Merge pull request #3298 from penpot/superalex-improve-invitations-validation

✨ Improve invitations validation
2025-12-12 06:24:17 +01:00 · 2023-06-16 10:51:57 +02:00
parent 6659ab110c 8a9a3cbf37
commit 559c03550d
3 changed files with 12 additions and 8 deletions
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,5 +1,7 @@
 # CHANGELOG

+## 1.18.5
+
 ## 1.18.4

 ### :bug: Bugs fixed
--- a/backend/src/app/rpc/commands/auth.clj
+++ b/backend/src/app/rpc/commands/auth.clj
@@ -169,14 +169,16 @@
  [{:keys [::db/pool] :as cfg} params]

  (when-not (contains? cf/flags :registration)
-    (if-not (contains? params :invitation-token)
+    (when-not (contains? params :invitation-token)
      (ex/raise :type :restriction
-                :code :registration-disabled)
-      (let [invitation (tokens/verify (::main/props cfg) {:token (:invitation-token params) :iss :team-invitation})]
-        (when-not (= (:email params) (:member-email invitation))
-          (ex/raise :type :restriction
-                    :code :email-does-not-match-invitation
-                    :hint "email should match the invitation")))))
+                :code :registration-disabled)))
+
+  (when (contains? params :invitation-token)
+    (let [invitation (tokens/verify (::main/props cfg) {:token (:invitation-token params) :iss :team-invitation})]
+      (when-not (= (:email params) (:member-email invitation))
+        (ex/raise :type :restriction
+                  :code :email-does-not-match-invitation
+                  :hint "email should match the invitation"))))

  (when-let [domains (cf/get :registration-domain-whitelist)]
    (when-not (email-domain-in-whitelist? domains (:email params))
--- a/version.txt
+++ b/version.txt
@@ -1 +1 @@
-1.18.4
+1.18.5
@@ -1 +1 @@
 .18.4
 .18.5