MCPcopy Index your code
hub / github.com/supabase/auth / processInvite

Method processInvite

internal/api/external.go:449–515  ·  view source on GitHub ↗
(r *http.Request, tx *storage.Connection, userData *provider.UserProvidedData, inviteToken, providerType string)

Source from the content-addressed store, hash-verified

447}
448
449func (a *API) processInvite(r *http.Request, tx *storage.Connection, userData *provider.UserProvidedData, inviteToken, providerType string) (*models.User, error) {
450 config := a.config
451
452 user, err := models.FindUserByConfirmationToken(tx, inviteToken)
453 if err != nil {
454 if models.IsNotFoundError(err) {
455 return nil, apierrors.NewNotFoundError(apierrors.ErrorCodeInviteNotFound, "Invite not found")
456 }
457 return nil, apierrors.NewInternalServerError("Database error finding user").WithInternalError(err)
458 }
459
460 var emailData *provider.Email
461 var emails []string
462 for i, e := range userData.Emails {
463 emails = append(emails, e.Email)
464 if user.GetEmail() == e.Email {
465 emailData = &userData.Emails[i]
466 break
467 }
468 }
469
470 if emailData == nil {
471 return nil, apierrors.NewBadRequestError(apierrors.ErrorCodeValidationFailed, "Invited email does not match emails from external provider").WithInternalMessage("invited=%s external=%s", user.Email, strings.Join(emails, ", "))
472 }
473
474 var identityData map[string]interface{}
475 if userData.Metadata != nil {
476 identityData = structs.Map(userData.Metadata)
477 }
478 identity, err := a.createNewIdentity(tx, user, providerType, identityData)
479 if err != nil {
480 return nil, err
481 }
482 if err := user.UpdateAppMetaData(tx, map[string]interface{}{
483 "provider": providerType,
484 }); err != nil {
485 return nil, err
486 }
487 if err := user.UpdateAppMetaDataProviders(tx); err != nil {
488 return nil, err
489 }
490 if err := user.UpdateUserMetaData(tx, identityData); err != nil {
491 return nil, apierrors.NewInternalServerError("Database error updating user").WithInternalError(err)
492 }
493
494 if err := models.NewAuditLogEntry(config.AuditLog, r, tx, user, models.InviteAcceptedAction, "", map[string]interface{}{
495 "provider": providerType,
496 }); err != nil {
497 return nil, err
498 }
499
500 // an account with a previously unconfirmed email + password
501 // combination or phone may exist. so now that there is an
502 // OAuth identity bound to this user, and since they have not
503 // confirmed their email or phone, they are unaware that a
504 // potentially malicious door exists into their account; thus
505 // the password and phone needs to be removed.
506 if err := user.RemoveUnconfirmedIdentities(tx, identity); err != nil {

Callers 1

Calls 15

createNewIdentityMethod · 0.95
IsNotFoundErrorFunction · 0.92
NewNotFoundErrorFunction · 0.92
NewInternalServerErrorFunction · 0.92
NewBadRequestErrorFunction · 0.92
NewAuditLogEntryFunction · 0.92
UpdateAppMetaDataMethod · 0.80
UpdateUserMetaDataMethod · 0.80
ConfirmMethod · 0.80

Tested by

no test coverage detected