From 702b57c15bf3c23dec988e6db6045443b5806f04 Mon Sep 17 00:00:00 2001
From: Felix Eckhofer <felix@eckhofer.com>
Date: Fri, 20 Dec 2024 23:14:44 +0100
Subject: [PATCH] Require invitation token for signup

---
 app/controllers/application_controller.rb              |  7 +++++++
 app/models/user.rb                                     | 10 +++++++++-
 app/views/devise/registrations/new.html.erb            |  5 +++++
 .../20241220212328_add_invitation_token_to_users.rb    |  5 +++++
 db/seeds.rb                                            |  2 ++
 5 files changed, 28 insertions(+), 1 deletion(-)
 create mode 100644 db/migrate/20241220212328_add_invitation_token_to_users.rb

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 09705d1..fde1425 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,2 +1,9 @@
 class ApplicationController < ActionController::Base
+  before_action :configure_permitted_parameters, if: :devise_controller?
+
+  protected
+
+  def configure_permitted_parameters
+    devise_parameter_sanitizer.permit(:sign_up, keys: [:invitation_token])
+  end
 end
diff --git a/app/models/user.rb b/app/models/user.rb
index 82a1d1f..f71f253 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -4,7 +4,9 @@ class User < ApplicationRecord
   has_many :candidates
 
   validates :password, presence: true, length: { minimum: 6 }, allow_nil: true
-  validates :email, uniqueness: { case_sensitive: false, message: "already in use" }
+  validates :email, uniqueness: { case_sensitive: false, message: "already in use" }, allow_nil: true
+  validates :invitation_token, presence: true, on: :create
+  validate :valid_invitation_token, on: :create
 
   after_initialize :set_avatar_color
 
@@ -43,4 +45,10 @@ class User < ApplicationRecord
 
     self.avatar_color = "##{r.to_s(16).rjust(2, '0')}#{g.to_s(16).rjust(2, '0')}#{b.to_s(16).rjust(2, '0')}"
   end
+
+  private
+
+  def valid_invitation_token valid_tokens = ["gargamel"]
+    errors.add(:invitation_token, "is invalid") unless valid_tokens.include?(invitation_token)
+  end
 end
diff --git a/app/views/devise/registrations/new.html.erb b/app/views/devise/registrations/new.html.erb
index e910dc3..d751c2b 100644
--- a/app/views/devise/registrations/new.html.erb
+++ b/app/views/devise/registrations/new.html.erb
@@ -22,6 +22,11 @@
     <%= f.password_field :password_confirmation, autocomplete: "new-password" %>
   </div>
 
+  <div class="field">
+    <%= f.label :invitation_token, "Invitation Token" %><br />
+    <%= f.text_field :invitation_token, autocomplete: "off" %>
+  </div>
+
   <div class="actions">
     <%= f.submit "Sign up" %>
   </div>
diff --git a/db/migrate/20241220212328_add_invitation_token_to_users.rb b/db/migrate/20241220212328_add_invitation_token_to_users.rb
new file mode 100644
index 0000000..16fe365
--- /dev/null
+++ b/db/migrate/20241220212328_add_invitation_token_to_users.rb
@@ -0,0 +1,5 @@
+class AddInvitationTokenToUsers < ActiveRecord::Migration[7.1]
+  def change
+    add_column :users, :invitation_token, :string
+  end
+end
diff --git a/db/seeds.rb b/db/seeds.rb
index fac64bc..0a48a36 100644
--- a/db/seeds.rb
+++ b/db/seeds.rb
@@ -61,6 +61,8 @@ end
 %w[tribut Teal hdsjulian Sophie bergpiratin sblsg Max aerowaffle ningwie Senana ToniHDS].each do |username|
   User.find_or_create_by(name: username) do |u|
     u.email = "c3lingo+#{username}@x.moeffju.net"
+    u.invitation_token = "gargamel"
+    u.save!
   end
 end
 
-- 
GitLab