Skip redundant accept if email matches user invite

- no need for double confirmation in the case where user has an invite and is not a member yet.

Skip redundant accept if email matches user invite
- no need for double confirmation in the case where user has an invite and is not a member yet.
b8099cc2 · Doug Stull · Peter Leitzen · 27e3ac01 · b8099cc2 · b8099cc2
Commit b8099cc2 authored Jul 07, 2020 by Doug Stull Committed by Peter Leitzen Jul 07, 2020
5 changed files
--- a/app/controllers/invites_controller.rb
+++ b/app/controllers/invites_controller.rb
 # frozen_string_literal: true

 class InvitesController < ApplicationController
+  include Gitlab::Utils::StrongMemoize
+
  before_action :member
  skip_before_action :authenticate_user!, only: :decline

+  helper_method :member?, :current_user_matches_invite?
+
  respond_to :html

  def show
+    accept if skip_invitation_prompt?
  end

  def accept
@@ -38,6 +43,20 @@ class InvitesController < ApplicationController

  private

+  def skip_invitation_prompt?
+    !member? && current_user_matches_invite?
+  end
+
+  def current_user_matches_invite?
+    @member.invite_email == current_user.email
+  end
+
+  def member?
+    strong_memoize(:is_member) do
+      @member.source.users.include?(current_user)
+    end
+  end
+
  def member
    return @member if defined?(@member)


--- a/app/views/invites/show.html.haml
+++ b/app/views/invites/show.html.haml
@@ -20,21 +20,19 @@
      = link_to group.name, group_url(group)
  as #{@member.human_access}.

- is_member = @member.source.users.include?(current_user)
-
- if is_member
+- if member?
  %p
    - member_source = @member.source.is_a?(Group) ? _("group") : _("project")
    = _("However, you are already a member of this %{member_source}. Sign in using a different account to accept the invitation.") % { member_source: member_source }

- if @member.invite_email != current_user.email
+- if !current_user_matches_invite?
  %p
    - mail_to_invite_email = mail_to(@member.invite_email)
    - mail_to_current_user = mail_to(current_user.email)
    - link_to_current_user = link_to(current_user.to_reference, user_url(current_user))
    = _("Note that this invitation was sent to %{mail_to_invite_email}, but you are signed in as %{link_to_current_user} with email %{mail_to_current_user}.").html_safe % { mail_to_invite_email: mail_to_invite_email, mail_to_current_user: mail_to_current_user, link_to_current_user: link_to_current_user }

- unless is_member
+- unless member?
  .actions
    = link_to _("Accept invitation"), accept_invite_url(@token), method: :post, class: "btn btn-success"
    = link_to _("Decline"), decline_invite_url(@token), method: :post, class: "btn btn-danger prepend-left-10"
--- a/changelogs/unreleased/214103-remove-the-second-prompt-to-accept-or-decline-an-invitation.yml
+++ b/changelogs/unreleased/214103-remove-the-second-prompt-to-accept-or-decline-an-invitation.yml
+---
+title: Remove the second prompt to accept or decline an invitation
+merge_request: 35777
+author:
+type: changed
--- a/spec/controllers/invites_controller_spec.rb
+++ b/spec/controllers/invites_controller_spec.rb
@@ -4,21 +4,44 @@ require 'spec_helper'

 RSpec.describe InvitesController do
  let(:token) { '123456' }
-  let(:user) { create(:user) }
-  let(:member) { create(:project_member, invite_token: token, invite_email: 'test@abc.com', user: user) }
+  let_it_be(:user) { create(:user) }
+  let(:member) { create(:project_member, :invited, invite_token: token, invite_email: user.email) }
+  let(:project_members) { member.source.users }

  before do
    controller.instance_variable_set(:@member, member)
    sign_in(user)
  end

-  describe 'GET #accept' do
+  describe 'GET #show' do
+    it 'accepts user if invite email matches signed in user' do
+      expect do
+        get :show, params: { id: token }
+      end.to change { project_members.include?(user) }.from(false).to(true)
+
+      expect(response).to have_gitlab_http_status(:found)
+      expect(flash[:notice]).to include 'You have been granted'
+    end
+
+    it 'forces re-confirmation if email does not match signed in user' do
+      member.invite_email = 'bogus@email.com'
+
+      expect do
+        get :show, params: { id: token }
+      end.not_to change { project_members.include?(user) }
+
+      expect(response).to have_gitlab_http_status(:ok)
+      expect(flash[:notice]).to be_nil
+    end
+  end
+
+  describe 'POST #accept' do
    it 'accepts user' do
-      get :accept, params: { id: token }
-      member.reload
+      expect do
+        post :accept, params: { id: token }
+      end.to change { project_members.include?(user) }.from(false).to(true)

      expect(response).to have_gitlab_http_status(:found)
-      expect(member.user).to eq(user)
      expect(flash[:notice]).to include 'You have been granted'
    end
  end
@@ -26,8 +49,8 @@ RSpec.describe InvitesController do
  describe 'GET #decline' do
    it 'declines user' do
      get :decline, params: { id: token }
-      expect {member.reload}.to raise_error ActiveRecord::RecordNotFound

+      expect { member.reload }.to raise_error ActiveRecord::RecordNotFound
      expect(response).to have_gitlab_http_status(:found)
      expect(flash[:notice]).to include 'You have declined the invitation to join'
    end

--- a/spec/features/invites_spec.rb
+++ b/spec/features/invites_spec.rb