Allow multiple project invites for one user #1043
Merged
Commits on Sep 27, 2024
-
Allow users to accept multiple invitations
Now that we use invitation links for both projects and orgs, it will start to become rather common for someone to receive an org invitation and a project invitation within the same few minutes. So we need to allow users to click on invitation links even if they already have a Lexbox account.
-
Add check to prevent request forgery
Without this check, it would be possible for someone who manages to intercept someone else's email (by social engineering or other means) to forge a project invitation request, reusing the still-valid JWT from the genuine user.
-
Forbid changing email when accepting invite
No backend checks yet, this is just frontend for now.
-
-
Attempt to add GQL query for looking up user
This fails: despite the AllowAnonymous, the GraphQL query is being rejected because the RegisterAccount audience is not allowed to use GQL queries. I'll need to find some other way to do this.
-
Don't use GQL queries, use alternate page
Instead of GQL queries to check if the user already exists, we put the logic into LoginController. This works: users can now receive multiple invitation links, and only see the registration page if they have not registered yet. If they have registered before, they're taken to an alternate URL that logs them in immediately. Still to do: ensure that the acceptInvitation backend doesn't throw an error if the user is already a member of the project, but just silently returns success if we're already in the desired state.
-
Don't error if same invite accepted twice
If a user clicks the same invitation link twice, he should not get an error message, he should just be taken to his home page. He's already a member of the project, so trying to join the project should not error but just succeed silently.
-
-
Center turnstile component in accept-quickly page
This allows the turnstile component to double as a visual indicator to the user that things are progressing.
-
-
-
Address CodeQL security concern
Ensure that LoginRedirect can never be used to redirect to a different site. In the future we may whitelist certain domains such as lexbox.org, but for now we just strip off the hostname and make sure it has to be a relative URL.
-
First draft of redirecting server-side
WIP. Not yet tested, probably not yet functional.
-
Better approach than changing LoginRedirect
Rather than redirect to the frontend and then query the backend to find out if the user already exists, let's redirect to a backend endpoint, which will then decide which frontend page to redirect to. A double redirect may not be ideal, but it's better than special-case code in the LoginRedirect method.
-
-
Delete no-longer-needed frontend page
Back to just a single frontend page for accepting invites — great.
-
-
Handle edge case of registering existing email
This can only happen if an admin creates the account while the user was filling out the registration page, so this probably will never happen.
-
Remove unneeded method parameters
These services are already injected in the constructor
-
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.