Ensure that invitation_token/invitation_accepted_at fields are roll…

…ed back on a failed `accept`, otherwise the user is left in a state where `invitation_accepted?` is true, but the user is invalid. This issue was exposed by the recent fix that set `@accepting_invitation` to false after finishing accepting.
dustinleeee · May 23, 2018 · 81dd92b · 81dd92b
1 parent bb25eec
commit 81dd92b
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 1 deletion.
diff --git a/lib/devise_invitable/models.rb b/lib/devise_invitable/models.rb
@@ -97,7 +97,10 @@ def accept_invitation!
             self.accept_invitation
             self.confirmed_at = self.invitation_accepted_at if self.respond_to?(:confirmed_at=)
             self.save
-          end.tap { @accepting_invitation = false }
+          end.tap do |saved|
+            self.restore_attributes([:invitation_token, :invitation_accepted_at, :confirmed_at]) if !saved
+            @accepting_invitation = false
+          end
         end
       end
 

diff --git a/test/models/invitable_test.rb b/test/models/invitable_test.rb
@@ -228,9 +228,13 @@ def setup
     assert user.invitation_token.present?
     assert_nil user.invitation_accepted_at
     user.accept_invitation!
+    assert_nil user.invitation_token
+    assert user.invitation_accepted_at.present?
+    assert user.invitation_accepted?
     user.reload
     assert_nil user.invitation_token
     assert user.invitation_accepted_at.present?
+    assert user.invitation_accepted?
   end
 
   test 'should not clear invitation token or set accepted_at if record is invalid' do
@@ -245,6 +249,17 @@ def setup
     assert_nil user.invitation_accepted_at
   end
 
+  test 'should not require reloading if invalid' do
+    user = User.invite!(:email => "[email protected]")
+    assert user.invitation_token.present?
+    assert_nil user.invitation_accepted_at
+    user.attributes = { :password => '123456789', :password_confirmation => '987654321' }
+    user.accept_invitation!
+    assert user.invitation_token.present?
+    assert_nil user.invitation_accepted_at
+    assert !user.invitation_accepted?
+  end
+
   test 'should clear invitation token while resetting the password' do
     user = User.invite!(:email => "[email protected]")
     assert user.invited_to_sign_up?