FIX: Check if invite has expired before showing it (#10581)

FIX: Check if invite has expired before showing it (#10581)

diff --git a/app/controllers/invites_controller.rb b/app/controllers/invites_controller.rb
index 6c5e2c4..ed8255e 100644
--- a/app/controllers/invites_controller.rb
+++ b/app/controllers/invites_controller.rb
@@ -19,7 +19,7 @@ class InvitesController < ApplicationController
 
     invite = Invite.find_by(invite_key: params[:id])
 
-    if invite.present?
+    if invite.present? && !invite.expired?
       if !invite.redeemed?
         store_preloaded("invite_info", MultiJson.dump(
           invited_by: UserNameSerializer.new(invite.invited_by, scope: guardian, root: false),
diff --git a/spec/requests/invites_controller_spec.rb b/spec/requests/invites_controller_spec.rb
index 1b21baf..031ed10 100644
--- a/spec/requests/invites_controller_spec.rb
+++ b/spec/requests/invites_controller_spec.rb
@@ -20,6 +20,18 @@ describe InvitesController do
       expect(CGI.unescapeHTML(body)).to include(I18n.t('invite.not_found', base_url: Discourse.base_url))
     end
 
+    it "returns error if invite expired" do
+      invite.update(expires_at: 1.day.ago)
+
+      get "/invites/#{invite.invite_key}"
+
+      expect(response.status).to eq(200)
+
+      body = response.body
+      expect(body).to_not have_tag(:script, with: { src: '/assets/application.js' })
+      expect(CGI.unescapeHTML(body)).to include(I18n.t('invite.not_found', base_url: Discourse.base_url))
+    end
+
     it "renders the accept invite page if invite exists" do
       get "/invites/#{invite.invite_key}"
 

GitHub sha: ef68e111

1 Like

This commit appears in #10581 which was merged by udan11.