fixed a potentially bad bug with nil invite tokens

2010-12-04 16:13:44 -08:00 · 2010-12-04 16:13:44 -08:00 · b300adbef5
commit b300adbef5
parent 4c3de52f68
2 changed files with 6 additions and 4 deletions
--- a/app/controllers/invitations_controller.rb
+++ b/app/controllers/invitations_controller.rb
@ -32,13 +32,15 @@ class InvitationsController < Devise::InvitationsController

  def update
    begin
-      puts "foobar"
-      puts params.inspect
+      invitation_token = params[:user][:invitation_token]
+      if invitation_token.nil? || invitation_token.blank?
+        raise "Invalid Invite Token"
+      end
      user = User.find_by_invitation_token(params[:user][:invitation_token])
      puts user.inspect
      user.seed_aspects
      user.accept_invitation!(params[:user])
-    rescue MongoMapper::DocumentNotValid => e
+    rescue Exception => e
      user = nil
      flash[:error] = e.message
    end
--- a/app/views/invitations/edit.html.haml
+++ b/app/views/invitations/edit.html.haml
@ -19,8 +19,8 @@
      %p
        = f.label :password_confirmation , t('password_confirmation')
        = f.password_field :password_confirmation, :title => t('registrations.new.enter_password_again') 
-        = f.hidden_field :invitation_token

      = f.submit t('registrations.new.sign_up')
+      %br
      = render :partial => "devise/shared/links"