890e0736f53db162c0689fb1ffb2 Mon Sep 17 00:00:00 2001
From: Felix Rieseberg <felix@felixrieseberg.com>
Date: Sun, 24 Aug 2014 19:34:26 -0700
Subject: [PATCH] Redirect user if signup invitation isn't valid
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Closes #3565
- Added server API isInvitation (analog to isSetup), checking if an
invitation exists for a given email address.
- If the invitation is no longer valid (or didn’t exist in the first
place), the user is redirected and an error notification is shown.
---
 ghost/admin/routes/signup.js | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/ghost/admin/routes/signup.js b/ghost/admin/routes/signup.js
index eb88079974..8c008b10a0 100644
--- a/ghost/admin/routes/signup.js
+++ b/ghost/admin/routes/signup.js
@@ -1,3 +1,4 @@
+import ajax from 'ghost/utils/ajax';
 import styleBody from 'ghost/mixins/style-body';
 import loadingIndicator from 'ghost/mixins/loading-indicator';
 
@@ -10,7 +11,8 @@ var SignupRoute = Ember.Route.extend(styleBody, loadingIndicator, {
         }
     },
     setupController: function (controller, params) {
-        var tokenText,
+        var self = this,
+            tokenText,
             email,
             re = /^(?:[A-Za-z0-9+\/]{4})*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=)?$/;
         if (re.test(params.token)) {
@@ -23,6 +25,23 @@ var SignupRoute = Ember.Route.extend(styleBody, loadingIndicator, {
                 this.transitionTo('signin');
                 this.notifications.showError('Invalid token.', {delayed: true});
             }
+
+            ajax({
+                url: this.get('ghostPaths.url').api('authentication', 'invitation'),
+                type: 'GET',
+                dataType: 'json',
+                data: {
+                    email: email
+                }
+            }).then(function (response) {
+                if (response && response.invitation && response.invitation[0].valid === false) {
+                    self.transitionTo('signin');
+                    self.notifications.showError('The invitation does not exist or is no longer valid.', {delayed: true});
+                }
+            }).catch(function (error) {
+                self.notifications.showAPIError(error);
+            });
+
         } else {
             this.transitionTo('signin');
             this.notifications.showError('Invalid token.', {delayed: true});