From a68031179bef1cfd17dea20049c5721a86713673 Mon Sep 17 00:00:00 2001
From: MrZYX <pr0fkill@gmail.com>
Date: Sun, 22 May 2011 14:48:07 +0200
Subject: [PATCH] prevent inviting yourself, #515

---
 app/controllers/invitations_controller.rb       | 11 +++++++++++
 config/locales/diaspora/en.yml                  |  3 ++-
 spec/controllers/invitations_controller_spec.rb |  9 +++++++++
 3 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/app/controllers/invitations_controller.rb b/app/controllers/invitations_controller.rb
index b5476a3f0..15cee4ece 100644
--- a/app/controllers/invitations_controller.rb
+++ b/app/controllers/invitations_controller.rb
@@ -23,6 +23,17 @@ class InvitationsController < Devise::InvitationsController
 
       good_emails, bad_emails = emails.partition{|e| e.try(:match, Devise.email_regexp)}
 
+      if good_emails.include?(current_user.email)
+        if good_emails.length == 1
+          flash[:error] = I18n.t 'invitations.create.own_address'
+          redirect_to :back
+          return
+        else
+          bad_emails.push(current_user.email)
+          good_emails.delete(current_user.email)
+        end
+      end
+
       good_emails.each{|e| Resque.enqueue(Job::InviteUserByEmail, current_user.id, e, aspect, message)}
 
       if bad_emails.any?
diff --git a/config/locales/diaspora/en.yml b/config/locales/diaspora/en.yml
index b29484649..dc3b552d7 100644
--- a/config/locales/diaspora/en.yml
+++ b/config/locales/diaspora/en.yml
@@ -238,7 +238,8 @@ en:
       rejected: "The following email addresses had problems: "
       no_more: "You have no more invitations."
       already_sent: "You already invited this person."
-      already_contacts: "You are already connected with this person" 
+      already_contacts: "You are already connected with this person"
+      own_address: "You can't send an invitation to your own address."
     new:
       invite_someone_to_join: "Invite someone to join Diaspora!"
       if_they_accept_info: "if they accept, they will be added to the aspect you invited them."
diff --git a/spec/controllers/invitations_controller_spec.rb b/spec/controllers/invitations_controller_spec.rb
index 0be7b0c10..920290a1b 100644
--- a/spec/controllers/invitations_controller_spec.rb
+++ b/spec/controllers/invitations_controller_spec.rb
@@ -61,6 +61,15 @@ describe InvitationsController do
       post :create, :user => @invite
       response.should redirect_to("http://test.host/cats/foo")
     end
+    
+    it 'strips out your own email' do
+      lambda {
+        post :create, :user => @invite.merge(:email => @user.email)
+      }.should_not change(User, :count)
+      
+      Resque.should_receive(:enqueue).once
+      post :create, :user => @invite.merge(:email => "hello@example.org, #{@user.email}")
+    end
   end
 
   describe "#update" do