Require invitation token for signup

702b57c1 · Felix Eckhofer · 73fdeb07 · 702b57c1 · 702b57c1 · 702b57c1
Unverified Commit 702b57c1 authored 3 months ago by Felix Eckhofer
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
 class ApplicationController < ActionController::Base
+  before_action :configure_permitted_parameters, if: :devise_controller?
+  protected
+  def configure_permitted_parameters
+    devise_parameter_sanitizer.permit(:sign_up, keys: [:invitation_token])
+  end
 end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -4,7 +4,9 @@ class User < ApplicationRecord
  has_many :candidates
  validates :password, presence: true, length: { minimum: 6 }, allow_nil: true
-  validates :email, uniqueness: { case_sensitive: false, message: "already in use" }
+  validates :email, uniqueness: { case_sensitive: false, message: "already in use" }, allow_nil: true
+  validates :invitation_token, presence: true, on: :create
+  validate :valid_invitation_token, on: :create
  after_initialize :set_avatar_color
@@ -43,4 +45,10 @@ class User < ApplicationRecord
    self.avatar_color = "##{r.to_s(16).rjust(2, '0')}#{g.to_s(16).rjust(2, '0')}#{b.to_s(16).rjust(2, '0')}"
  end
+  private
+  def valid_invitation_token valid_tokens = ["gargamel"]
+    errors.add(:invitation_token, "is invalid") unless valid_tokens.include?(invitation_token)
+  end
 end
--- a/app/views/devise/registrations/new.html.erb
+++ b/app/views/devise/registrations/new.html.erb
@@ -22,6 +22,11 @@
    <%= f.password_field :password_confirmation, autocomplete: "new-password" %>
  </div>
+  <div class="field">
+    <%= f.label :invitation_token, "Invitation Token" %><br />
+    <%= f.text_field :invitation_token, autocomplete: "off" %>
+  </div>
  <div class="actions">
    <%= f.submit "Sign up" %>
  </div>

--- a/db/migrate/20241220212328_add_invitation_token_to_users.rb
+++ b/db/migrate/20241220212328_add_invitation_token_to_users.rb
+class AddInvitationTokenToUsers < ActiveRecord::Migration[7.1]
+  def change
+    add_column :users, :invitation_token, :string
+  end
+end
--- a/db/seeds.rb
+++ b/db/seeds.rb
@@ -61,6 +61,8 @@ end
 %w[tribut Teal hdsjulian Sophie bergpiratin sblsg Max aerowaffle ningwie Senana ToniHDS].each do |username|
  User.find_or_create_by(name: username) do |u|
    u.email = "c3lingo+#{username}@x.moeffju.net"
+    u.invitation_token = "gargamel"
+    u.save!
  end
 end