🐛 invite existing users

refs #8692 - protect invite endpoint
2024-11-28 22:43:30 +03:00 · 2017-07-14 21:55:49 +02:00 · 2017-07-14 21:55:49 +02:00 · 91f36fc241
commit 91f36fc241
parent d4c74e74c4
2 changed files with 31 additions and 1 deletions
--- a/core/server/api/invites.js
+++ b/core/server/api/invites.js
@ -201,6 +201,19 @@ invites = {
            });
        }

+        function checkIfUserExists(options) {
+            return dataProvider.User.findOne({email: options.data.invites[0].email}, options)
+                .then(function (user) {
+                    if (user) {
+                        return Promise.reject(new errors.ValidationError({
+                            message: i18n.t('errors.api.users.userAlreadyRegistered')
+                        }));
+                    }
+
+                    return options;
+                });
+        }
+
        function fetchLoggedInUser(options) {
            return dataProvider.User.findOne({id: loggedInUser}, _.merge({}, options, {include: ['roles']}))
                .then(function (user) {
@ -219,6 +232,7 @@ invites = {
            utils.convertOptions(allowedIncludes),
            fetchLoggedInUser,
            validation,
+            checkIfUserExists,
            destroyOldInvite,
            addInvite
        ];
--- a/core/test/integration/api/api_invites_spec.js
+++ b/core/test/integration/api/api_invites_spec.js
@ -13,7 +13,7 @@ var should = require('should'),

 describe('Invites API', function () {
    beforeEach(testUtils.teardown);
-    beforeEach(testUtils.setup('invites', 'users:roles', 'perms:invite', 'perms:init'));
+    beforeEach(testUtils.setup('invites', 'settings', 'users:roles', 'perms:invite', 'perms:init'));

    beforeEach(function () {
        sandbox.stub(mail, 'send', function () {
@ -72,6 +72,22 @@ describe('Invites API', function () {
                        done();
                    });
            });
+
+            it('add invite: invite existing user', function (done) {
+                InvitesAPI.add({
+                    invites: [{
+                        email: testUtils.DataGenerator.Content.users[0].email,
+                        role_id: testUtils.roles.ids.author
+                    }]
+                }, testUtils.context.owner)
+                    .then(function () {
+                        throw new Error('expected validation error');
+                    })
+                    .catch(function (err) {
+                        (err instanceof errors.ValidationError).should.eql(true);
+                        done();
+                    });
+            });
        });

        describe('Browse', function () {