Implement invitation codes

2025-07-19 05:09:38 +02:00 · 2024-02-02 17:49:28 -06:00 · 2024-02-02 17:49:28 -06:00 · b3a792c47d
commit b3a792c47d
parent 533e6690c2
11 changed files with 149 additions and 9 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -37,4 +37,9 @@ class ApplicationController < ActionController::Base
    Current.user = nil
    reset_session
  end
+
+  def hosted_app?
+    ENV["HOSTED"] == "true"
+  end
+  helper_method :hosted_app?
 end
--- a/app/controllers/registrations_controller.rb
+++ b/app/controllers/registrations_controller.rb
@ -1,13 +1,14 @@
 class RegistrationsController < ApplicationController
  layout "auth"

+  before_action :set_user, only: :create
+  before_action :claim_invite_code, only: :create, if: :hosted_app?
+
  def new
    @user = User.new
  end

  def create
-    @user = User.new(user_params)
-
    family = Family.new
    @user.family = family

@ -23,7 +24,17 @@ class RegistrationsController < ApplicationController

  private

+  def set_user
+    @user = User.new user_params.except(:invite_code)
+  end
+
  def user_params
-    params.require(:user).permit(:name, :email, :password, :password_confirmation)
+    params.require(:user).permit(:name, :email, :password, :password_confirmation, :invite_code)
+  end
+
+  def claim_invite_code
+    unless InviteCode.claim! params[:user][:invite_code]
+      redirect_to new_registration_path, alert: "Invalid invite code, please try again."
+    end
  end
 end
--- a/app/models/invite_code.rb
+++ b/app/models/invite_code.rb
@ -0,0 +1,25 @@
+class InviteCode < ApplicationRecord
+  before_validation :generate_token, on: :create
+
+  class << self
+    def claim!(token)
+      if invite_code = find_by(token: token&.downcase)
+        invite_code.destroy!
+        true
+      end
+    end
+
+    def generate!
+      create!.token
+    end
+  end
+
+  private
+
+  def generate_token
+    loop do
+      self.token = SecureRandom.hex(4)
+      break token unless self.class.exists?(token: token)
+    end
+  end
+end
--- a/app/views/layouts/auth.html.erb
+++ b/app/views/layouts/auth.html.erb
@ -18,6 +18,12 @@
  </head>

  <body class="h-full">
+    <% flash.each do |type, msg| %>
+      <div>
+        <%= msg %>
+      </div>
+    <% end %>
+
    <div class="flex flex-col justify-center min-h-full px-6 py-12">

      <div class="sm:mx-auto sm:w-full sm:max-w-md">
--- a/app/views/registrations/new.html.erb
+++ b/app/views/registrations/new.html.erb
@ -24,6 +24,13 @@
    <%= form.password_field :password_confirmation, autocomplete: "new-password", required: 'required', class: 'p-0 mt-1 bg-transparent border-none opacity-50 focus:outline-none focus:ring-0 focus-within:opacity-100 w-full' %>
  </div>

+  <% if hosted_app? %>
+    <div class="bg-offwhite rounded-xl focus-within:bg-white focus-within:shadow focus-within:opacity-100 relative p-4 border border-gray-100">
+      <%= form.label :invite_code, "Invite code", class: 'block text-sm font-medium text-gray-700' %>
+      <%= form.password_field :invite_code, required: 'required', class: 'p-0 mt-1 bg-transparent border-none opacity-50 focus:outline-none focus:ring-0 focus-within:opacity-100 w-full' %>
+    </div>
+  <% end %>
+
  <div>
    <%= form.submit "Continue", class: 'flex justify-center w-full px-4 py-3 text-sm font-medium text-white bg-black rounded-xl hover:bg-black focus:outline-none focus:ring-2 focus:ring-gray-200 shadow' %>
  </div>
--- a/db/migrate/20240202230325_create_invite_codes.rb
+++ b/db/migrate/20240202230325_create_invite_codes.rb
@ -0,0 +1,9 @@
+class CreateInviteCodes < ActiveRecord::Migration[7.2]
+  def change
+    create_table :invite_codes, id: :uuid do |t|
+      t.string :token, null: false
+
+      t.timestamps
+    end
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.

-ActiveRecord::Schema[7.2].define(version: 2024_02_02_015428) do
+ActiveRecord::Schema[7.2].define(version: 2024_02_02_230325) do
  # These are extensions that must be enabled in order to support this database
  enable_extension "pgcrypto"
  enable_extension "plpgsql"
@ -34,6 +34,12 @@ ActiveRecord::Schema[7.2].define(version: 2024_02_02_015428) do
    t.datetime "updated_at", null: false
  end

+  create_table "invite_codes", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
+    t.string "token", null: false
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+  end
+
  create_table "users", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
    t.uuid "family_id", null: false
    t.string "first_name"
--- a/test/controllers/.keep
+++ b/test/controllers/.keep
--- a/test/controllers/registrations_controller_test.rb
+++ b/test/controllers/registrations_controller_test.rb
@ -0,0 +1,46 @@
+require "test_helper"
+
+class RegistrationsControllerTest < ActionDispatch::IntegrationTest
+  test "new" do
+    get new_registration_url
+    assert_response :success
+  end
+
+  test "create" do
+    post registration_url, params: { user: {
+      email: "john@example.com",
+      password: "password",
+      password_confirmation: "password" } }
+
+    assert_redirected_to root_url
+  end
+
+  test "create when hosted requires an invitation code" do
+    ENV["HOSTED"] = "true"
+
+    assert_no_difference "User.count" do
+      post registration_url, params: { user: {
+        email: "john@example.com",
+        password: "password",
+        password_confirmation: "password" } }
+      assert_redirected_to new_registration_url
+
+      post registration_url, params: { user: {
+        email: "john@example.com",
+        password: "password",
+        password_confirmation: "password",
+        invite_code: "foo" } }
+      assert_redirected_to new_registration_url
+    end
+
+    assert_difference "User.count", +1 do
+      post registration_url, params: { user: {
+        email: "john@example.com",
+        password: "password",
+        password_confirmation: "password",
+        invite_code: InviteCode.generate! } }
+    end
+  ensure
+    ENV["HOSTED"] = nil
+  end
+end
--- a/test/models/invite_code_test.rb
+++ b/test/models/invite_code_test.rb
@ -0,0 +1,25 @@
+require "test_helper"
+
+class InviteCodeTest < ActiveSupport::TestCase
+  test "claim! destroys the invitation token" do
+    code = InviteCode.generate!
+
+    assert_difference "InviteCode.count", -1 do
+      InviteCode.claim! code
+    end
+  end
+
+  test "claim! returns true if valid" do
+    assert InviteCode.claim!(InviteCode.generate!)
+  end
+
+  test "claim! is falsy if invalid" do
+    assert_not InviteCode.claim!("invalid")
+  end
+
+  test "generate! creates a new invitation and returns its token" do
+    assert_difference "InviteCode.count", +1 do
+      assert_instance_of String, InviteCode.generate!
+    end
+  end
+end