Merge pull request #2983 from penpot/niwinz-invitations-fixes

Fix issues with invitation user flow
2026-04-30 05:38:42 +00:00 · 2023-02-24 15:50:40 +01:00 · 2023-02-24 15:50:40 +01:00 · 2460f36bab
commit 2460f36bab
parent 0e97182ef0 4d627f8993
2 changed files with 14 additions and 26 deletions
--- a/backend/src/app/rpc/commands/teams.clj
+++ b/backend/src/app/rpc/commands/teams.clj
@ -855,7 +855,7 @@
                          {:team-id team-id
                           :email-to (str/lower email)})
                  (update :role keyword))
-        member (profile/retrieve-profile-data-by-email pool (:email invit))
+        member (profile/retrieve-profile-data-by-email pool (:email-to invit))
        token  (create-invitation-token cfg {:team-id (:team-id invit)
                                             :profile-id profile-id
                                             :valid-until (:valid-until invit)
--- a/backend/src/app/rpc/commands/verify_token.clj
+++ b/backend/src/app/rpc/commands/verify_token.clj
@ -133,7 +133,7 @@
          :opt-un [::spec.team-invitation/member-id]))

 (defmethod process-token :team-invitation
-  [{:keys [conn session] :as cfg}
+  [{:keys [conn] :as cfg}
   {:keys [::rpc/profile-id token]}
   {:keys [member-id team-id member-email] :as claims}]

@ -152,9 +152,10 @@
    (if (some? profile)
      (if (or (= member-id profile-id)
              (= member-email (:email profile)))
-        ;; if we have logged-in user and it matches the invitation we
-        ;; proceed with accepting the invitation and joining the
-        ;; current profile to the invited team.
+
+        ;; if we have logged-in user and it matches the invitation we proceed
+        ;; with accepting the invitation and joining the current profile to the
+        ;; invited team.
        (let [profile (accept-invitation cfg claims invitation profile)]
          (-> (assoc claims :state :created)
              (rph/with-meta {::audit/name "accept-team-invitation"
@ -167,27 +168,14 @@
                  :code :invalid-token
                  :hint "logged-in user does not matches the invitation"))

-      ;; If we have not logged-in user, we try find the invited
-      ;; profile by member-id or member-email props of the invitation
-      ;; token; If profile is found, we accept the invitation and
-      ;; leave the user logged-in.
-      (if-let [member (db/get* conn :profile
-                               (if member-id
-                                 {:id member-id}
-                                 {:email member-email})
-                               {:columns [:id :email]})]
-        (let [profile (accept-invitation cfg claims invitation member)]
-          (-> (assoc claims :state :created)
-              (rph/with-transform (session/create-fn session (:id profile)))
-              (rph/with-meta {::audit/name "accept-team-invitation"
-                              ::audit/profile-id (:id profile)
-                              ::audit/props {:team-id (:team-id claims)
-                                             :role (:role claims)
-                                             :invitation-id (:id invitation)}})))
-        {:invitation-token token
-         :iss :team-invitation
-         :redirect-to :auth-register
-         :state :pending}))))
+      ;; If we have not logged-in user, and invitation comes with member-id we
+      ;; redirect user to login, if no memeber-id is present in the invitation
+      ;; token, we redirect user the the register page.
+
+      {:invitation-token token
+       :iss :team-invitation
+       :redirect-to (if member-id :auth-login :auth-register)
+       :state :pending})))

 ;; --- Default