FEATURE: Reduce invite key length (#12692)

FEATURE: Reduce invite key length (#12692)

We used to generate invite keys that were 32-characters long which were not very friendly and lead to very long links. This commit changes the generation method to use almost all alphanumeric characters to produce a 10-character long invite key.

This commit also introduces a rate limit for redeeming invites because the probability of guessing an invite key has increased.

diff --git a/app/controllers/invites_controller.rb b/app/controllers/invites_controller.rb
index 1a86eb6..cd1a25a 100644
--- a/app/controllers/invites_controller.rb
+++ b/app/controllers/invites_controller.rb
@@ -17,6 +17,8 @@ class InvitesController < ApplicationController
   def show
     expires_now
 
+    RateLimiter.new(nil, "invites-show-#{request.remote_ip}", 100, 1.minute).performed!
+
     invite = Invite.find_by(invite_key: params[:id])
     if invite.present? && invite.redeemable?
       email = Email.obfuscate(invite.email)
@@ -63,6 +65,9 @@ class InvitesController < ApplicationController
 
       render layout: 'no_ember'
     end
+  rescue RateLimiter::LimitExceeded => e
+    flash.now[:error] = e.description
+    render layout: 'no_ember'
   end
 
   def create
diff --git a/app/models/invite.rb b/app/models/invite.rb
index 7618163..04ce130 100644
--- a/app/models/invite.rb
+++ b/app/models/invite.rb
@@ -35,7 +35,7 @@ class Invite < ActiveRecord::Base
   validate :user_doesnt_already_exist
 
   before_create do
-    self.invite_key ||= SecureRandom.hex
+    self.invite_key ||= SecureRandom.base58(10)
     self.expires_at ||= SiteSetting.invite_expiry_days.days.from_now
   end
 

GitHub sha: 8c24a848

This commit appears in #12692 which was approved by ZogStriP. It was merged by udan11.