From a6a75b533c0ea587516200691d75afb3b33c387c Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Thu, 9 Nov 2023 11:15:44 +0000 Subject: [PATCH] Reject inviting the same user twice. --- .../worker/src/api/controllers/global/users.ts | 4 +--- .../src/api/routes/global/tests/users.spec.ts | 2 ++ packages/worker/src/sdk/users/users.ts | 17 +++++++++++++---- packages/worker/src/utilities/redis.ts | 6 +++++- 4 files changed, 21 insertions(+), 8 deletions(-) diff --git a/packages/worker/src/api/controllers/global/users.ts b/packages/worker/src/api/controllers/global/users.ts index 1f4168c00b..fae42acdfe 100644 --- a/packages/worker/src/api/controllers/global/users.ts +++ b/packages/worker/src/api/controllers/global/users.ts @@ -349,14 +349,12 @@ export const checkInvite = async (ctx: any) => { } export const getUserInvites = async (ctx: any) => { - let invites try { // Restricted to the currently authenticated tenant - invites = await getInviteCodes() + ctx.body = await getInviteCodes() } catch (e) { ctx.throw(400, "There was a problem fetching invites") } - ctx.body = invites } export const updateInvite = async (ctx: any) => { diff --git a/packages/worker/src/api/routes/global/tests/users.spec.ts b/packages/worker/src/api/routes/global/tests/users.spec.ts index adcbca9d29..09cd4d358f 100644 --- a/packages/worker/src/api/routes/global/tests/users.spec.ts +++ b/packages/worker/src/api/routes/global/tests/users.spec.ts @@ -59,6 +59,8 @@ describe("/api/global/users", () => { const email = structures.users.newEmail() await config.api.users.sendUserInvite(sendMailMock, email) + jest.clearAllMocks() + const { code, res } = await config.api.users.sendUserInvite( sendMailMock, email, diff --git a/packages/worker/src/sdk/users/users.ts b/packages/worker/src/sdk/users/users.ts index 8f04bb1941..4cca0b8fa6 100644 --- a/packages/worker/src/sdk/users/users.ts +++ b/packages/worker/src/sdk/users/users.ts @@ -1,5 +1,9 @@ import { events, tenancy, users as usersCore } from "@budibase/backend-core" -import { InviteUsersRequest, InviteUsersResponse } from "@budibase/types" +import { + InviteUserRequest, + InviteUsersRequest, + InviteUsersResponse, +} from "@budibase/types" import { sendEmail } from "../../utilities/email" import { EmailTemplatePurpose } from "../../constants" import { getInviteCodes } from "../..//utilities/redis" @@ -15,12 +19,17 @@ export async function invite( const matchedEmails = await usersCore.searchExistingEmails( users.map(u => u.email) ) - const existingInvites = await getInviteCodes() - const newUsers = [] + const invitedEmails = (await getInviteCodes()).map(invite => invite.email) + const newUsers: InviteUserRequest[] = [] // separate duplicates from new users for (let user of users) { - if (matchedEmails.includes(user.email)) { + if ( + matchedEmails.includes(user.email) || + invitedEmails.includes(user.email) + ) { + // This "Unavailable" is load bearing. The tests and frontend both check for it + // specifically response.unsuccessful.push({ email: user.email, reason: "Unavailable" }) } else { newUsers.push(user) diff --git a/packages/worker/src/utilities/redis.ts b/packages/worker/src/utilities/redis.ts index 9852fb0467..337d34e376 100644 --- a/packages/worker/src/utilities/redis.ts +++ b/packages/worker/src/utilities/redis.ts @@ -66,7 +66,11 @@ async function writeCode(db: RedisDBName, value: Invite | PasswordReset) { return code } -async function updateCode(db: RedisDBName, code: string, value: any) { +async function updateCode( + db: RedisDBName, + code: string, + value: Invite | PasswordReset +) { const client = getClient(db) await client.store(code, value, getExpirySecondsForDB(db)) }