Resolves reuse of invitation code

2022-11-21 18:50:08 +00:00 · 2022-11-21 18:50:08 +00:00 · aa17f9679b
parent 5248a252ec
commit aa17f9679b
8 changed files with 86 additions and 2 deletions
--- a/api/funkwhale_api/manage/serializers.py
+++ b/api/funkwhale_api/manage/serializers.py
@ -98,12 +98,28 @@ class ManageUserSerializer(serializers.ModelSerializer):
 class ManageInvitationSerializer(serializers.ModelSerializer):
    users = ManageUserSimpleSerializer(many=True, required=False)
    owner = ManageUserSimpleSerializer(required=False)
+    invited_user = ManageUserSimpleSerializer(required=False)
    code = serializers.CharField(required=False, allow_null=True)

    class Meta:
        model = users_models.Invitation
-        fields = ("id", "owner", "code", "expiration_date", "creation_date", "users")
-        read_only_fields = ["id", "expiration_date", "owner", "creation_date", "users"]
+        fields = (
+            "id",
+            "owner",
+            "invited_user",
+            "code",
+            "expiration_date",
+            "creation_date",
+            "users",
+        )
+        read_only_fields = [
+            "id",
+            "expiration_date",
+            "owner",
+            "invited_user",
+            "creation_date",
+            "users",
+        ]

    def validate_code(self, value):
        if not value:
--- a/api/funkwhale_api/users/factories.py
+++ b/api/funkwhale_api/users/factories.py
@ -57,6 +57,9 @@ class InvitationFactory(NoUpdateOnCreate, factory.django.DjangoModelFactory):

    class Params:
        expired = factory.Trait(expiration_date=factory.LazyFunction(timezone.now))
+        with_invited_user = factory.Trait(
+            invited_user=factory.SubFactory("funkwhale_api.users.factories.UserFactory")
+        )


 class PasswordSetter(factory.PostGenerationMethodCall):
--- a/api/funkwhale_api/users/migrations/0022_auto_20221119_1819.py
+++ b/api/funkwhale_api/users/migrations/0022_auto_20221119_1819.py
@ -0,0 +1,37 @@
+# Generated by Django 3.2.16 on 2022-11-19 18:19
+
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+
+def update_invitation_table(apps, schema_editor):
+    User = apps.get_model("users", "User")
+    Invitation = apps.get_model("users", "Invitation")
+    for user in User.objects.all():
+        if user.invitation:
+            Invitation.objects.filter(id=user.invitation.id).update(invited_user_id=user.id)
+
+
+def rewind(*args, **kwargs):
+    pass
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('users', '0021_auto_20210703_1810'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='invitation',
+            name='invited_user',
+            field=models.ForeignKey(null=True, on_delete=django.db.models.deletion.CASCADE, related_name='user_invitations', to=settings.AUTH_USER_MODEL),
+        ),
+        migrations.AlterField(
+            model_name='invitation',
+            name='owner',
+            field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='invitations', to=settings.AUTH_USER_MODEL),
+        ),
+        migrations.RunPython(update_invitation_table, rewind),
+    ]
--- a/api/funkwhale_api/users/models.py
+++ b/api/funkwhale_api/users/models.py
@ -338,6 +338,9 @@ class Invitation(models.Model):
    owner = models.ForeignKey(
        User, related_name="invitations", on_delete=models.CASCADE
    )
+    invited_user = models.ForeignKey(
+        User, related_name="user_invitations", null=True, on_delete=models.CASCADE
+    )
    code = models.CharField(max_length=50, unique=True)

    objects = InvitationQuerySet.as_manager()
@ -352,6 +355,10 @@ class Invitation(models.Model):

        return super().save(**kwargs)

+    def set_invited_user(self, user):
+        self.invited_user = user
+        super().save()
+

 class Application(oauth2_models.AbstractApplication):
    scope = models.TextField(blank=True)
--- a/api/funkwhale_api/users/views.py
+++ b/api/funkwhale_api/users/views.py
@ -40,6 +40,9 @@ class RegisterView(registration_views.RegisterView):
        if not user.is_active:
            # manual approval, we need to send the confirmation e-mail by hand
            authentication.send_email_confirmation(self.request, user)
+        if user.invitation:
+            user.invitation.set_invited_user(user)
+
        return user


--- a/api/tests/users/test_models.py
+++ b/api/tests/users/test_models.py
@ -105,6 +105,13 @@ def test_invitation_generates_random_code_on_save(factories):
    assert len(invitation.code) >= 6


+def test_invitation_get_deleted_when_user_is_deleted(factories):
+    invitation = factories["users.Invitation"](with_invited_user=True)
+    invitation.invited_user.delete()
+
+    assert models.Invitation.objects.count() == 0
+
+
 def test_invitation_expires_after_delay(factories, settings):
    delay = settings.USERS_INVITATION_EXPIRATION_DAYS
    invitation = factories["users.Invitation"]()
--- a/changes/changelog.d/1952.bugfix
+++ b/changes/changelog.d/1952.bugfix
@ -0,0 +1 @@
+Fixed invitation reuse after the invited user has been deleted (#1952)
--- a/front/src/components/manage/users/InvitationsTable.vue
+++ b/front/src/components/manage/users/InvitationsTable.vue
@ -75,6 +75,11 @@
              Owner
            </translate>
          </th>
+          <th>
+            <translate translate-context="Content/Admin/Table.Label/Noun">
+              User
+            </translate>
+          </th>
          <th>
            <translate translate-context="*/*/*">
              Status
@ -105,6 +110,11 @@
              {{ scope.obj.owner.username }}
            </router-link>
          </td>
+          <td>
+            <span v-if="scope.obj.invited_user">
+              {{ scope.obj.invited_user.username }}
+            </span>
+          </td>
          <td>
            <span
              v-if="scope.obj.users.length > 0"
				`@ -0,0 +1 @@`
				`Fixed invitation reuse after the invited user has been deleted (#1952)`