improve email formatting and invite flow for new users

2025-08-04 01:55:10 +02:00 · 2024-12-31 18:25:11 -05:00 · 2024-12-31 18:25:11 -05:00 · d447de9e8a
commit d447de9e8a
parent d244d6003b
15 changed files with 107 additions and 89 deletions
--- a/server/routers/auth/signup.ts
+++ b/server/routers/auth/signup.ts
@ -84,6 +84,15 @@ export async function signup(
                createHttpError(HttpCode.BAD_REQUEST, "Invite does not exist")
            );
        }
+
+        if (existingInvite.email !== email) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    "Invite is not for this user"
+                )
+            );
+        }
    }

    try {
--- a/server/routers/external.ts
+++ b/server/routers/external.ts
@ -137,7 +137,7 @@ authenticated.post(
    verifyUserHasAction(ActionsEnum.inviteUser),
    user.inviteUser
 ); // maybe make this /invite/create instead
-authenticated.post("/invite/accept", user.acceptInvite);
+unauthenticated.post("/invite/accept", user.acceptInvite); // this is supposed to be unauthenticated

 authenticated.get(
    "/resource/:resourceId/roles",
--- a/server/routers/user/acceptInvite.ts
+++ b/server/routers/user/acceptInvite.ts
@ -12,6 +12,7 @@ import { fromError } from "zod-validation-error";
 import { isWithinExpirationDate } from "oslo";
 import { verifyPassword } from "@server/auth/password";
 import { checkValidInvite } from "@server/auth/checkValidInvite";
+import { verifySession } from "@server/auth";

 const acceptInviteBodySchema = z
    .object({
@ -72,7 +73,9 @@ export async function acceptInvite(
            );
        }

-        if (req.user && req.user.email !== existingInvite.email) {
+        const { user, session } = await verifySession(req);
+
+        if (user && user.email !== existingInvite.email) {
            return next(
                createHttpError(
                    HttpCode.BAD_REQUEST,