github/penpot
1
0
Fork 0
mirror of https://github.com/penpot/penpot.git synced 2026-05-19 23:13:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

🐛 Fix invalid token on anonymous session

Browse Source
This commit is contained in:
Alonso Torres 2026-05-19 13:13:11 +02:00 committed by GitHub
parent d9ee28229c
commit aa1fb718e0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 15 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
backend/src/app/rpc/commands/verify_token.clj
View File

@ -247,13 +247,21 @@
(:organization-id claims)
(assoc :org-team-id accepted-team-id)))))
;; If we have not logged-in user, and invitation comes with member-id we
;; redirect user to login, if no memeber-id is present and in the invitation
;; token and registration is enabled, we redirect user the the register page.
{:invitation-token token
:iss :team-invitation
:redirect-to (if (or member-id registration-disabled?) :auth-login :auth-register)
:state :pending})))
(do
;; If the user is not logged-in and the token is invalid we throw the error
;; Taiga issue #14182
(when (nil? invitation)
(ex/raise :type :validation
:code :invalid-token
:hint "no invitation associated with the token"))
;; If we have not logged-in user, and invitation comes with member-id we
;; redirect user to login, if no member-id is present and in the invitation
;; token and registration is enabled, we redirect user the the register page.
{:invitation-token token
:iss :team-invitation
:redirect-to (if (or member-id registration-disabled?) :auth-login :auth-register)
:state :pending}))))
;; --- Default