github/penpot
1
0
Fork 0
mirror of https://github.com/penpot/penpot.git synced 2026-04-25 11:18:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add invite-to-org to Nitrate API

Browse Source
This commit is contained in:
Pablo Alba 2026-04-09 10:38:13 +02:00 committed by Pablo Alba
parent 707cc53ca4
commit 5c761125f3
18 changed files with 552 additions and 117 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

259
backend/resources/app/email/invite-to-org/en.html Normal file
View File

@ -0,0 +1,259 @@
<!doctype html>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:v="urn:schemas-microsoft-com:vml"
xmlns:o="urn:schemas-microsoft-com:office:office">
<head>
<title>
</title>
<!--[if !mso]><!-- -->
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<!--<![endif]-->
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<style type="text/css">
#outlook a {
padding: 0;
}
body {
margin: 0;
padding: 0;
-webkit-text-size-adjust: 100%;
-ms-text-size-adjust: 100%;
}
table,
td {
border-collapse: collapse;
mso-table-lspace: 0pt;
mso-table-rspace: 0pt;
}
img {
border: 0;
height: auto;
line-height: 100%;
outline: none;
text-decoration: none;
-ms-interpolation-mode: bicubic;
}
p {
display: block;
margin: 13px 0;
}
</style>
<!--[if mso]>
<xml>
<o:OfficeDocumentSettings>
<o:AllowPNG/>
<o:PixelsPerInch>96</o:PixelsPerInch>
</o:OfficeDocumentSettings>
</xml>
<![endif]-->
<!--[if lte mso 11]>
<style type="text/css">
.mj-outlook-group-fix { width:100% !important; }
</style>
<![endif]-->
<!--[if !mso]><!-->
<link href="https://fonts.googleapis.com/css?family=Source%20Sans%20Pro" rel="stylesheet" type="text/css">
<style type="text/css">
@import url(https://fonts.googleapis.com/css?family=Source%20Sans%20Pro);
</style>
<!--<![endif]-->
<style type="text/css">
@media only screen and (min-width:480px) {
.mj-column-per-100 {
width: 100% !important;
max-width: 100%;
}
.mj-column-px-425 {
width: 425px !important;
max-width: 425px;
}
}
</style>
<style type="text/css">
@media only screen and (max-width:480px) {
table.mj-full-width-mobile {
width: 100% !important;
}
td.mj-full-width-mobile {
width: auto !important;
}
}
</style>
</head>
<body style="background-color:#E5E5E5;">
<div style="background-color:#E5E5E5;">
<!--[if mso | IE]>
<table
align="center" border="0" cellpadding="0" cellspacing="0" class="" style="width:600px;" width="600"
>
<tr>
<td style="line-height:0px;font-size:0px;mso-line-height-rule:exactly;">
<![endif]-->
<div style="margin:0px auto;max-width:600px;">
<table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="width:100%;">
<tbody>
<tr>
<td style="direction:ltr;font-size:0px;padding:0;text-align:center;">
<!--[if mso | IE]>
<table role="presentation" border="0" cellpadding="0" cellspacing="0">
<tr>
<td
class="" style="vertical-align:top;width:600px;"
>
<![endif]-->
<div class="mj-column-per-100 mj-outlook-group-fix"
style="font-size:0px;text-align:left;direction:ltr;display:inline-block;vertical-align:top;width:100%;">
<table border="0" cellpadding="0" cellspacing="0" role="presentation" style="vertical-align:top;"
width="100%">
<tr>
<td align="left" style="font-size:0px;padding:16px;word-break:break-word;">
<table border="0" cellpadding="0" cellspacing="0" role="presentation"
style="border-collapse:collapse;border-spacing:0px;">
<tbody>
<tr>
<td style="width:97px;">
<img height="32" src="{{ public-uri }}/images/email/uxbox-title.png"
style="border:0;display:block;outline:none;text-decoration:none;height:32px;width:100%;font-size:13px;"
width="97" />
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</table>
</div>
<!--[if mso | IE]>
</td>
</tr>
</table>
<![endif]-->
</td>
</tr>
</tbody>
</table>
</div>
<!--[if mso | IE]>
</td>
</tr>
</table>
<table
align="center" border="0" cellpadding="0" cellspacing="0" class="" style="width:600px;" width="600"
>
<tr>
<td style="line-height:0px;font-size:0px;mso-line-height-rule:exactly;">
<![endif]-->
<div style="background:#FFFFFF;background-color:#FFFFFF;margin:0px auto;max-width:600px;">
<table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation"
style="background:#FFFFFF;background-color:#FFFFFF;width:100%;">
<tbody>
<tr>
<td style="direction:ltr;font-size:0px;padding:20px 0;text-align:center;">
<!--[if mso | IE]>
<table role="presentation" border="0" cellpadding="0" cellspacing="0">
<tr>
<td
class="" style="vertical-align:top;width:600px;"
>
<![endif]-->
<div class="mj-column-per-100 mj-outlook-group-fix"
style="font-size:0px;text-align:left;direction:ltr;display:inline-block;vertical-align:top;width:100%;">
<table border="0" cellpadding="0" cellspacing="0" role="presentation" style="vertical-align:top;"
width="100%">
<tr>
<td align="left" style="font-size:0px;padding:10px 25px;word-break:break-word;">
<div
style="font-family:Source Sans Pro, sans-serif;font-size:16px;line-height:150%;text-align:left;color:#000000;">
Hi{{ user-name|abbreviate:25 }},
</div>
</td>
</tr>
<tr>
<td align="left" style="font-size:0px;padding:10px 25px;word-break:break-word;">
<div
style="font-family:Source Sans Pro, sans-serif;font-size:16px;line-height:150%;text-align:left;color:#000000;">
<b>{{invited-by|abbreviate:25}}</b> sent you an invitation to join the organization {{ org-name|abbreviate:25 }}:
</div>
</td>
</tr>
<tr>
<td align="left" style="font-size:0px;padding:10px 25px;word-break:break-word;">
<div
style="font-family:Source Sans Pro, sans-serif;font-size:16px;line-height:150%;text-align:left;color:#000000;">
<span style="display:inline-block;vertical-align:middle;width:20px;height:20px;border-radius: 50%;background-image:url('{{org-logo}}');overflow:hidden;text-align:center;font-weight: bold;font-size: 9px;line-height: 20px;">
{{ org-initials }}
</span>
<span style="display:inline-block; vertical-align: middle;padding-left:5px;height:20px;line-height: 20px;">
“{{ org-name|abbreviate:25 }}”
</span>
</div>
</td>
</tr>
<tr>
<td align="center" vertical-align="middle"
style="font-size:0px;padding:10px 25px;word-break:break-word;">
<table border="0" cellpadding="0" cellspacing="0" role="presentation"
style="border-collapse:separate;line-height:100%;">
<tr>
<td align="center" bgcolor="#6911d4" role="presentation"
style="border:none;border-radius:8px;cursor:auto;mso-padding-alt:10px 25px;background:#6911d4;"
valign="middle">
<a href="{{ public-uri }}/#/auth/verify-token?token={{token}}"
style="display:inline-block;background:#6911d4;color:#FFFFFF;font-family:Source Sans Pro, sans-serif;font-size:16px;font-weight:normal;line-height:120%;margin:0;text-decoration:none;text-transform:none;padding:10px 25px;mso-padding-alt:0px;border-radius:8px;"
target="_blank"> ACCEPT INVITE </a>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td align="left" style="font-size:0px;padding:10px 25px;word-break:break-word;">
<div
style="font-family:Source Sans Pro, sans-serif;font-size:16px;line-height:150%;text-align:left;color:#000000;">
Enjoy!</div>
</td>
</tr>
<tr>
<td align="left" style="font-size:0px;padding:10px 25px;word-break:break-word;">
<div
style="font-family:Source Sans Pro, sans-serif;font-size:16px;line-height:150%;text-align:left;color:#000000;">
The Penpot team.</div>
</td>
</tr>
</table>
</div>
<!--[if mso | IE]>
</td>
</tr>
</table>
<![endif]-->
</td>
</tr>
</tbody>
</table>
</div>
{% include "app/email/includes/footer.html" %}
</div>
</body>
</html>

1
backend/resources/app/email/invite-to-org/en.subj Normal file
View File

@ -0,0 +1 @@
{{invited-by|abbreviate:25}} has invited you to join the organization “{{ org-name|abbreviate:25 }}”

10
backend/resources/app/email/invite-to-org/en.txt Normal file
View File

@ -0,0 +1,10 @@
Hello!
{{invited-by|abbreviate:25}} has invited you to join the organization “{{ org-name|abbreviate:25 }}”.
Accept invitation using this link:
{{ public-uri }}/#/auth/verify-token?token={{token}}
Enjoy!
The Penpot team.

2
backend/resources/app/email/invite-to-team/en.txt
View File

@ -1,6 +1,6 @@
Hello!
{{invited-by|abbreviate:25}} has invited you to join the team “{{ team|abbreviate:25 }}”.
{{invited-by|abbreviate:25}} has invited you to join the team "{{ team|abbreviate:25 }}"{% if organization %}, part of the organization "{{ organization|abbreviate:25 }}"{% endif %}.
Accept invitation using this link:

15
backend/src/app/email.clj
View File

@ -412,6 +412,21 @@
:id ::invite-to-team
:schema schema:invite-to-team))
(def ^:private schema:invite-to-org
[:map
[:invited-by ::sm/text]
[:org-name ::sm/text]
[:org-initials ::sm/text]
[:org-logo ::sm/uri]
[:user-name [:maybe ::sm/text]]
[:token ::sm/text]])
(def invite-to-org
"Org member invitation email."
(template-factory
:id ::invite-to-org
:schema schema:invite-to-org))
(def ^:private schema:join-team
[:map
[:invited-by ::sm/text]

6
backend/src/app/migrations.clj
View File

@ -466,7 +466,11 @@
:fn mg0145/migrate}
{:name "0146-mod-access-token-table"
:fn (mg/resource "app/migrations/sql/0146-mod-access-token-table.sql")}])
:fn (mg/resource "app/migrations/sql/0146-mod-access-token-table.sql")}
{:name "0147-mod-team-invitation-table"
:fn (mg/resource "app/migrations/sql/0147-mod-team-invitation-table.sql")}])
(defn apply-migrations!
[pool name migrations]

13
backend/src/app/migrations/sql/0147-mod-team-invitation-table.sql Normal file
View File

@ -0,0 +1,13 @@
ALTER TABLE team_invitation
ADD COLUMN org_id uuid NULL;
ALTER TABLE team_invitation
ALTER COLUMN team_id DROP NOT NULL;
ALTER TABLE team_invitation
ADD CONSTRAINT team_invitation_team_or_org_not_null
CHECK (team_id IS NOT NULL OR org_id IS NOT NULL);
CREATE UNIQUE INDEX team_invitation_org_unique
ON team_invitation (org_id, email_to)
WHERE team_id IS NULL;

51
backend/src/app/rpc/commands/teams.clj
View File

@ -539,35 +539,29 @@
team (create-team cfg params)]
(select-keys team [:id])))
(defn- initialize-user-in-nitrate-org
(defn initialize-user-in-nitrate-org
"If needed, create a default team for the user on the organization,
and notify Nitrate that an user has been added to an org."
[cfg profile-id team-id]
[cfg profile-id org-id]
(assert (db/connection-map? cfg)
"expected cfg with valid connection")
(let [membership (nitrate/call cfg :get-org-membership-by-team {:profile-id profile-id :team-id team-id})]
;; Only when the team belong to an organization and the user is not a member
(when (and
(some? (:organization-id membership)) ;; the team do belong to an organization
(not (:is-member membership))) ;; the user is not a member of the org yet
(db/tx-run!
cfg
(fn [{:keys [::db/conn] :as tx-cfg}]
(let [org-id (:organization-id membership)
default-team (create-default-org-team (assoc tx-cfg ::db/conn conn) profile-id org-id)
default-team-id (:id default-team)
result (nitrate/call tx-cfg :add-profile-to-org {:profile-id profile-id
:team-id default-team-id
:org-id org-id})]
(when (not (:is-member result))
(ex/raise :type :internal
:code :failed-add-profile-org-nitrate
:context {:profile-id profile-id
:team-id team-id
:org-id org-id
:default-team-id default-team-id}))
nil))))))
(when (contains? cf/flags :nitrate)
(db/tx-run!
cfg
(fn [{:keys [::db/conn] :as tx-cfg}]
(let [org-id org-id
default-team (create-default-org-team (assoc tx-cfg ::db/conn conn) profile-id org-id)
default-team-id (:id default-team)
result (nitrate/call tx-cfg :add-profile-to-org {:profile-id profile-id
:team-id default-team-id
:org-id org-id})]
(when (not (:is-member result))
(ex/raise :type :internal
:code :failed-add-profile-org-nitrate
:context {:profile-id profile-id
:org-id org-id
:default-team-id default-team-id}))
default-team-id)))))
(defn add-profile-to-team!
([cfg params]
@ -576,7 +570,12 @@
(assert (db/connection-map? cfg)
"expected cfg with valid connection")
(when (contains? cf/flags :nitrate)
(initialize-user-in-nitrate-org cfg profile-id team-id))
(let [membership (nitrate/call cfg :get-org-membership-by-team {:profile-id profile-id :team-id team-id})]
;; Only when the team belong to an organization and the user is not a member
(when (and
(some? (:organization-id membership)) ;; the team do belong to an organization
(not (:is-member membership))) ;; the user is not a member of the org yet
(initialize-user-in-nitrate-org cfg profile-id (:organization-id membership)))))
(db/insert! conn :team-profile-rel params options)))
(defn create-team

125
backend/src/app/rpc/commands/teams_invitations.clj
View File

@ -36,20 +36,29 @@
;; --- Mutation: Create Team Invitation
(def sql:upsert-team-invitation
"insert into team_invitation(id, team_id, email_to, created_by, role, valid_until)
values (?, ?, ?, ?, ?, ?)
"insert into team_invitation(id, team_id, org_id, email_to, created_by, role, valid_until)
values (?, ?, null, ?, ?, ?, ?)
on conflict(team_id, email_to) do
update set role = ?, valid_until = ?, updated_at = now()
returning *")
(def sql:upsert-org-invitation
"insert into team_invitation(id, team_id, org_id, email_to, created_by, role, valid_until)
values (?, null, ?, ?, ?, ?, ?)
on conflict(org_id, email_to) where team_id is null do
update set role = ?, valid_until = ?, updated_at = now()
returning *")
(defn- create-invitation-token
[cfg {:keys [profile-id valid-until team-id member-id member-email role]}]
[cfg {:keys [profile-id valid-until org-id org-name team-id member-id member-email role]}]
(tokens/generate cfg
{:iss :team-invitation
:exp valid-until
:profile-id profile-id
:role role
:team-id team-id
:org-id org-id
:org-name org-name
:member-email member-email
:member-id member-id}))
@ -75,20 +84,40 @@
[:role types.team/schema:role]
[:email ::sm/email]])
(def ^:private schema:create-org-invitation
[:map {:title "params:create-org-invitation"}
[::rpc/profile-id ::sm/uuid]
[:organization
[:map
[:id ::sm/uuid]
[:name :string]
[:logo ::sm/uri]]]
[:profile
[:map
[:id ::sm/uuid]
[:fullname :string]]]
[:role types.team/schema:role]
[:email ::sm/email]])
(def ^:private check-create-invitation-params
(sm/check-fn schema:create-invitation))
(def ^:private check-create-org-invitation-params
(sm/check-fn schema:create-org-invitation))
(defn- allow-invitation-emails?
[member]
(let [notifications (dm/get-in member [:props :notifications])]
(not= :none (:email-invites notifications))))
(defn- create-invitation
[{:keys [::db/conn] :as cfg} {:keys [team profile role email] :as params}]
[{:keys [::db/conn] :as cfg} {:keys [team organization profile role email] :as params}]
(assert (db/connection-map? cfg)
"expected cfg with valid connection")
(assert (check-create-invitation-params params))
(if organization
(assert (check-create-org-invitation-params params))
(assert (check-create-invitation-params params)))
(let [email (profile/clean-email email)
member (profile/get-profile-by-email conn email)]
@ -105,8 +134,12 @@
:profile-id (:id member)}
(get types.team/permissions-for-role role))]
;; Insert the invited member to the team
(teams/add-profile-to-team! cfg params {::db/on-conflict-do-nothing? true})
(if organization
;; Insert the invited member to the org
(when (contains? cf/flags :nitrate)
(teams/initialize-user-in-nitrate-org cfg (:id member) (:id organization)))
;; Insert the invited member to the team
(teams/add-profile-to-team! cfg params {::db/on-conflict-do-nothing? true}))
;; If profile is not yet verified, mark it as verified because
;; accepting an invitation link serves as verification.
@ -123,18 +156,30 @@
(teams/check-email-spam conn email true)
(let [id (uuid/next)
expire (ct/in-future "168h") ;; 7 days
invitation (db/exec-one! conn [sql:upsert-team-invitation id
(:id team) (str/lower email)
(:id profile)
(name role) expire
(name role) expire])
expire (if organization
(ct/in-future "876000h") ;; Organization invitations doesn't expire
(ct/in-future "168h")) ;; 7 days
invitation (db/exec-one! conn (if organization
[sql:upsert-org-invitation id
(:id organization)
(str/lower email)
(:id profile)
(name role) expire
(name role) expire]
[sql:upsert-team-invitation id
(:id team)
(str/lower email)
(:id profile)
(name role) expire
(name role) expire]))
updated? (not= id (:id invitation))
profile-id (:id profile)
tprops {:profile-id profile-id
:invitation-id (:id invitation)
:valid-until expire
:team-id (:id team)
:org-id (:id organization)
:org-name (:name organization)
:member-email (:email-to invitation)
:member-id (:id member)
:role role}
@ -146,30 +191,54 @@
(let [props (-> (dissoc tprops :profile-id)
(audit/clean-props))
evname (if updated?
"update-team-invitation"
"create-team-invitation")
evname (cond
(and updated? organization) "update-org-invitation"
updated? "update-team-invitation"
organization "create-org-invitation"
:else "create-team-invitation")
event (-> (audit/event-from-rpc-params params)
(assoc ::audit/name evname)
(assoc ::audit/props props))]
(audit/submit! cfg event))
(when (allow-invitation-emails? member)
(let [team (if (contains? cf/flags :nitrate)
(nitrate/add-org-info-to-team cfg team {})
team)]
(eml/send! {::eml/conn conn
::eml/factory eml/invite-to-team
:public-uri (cf/get :public-uri)
:to email
:invited-by (:fullname profile)
:team (:name team)
:organization (:organization-name team)
:token itoken
:extra-data ptoken})))
(if organization
(when (contains? cf/flags :nitrate)
(eml/send! {::eml/conn conn
::eml/factory eml/invite-to-org
:public-uri (cf/get :public-uri)
:to email
:invited-by (:fullname profile)
:user-name (:fullname member)
:org-name (:name organization)
:org-logo (:logo organization)
:org-initials (d/get-initials (:name organization))
:token itoken
:extra-data ptoken}))
(let [team (if (contains? cf/flags :nitrate)
(nitrate/add-org-info-to-team cfg team {})
team)]
(eml/send! {::eml/conn conn
::eml/factory eml/invite-to-team
:public-uri (cf/get :public-uri)
:to email
:invited-by (:fullname profile)
:team (:name team)
:organization (:organization-name team)
:token itoken
:extra-data ptoken}))))
itoken)))))
(defn create-org-invitation
[cfg {:keys [::rpc/profile-id id name logo] :as params}]
(let [profile (db/get-by-id cfg :profile profile-id)]
(create-invitation cfg
(assoc params
:organization {:id id :name name :logo logo}
:profile profile
:role :editor))))
(defn- add-member-to-team
[{:keys [::db/conn] :as cfg} profile team role member]
(assert (db/connection-map? cfg)

115
backend/src/app/rpc/commands/verify_token.clj
View File

@ -87,52 +87,74 @@
;; --- Team Invitation
(defn- accept-invitation
[{:keys [::db/conn] :as cfg} {:keys [team-id role member-email] :as claims} invitation member]
[{:keys [::db/conn] :as cfg}
{:keys [team-id org-id role member-email] :as claims} invitation member]
(let [;; Update the role if there is an invitation
role (or (some-> invitation :role keyword) role)
params (merge
{:team-id team-id
:profile-id (:id member)}
(get types.team/permissions-for-role role))]
id-member (:id member)]
;; Do not allow blocked users accept invitations.
(when (:is-blocked member)
(ex/raise :type :restriction
:code :profile-blocked))
(quotes/check! cfg {::quotes/id ::quotes/profiles-per-team
::quotes/profile-id (:id member)
::quotes/team-id team-id})
(when team-id
(quotes/check! cfg {::quotes/id ::quotes/profiles-per-team
::quotes/profile-id id-member
::quotes/team-id team-id}))
;; Insert the invited member to the team
(teams/add-profile-to-team! cfg params {::db/on-conflict-do-nothing? true})
(let [params (merge
{:team-id team-id
:profile-id id-member}
(get types.team/permissions-for-role role))
;; If profile is not yet verified, mark it as verified because
;; accepting an invitation link serves as verification.
(when-not (:is-active member)
(db/update! conn :profile
{:is-active true}
{:id (:id member)}))
accepted-team-id (if org-id
;; Insert the invited member to the org
(when (contains? cf/flags :nitrate)
(teams/initialize-user-in-nitrate-org cfg id-member org-id))
;; Insert the invited member to the team
(do (teams/add-profile-to-team! cfg params {::db/on-conflict-do-nothing? true})
team-id))]
;; Delete the invitation
(db/delete! conn :team-invitation
{:team-id team-id :email-to member-email})
(when-not accepted-team-id
(ex/raise :type :internal
:code :accept-invitation-failed
:hint "the accept invitation has failed"))
;; Delete any request
(db/delete! conn :team-access-request
{:team-id team-id :requester-id (:id member)})
(assoc member :is-active true)))
;; If profile is not yet verified, mark it as verified because
;; accepting an invitation link serves as verification.
(when-not (:is-active member)
(db/update! conn :profile
{:is-active true}
{:id id-member}))
;; Delete the invitation
(db/delete! conn :team-invitation
(cond-> {:email-to member-email}
team-id (assoc :team-id team-id)
org-id (assoc :org-id org-id)))
;; Delete any request (only applicable for team invitations)
(when team-id
(db/delete! conn :team-access-request
{:team-id team-id :requester-id id-member}))
accepted-team-id)))
(def schema:team-invitation-claims
[:map {:title "TeamInvitationClaims"}
[:iss :keyword]
[:exp ::ct/inst]
[:profile-id ::sm/uuid]
[:role types.team/schema:role]
[:team-id ::sm/uuid]
[:member-email ::sm/email]
[:member-id {:optional true} ::sm/uuid]])
[:and
[:map {:title "TeamInvitationClaims"}
[:iss :keyword]
[:exp ::ct/inst]
[:profile-id ::sm/uuid]
[:role types.team/schema:role]
[:team-id {:optional true} ::sm/uuid]
[:org-id {:optional true} ::sm/uuid]
[:member-email ::sm/email]
[:member-id {:optional true} ::sm/uuid]]
[:fn {:error/message "team-id or org-id must be present"}
(fn [m] (or (:team-id m) (:org-id m)))]])
(def valid-team-invitation-claims?
(sm/lazy-validator schema:team-invitation-claims))
@ -140,7 +162,7 @@
(defmethod process-token :team-invitation
[{:keys [::db/conn] :as cfg}
{:keys [::rpc/profile-id token] :as params}
{:keys [member-id team-id member-email] :as claims}]
{:keys [member-id team-id org-id member-email] :as claims}]
(when-not (valid-team-invitation-claims? claims)
(ex/raise :type :validation
@ -148,19 +170,27 @@
:hint "invitation token contains unexpected data"))
(let [invitation (db/get* conn :team-invitation
{:team-id team-id :email-to member-email})
(cond-> {:email-to member-email}
team-id (assoc :team-id team-id)
org-id (assoc :org-id org-id)))
profile (db/get* conn :profile
{:id profile-id}
{:columns [:id :email]})
registration-disabled? (not (contains? cf/flags :registration))]
(when (nil? invitation)
(ex/raise :type :validation
:code :invalid-token
:hint "no invitation associated with the token"))
(if (some? profile)
(if (or (= member-id profile-id)
(= member-email (:email profile)))
(if profile
(do
(when-not (or (= member-id profile-id)
(= member-email (:email profile)))
(ex/raise :type :validation
:code :invalid-token
:hint "logged-in user does not matches the invitation"))
;; if we have logged-in user and it matches the invitation we proceed
;; with accepting the invitation and joining the current profile to the
@ -188,17 +218,16 @@
:profile-id (:id profile)
:email (:email profile))))))
(accept-invitation cfg claims invitation profile)
(assoc claims :state :created))
(ex/raise :type :validation
:code :invalid-token
:hint "logged-in user does not matches the invitation"))
(let [accepted-team-id (accept-invitation cfg claims invitation profile)]
(cond-> (assoc claims :state :created)
;; when the invitation is to an org, instead of a team, add the
;; accepted-team-id as :org-team-id
(:org-id claims)
(assoc :org-team-id accepted-team-id)))))
;; If we have not logged-in user, and invitation comes with member-id we
;; redirect user to login, if no memeber-id is present and in the invitation
;; token and registration is enabled, we redirect user the the register page.
{:invitation-token token
:iss :team-invitation
:redirect-to (if (or member-id registration-disabled?) :auth-login :auth-register)

16
backend/src/app/rpc/management/nitrate.clj
View File

@ -21,6 +21,7 @@
[app.rpc.commands.files :as files]
[app.rpc.commands.profile :as profile]
[app.rpc.commands.teams :as teams]
[app.rpc.commands.teams-invitations :as ti]
[app.rpc.doc :as doc]
[app.util.services :as sv]))
@ -294,3 +295,18 @@ RETURNING id, name;")
:id id))
(profile-to-map profile)))
;; API: invite-to-org
(sv/defmethod ::invite-to-org
"Invite to organization"
{::doc/added "2.15"
::sm/params [:map
[:email ::sm/email]
[:id ::sm/uuid]
[:name ::sm/text]
[:logo ::sm/uri]]}
[cfg params]
(db/tx-run! cfg ti/create-org-invitation params)
nil)

1
backend/test/backend_tests/rpc_management_nitrate_test.clj
View File

@ -11,6 +11,7 @@
[app.common.uuid :as uuid]
[app.config :as cf]
[app.db :as-alias db]
[app.email :as email]
[app.msgbus :as mbus]
[app.rpc :as-alias rpc]
[backend-tests.helpers :as th]

10
common/src/app/common/data.cljc
View File

@ -1181,6 +1181,16 @@
str/trim)
""))
(defn get-initials
"Returns up to two uppercase initials extracted from a string.
Non-letter prefixes in each token are ignored."
[name]
(->> (str/split (str/trim (or name "")) #"\s+")
(keep #(first (re-seq #"[a-zA-Z]" %)))
(take 2)
(map str/upper)
(apply str)))
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Util protocols
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

8
common/test/common_tests/data_test.cljc
View File

@ -28,6 +28,14 @@
(t/is (not (d/in-range? 5 -1)))
(t/is (not (d/in-range? 0 0))))
(t/deftest get-initials-test
(t/is (= "JD" (d/get-initials "John Doe")))
(t/is (= "A" (d/get-initials "acme")))
(t/is (= "AB" (d/get-initials "123 Alpha ## beta")))
(t/is (= "PD" (d/get-initials " penpot design tool ")))
(t/is (= "" (d/get-initials nil)))
(t/is (= "" (d/get-initials "!!! ???"))))
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Ordered Data Structures
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

19
frontend/src/app/main/ui/auth/verify_token.cljs
View File

@ -41,19 +41,22 @@
(st/emit! (da/login-from-token tdata)))
(defmethod handle-token :team-invitation
[tdata]
(case (:state tdata)
[{:keys [state team-id org-team-id org-name invitation-token] :as tdata}]
(case state
:created
(let [team-id (:team-id tdata)]
(if org-team-id
(st/emit!
(ntf/success (tr "auth.notifications.team-invitation-accepted"))
(du/refresh-profile)
(dcm/go-to-dashboard-recent :team-id team-id)))
(dcm/go-to-dashboard-recent :team-id org-team-id)
(ntf/success (tr "auth.notifications.org-invitation-accepted" org-name)))
(st/emit!
(du/refresh-profile)
(dcm/go-to-dashboard-recent :team-id team-id)
(ntf/success (tr "auth.notifications.team-invitation-accepted"))))
:pending
(let [token (:invitation-token tdata)
route-id (:redirect-to tdata :auth-register)]
(st/emit! (rt/nav route-id {:invitation-token token})))))
(let [route-id (:redirect-to tdata :auth-register)]
(st/emit! (rt/nav route-id {:invitation-token invitation-token})))))
(defmethod handle-token :default
[_tdata]

12
frontend/src/app/main/ui/components/org_avatar.cljs
View File

@ -7,24 +7,16 @@
(ns app.main.ui.components.org-avatar
(:require-macros [app.main.style :as stl])
(:require
[cuerdas.core :as str]
[app.common.data :as d]
[rumext.v2 :as mf]))
(defn- get-org-initials
[name]
(->> (str/split (str/trim (or name "")) #"\s+")
(keep #(first (re-seq #"[a-zA-Z]" %)))
(take 2)
(map str/upper)
(apply str)))
(mf/defc org-avatar*
{::mf/props :obj}
[{:keys [org size]}]
(let [name (:name org)
custom-photo (:organization-custom-photo org)
avatar-bg (:organization-avatar-bg-url org)
initials (get-org-initials name)]
initials (d/get-initials name)]
(if custom-photo
[:img {:src custom-photo

3
frontend/translations/en.po
View File

@ -108,6 +108,9 @@ msgstr "Password recovery link sent to your inbox."
msgid "auth.notifications.team-invitation-accepted"
msgstr "Joined the team successfully"
msgid "auth.notifications.org-invitation-accepted"
msgstr "You're now part of %s"
#: src/app/main/ui/auth/login.cljs:188, src/app/main/ui/auth/register.cljs:174
msgid "auth.password"
msgstr "Password"

3
frontend/translations/es.po
View File

@ -114,6 +114,9 @@ msgstr "Hemos enviado a tu buzón un enlace para recuperar tu contraseña."
msgid "auth.notifications.team-invitation-accepted"
msgstr "Te uniste al equipo"
msgid "auth.notifications.org-invitation-accepted"
msgstr "Te uniste a la organización %s"
#: src/app/main/ui/auth/login.cljs:188, src/app/main/ui/auth/register.cljs:174
msgid "auth.password"
msgstr "Contraseña"