fix: allow invite links to be sent more than once #134

kangmingtay · kangmingtay · commit 330f4671cf68 · 2021-07-14T01:17:33.000+08:00
diff --git a/api/invite.go b/api/invite.go
@@ -36,20 +36,23 @@ func (a *API) Invite(w http.ResponseWriter, r *http.Request) error {
 	if err != nil && !models.IsNotFoundError(err) {
 		return internalServerError("Database error finding user").WithInternalError(err)
 	}
-	if user != nil {
-		return unprocessableEntityError(DuplicateEmailMsg)
-	}
 
 	err = a.db.Transaction(func(tx *storage.Connection) error {
-		signupParams := SignupParams{
-			Email:    params.Email,
-			Data:     params.Data,
-			Aud:      aud,
-			Provider: "email",
-		}
-		user, err = a.signupNewUser(ctx, tx, &signupParams)
-		if err != nil {
-			return err
+		if user != nil {
+			if user.IsConfirmed() {
+				return unprocessableEntityError(DuplicateEmailMsg)
+			}
+		} else {
+			signupParams := SignupParams{
+				Email:    params.Email,
+				Data:     params.Data,
+				Aud:      aud,
+				Provider: "email",
+			}
+			user, err = a.signupNewUser(ctx, tx, &signupParams)
+			if err != nil {
+				return err
+			}
 		}
 
 		if terr := models.NewAuditLogEntry(tx, instanceID, adminUser, models.UserInvitedAction, map[string]interface{}{
diff --git a/api/mail.go b/api/mail.go
@@ -79,17 +79,20 @@ func (a *API) GenerateLink(w http.ResponseWriter, r *http.Request) error {
 			terr = errors.Wrap(tx.UpdateOnly(user, "recovery_token", "recovery_sent_at"), "Database error updating user for recovery")
 		case "invite":
 			if user != nil {
-				return unprocessableEntityError(DuplicateEmailMsg)
-			}
-			signupParams := &SignupParams{
-				Email:    params.Email,
-				Data:     params.Data,
-				Provider: "email",
-				Aud:      aud,
-			}
-			user, terr = a.signupNewUser(ctx, tx, signupParams)
-			if terr != nil {
-				return terr
+				if user.IsConfirmed() {
+					return unprocessableEntityError(DuplicateEmailMsg)
+				}
+			} else {
+				signupParams := &SignupParams{
+					Email:    params.Email,
+					Data:     params.Data,
+					Provider: "email",
+					Aud:      aud,
+				}
+				user, terr = a.signupNewUser(ctx, tx, signupParams)
+				if terr != nil {
+					return terr
+				}
 			}
 			if terr = models.NewAuditLogEntry(tx, instanceID, adminUser, models.UserInvitedAction, map[string]interface{}{
 				"user_id":    user.ID,
