From 91f36fc241f8ef632771c5d5e42bf0083d9d4c50 Mon Sep 17 00:00:00 2001
From: kirrg001 <katharina.irrgang@googlemail.com>
Date: Fri, 14 Jul 2017 21:55:49 +0200
Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20=20invite=20existing=20users?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

refs #8692

- protect invite endpoint
---
 core/server/api/invites.js                    | 14 ++++++++++++++
 core/test/integration/api/api_invites_spec.js | 18 +++++++++++++++++-
 2 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/core/server/api/invites.js b/core/server/api/invites.js
index 6e83f9060c..e3551b24bb 100644
--- a/core/server/api/invites.js
+++ b/core/server/api/invites.js
@@ -201,6 +201,19 @@ invites = {
             });
         }
 
+        function checkIfUserExists(options) {
+            return dataProvider.User.findOne({email: options.data.invites[0].email}, options)
+                .then(function (user) {
+                    if (user) {
+                        return Promise.reject(new errors.ValidationError({
+                            message: i18n.t('errors.api.users.userAlreadyRegistered')
+                        }));
+                    }
+
+                    return options;
+                });
+        }
+
         function fetchLoggedInUser(options) {
             return dataProvider.User.findOne({id: loggedInUser}, _.merge({}, options, {include: ['roles']}))
                 .then(function (user) {
@@ -219,6 +232,7 @@ invites = {
             utils.convertOptions(allowedIncludes),
             fetchLoggedInUser,
             validation,
+            checkIfUserExists,
             destroyOldInvite,
             addInvite
         ];
diff --git a/core/test/integration/api/api_invites_spec.js b/core/test/integration/api/api_invites_spec.js
index 60a77aae49..dc96833b70 100644
--- a/core/test/integration/api/api_invites_spec.js
+++ b/core/test/integration/api/api_invites_spec.js
@@ -13,7 +13,7 @@ var should = require('should'),
 
 describe('Invites API', function () {
     beforeEach(testUtils.teardown);
-    beforeEach(testUtils.setup('invites', 'users:roles', 'perms:invite', 'perms:init'));
+    beforeEach(testUtils.setup('invites', 'settings', 'users:roles', 'perms:invite', 'perms:init'));
 
     beforeEach(function () {
         sandbox.stub(mail, 'send', function () {
@@ -72,6 +72,22 @@ describe('Invites API', function () {
                         done();
                     });
             });
+
+            it('add invite: invite existing user', function (done) {
+                InvitesAPI.add({
+                    invites: [{
+                        email: testUtils.DataGenerator.Content.users[0].email,
+                        role_id: testUtils.roles.ids.author
+                    }]
+                }, testUtils.context.owner)
+                    .then(function () {
+                        throw new Error('expected validation error');
+                    })
+                    .catch(function (err) {
+                        (err instanceof errors.ValidationError).should.eql(true);
+                        done();
+                    });
+            });
         });
 
         describe('Browse', function () {