prevent inviting yourself, #515

app/controllers/invitations_controller.rb

@@ -23,6 +23,17 @@ class InvitationsController < Devise::InvitationsController
 
       good_emails, bad_emails = emails.partition{|e| e.try(:match, Devise.email_regexp)}
 
+      if good_emails.include?(current_user.email)
+        if good_emails.length == 1
+          flash[:error] = I18n.t 'invitations.create.own_address'
+          redirect_to :back
+          return
+        else
+          bad_emails.push(current_user.email)
+          good_emails.delete(current_user.email)
+        end
+      end
+
       good_emails.each{|e| Resque.enqueue(Job::InviteUserByEmail, current_user.id, e, aspect, message)}
 
       if bad_emails.any?

config/locales/diaspora/en.yml

@@ -239,6 +239,7 @@ en:
       no_more: "You have no more invitations."
       already_sent: "You already invited this person."
       already_contacts: "You are already connected with this person"
+      own_address: "You can't send an invitation to your own address."
     new:
       invite_someone_to_join: "Invite someone to join Diaspora!"
       if_they_accept_info: "if they accept, they will be added to the aspect you invited them."

spec/controllers/invitations_controller_spec.rb

@@ -61,6 +61,15 @@ describe InvitationsController do
       post :create, :user => @invite
       response.should redirect_to("http://test.host/cats/foo")
     end
+    
+    it 'strips out your own email' do
+      lambda {
+        post :create, :user => @invite.merge(:email => @user.email)
+      }.should_not change(User, :count)
+      
+      Resque.should_receive(:enqueue).once
+      post :create, :user => @invite.merge(:email => "hello@example.org, #{@user.email}")
+    end
   end
 
   describe "#update" do