(r *http.Request, tx *storage.Connection, userData *provider.UserProvidedData, inviteToken, providerType string)
| 447 | } |
| 448 | |
| 449 | func (a *API) processInvite(r *http.Request, tx *storage.Connection, userData *provider.UserProvidedData, inviteToken, providerType string) (*models.User, error) { |
| 450 | config := a.config |
| 451 | |
| 452 | user, err := models.FindUserByConfirmationToken(tx, inviteToken) |
| 453 | if err != nil { |
| 454 | if models.IsNotFoundError(err) { |
| 455 | return nil, apierrors.NewNotFoundError(apierrors.ErrorCodeInviteNotFound, "Invite not found") |
| 456 | } |
| 457 | return nil, apierrors.NewInternalServerError("Database error finding user").WithInternalError(err) |
| 458 | } |
| 459 | |
| 460 | var emailData *provider.Email |
| 461 | var emails []string |
| 462 | for i, e := range userData.Emails { |
| 463 | emails = append(emails, e.Email) |
| 464 | if user.GetEmail() == e.Email { |
| 465 | emailData = &userData.Emails[i] |
| 466 | break |
| 467 | } |
| 468 | } |
| 469 | |
| 470 | if emailData == nil { |
| 471 | return nil, apierrors.NewBadRequestError(apierrors.ErrorCodeValidationFailed, "Invited email does not match emails from external provider").WithInternalMessage("invited=%s external=%s", user.Email, strings.Join(emails, ", ")) |
| 472 | } |
| 473 | |
| 474 | var identityData map[string]interface{} |
| 475 | if userData.Metadata != nil { |
| 476 | identityData = structs.Map(userData.Metadata) |
| 477 | } |
| 478 | identity, err := a.createNewIdentity(tx, user, providerType, identityData) |
| 479 | if err != nil { |
| 480 | return nil, err |
| 481 | } |
| 482 | if err := user.UpdateAppMetaData(tx, map[string]interface{}{ |
| 483 | "provider": providerType, |
| 484 | }); err != nil { |
| 485 | return nil, err |
| 486 | } |
| 487 | if err := user.UpdateAppMetaDataProviders(tx); err != nil { |
| 488 | return nil, err |
| 489 | } |
| 490 | if err := user.UpdateUserMetaData(tx, identityData); err != nil { |
| 491 | return nil, apierrors.NewInternalServerError("Database error updating user").WithInternalError(err) |
| 492 | } |
| 493 | |
| 494 | if err := models.NewAuditLogEntry(config.AuditLog, r, tx, user, models.InviteAcceptedAction, "", map[string]interface{}{ |
| 495 | "provider": providerType, |
| 496 | }); err != nil { |
| 497 | return nil, err |
| 498 | } |
| 499 | |
| 500 | // an account with a previously unconfirmed email + password |
| 501 | // combination or phone may exist. so now that there is an |
| 502 | // OAuth identity bound to this user, and since they have not |
| 503 | // confirmed their email or phone, they are unaware that a |
| 504 | // potentially malicious door exists into their account; thus |
| 505 | // the password and phone needs to be removed. |
| 506 | if err := user.RemoveUnconfirmedIdentities(tx, identity); err != nil { |
no test coverage detected