🐛 Fix incorrect invitation flow

2025-02-08 08:09:14 -05:00 · 2023-02-24 15:42:56 +01:00 · 2023-02-24 15:42:56 +01:00 · 4d627f8993
commit 4d627f8993
parent 7771467aa0
1 changed files with 13 additions and 25 deletions
--- a/backend/src/app/rpc/commands/verify_token.clj
+++ b/backend/src/app/rpc/commands/verify_token.clj
@ -133,7 +133,7 @@
          :opt-un [::spec.team-invitation/member-id]))

 (defmethod process-token :team-invitation
-  [{:keys [conn session] :as cfg}
+  [{:keys [conn] :as cfg}
   {:keys [::rpc/profile-id token]}
   {:keys [member-id team-id member-email] :as claims}]

@ -152,9 +152,10 @@
    (if (some? profile)
      (if (or (= member-id profile-id)
              (= member-email (:email profile)))
-        ;; if we have logged-in user and it matches the invitation we
-        ;; proceed with accepting the invitation and joining the
-        ;; current profile to the invited team.
+
+        ;; if we have logged-in user and it matches the invitation we proceed
+        ;; with accepting the invitation and joining the current profile to the
+        ;; invited team.
        (let [profile (accept-invitation cfg claims invitation profile)]
          (-> (assoc claims :state :created)
              (rph/with-meta {::audit/name "accept-team-invitation"
@ -167,27 +168,14 @@
                  :code :invalid-token
                  :hint "logged-in user does not matches the invitation"))

-      ;; If we have not logged-in user, we try find the invited
-      ;; profile by member-id or member-email props of the invitation
-      ;; token; If profile is found, we accept the invitation and
-      ;; leave the user logged-in.
-      (if-let [member (db/get* conn :profile
-                               (if member-id
-                                 {:id member-id}
-                                 {:email member-email})
-                               {:columns [:id :email]})]
-        (let [profile (accept-invitation cfg claims invitation member)]
-          (-> (assoc claims :state :created)
-              (rph/with-transform (session/create-fn session (:id profile)))
-              (rph/with-meta {::audit/name "accept-team-invitation"
-                              ::audit/profile-id (:id profile)
-                              ::audit/props {:team-id (:team-id claims)
-                                             :role (:role claims)
-                                             :invitation-id (:id invitation)}})))
-        {:invitation-token token
-         :iss :team-invitation
-         :redirect-to :auth-register
-         :state :pending}))))
+      ;; If we have not logged-in user, and invitation comes with member-id we
+      ;; redirect user to login, if no memeber-id is present in the invitation
+      ;; token, we redirect user the the register page.
+
+      {:invitation-token token
+       :iss :team-invitation
+       :redirect-to (if member-id :auth-login :auth-register)
+       :state :pending})))

 ;; --- Default