From 7e0cd47ab44389fb9933345407ad2c2cd2a579b6 Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Mon, 11 Apr 2016 14:10:38 -0700
Subject: allow monitor auth to create users even if invites are normally
 required.

---
 app/controllers/v1/users_controller.rb      |  2 +-
 app/models/account.rb                       | 18 +++++++++++++++---
 app/models/user.rb                          | 17 +++++++++++++++--
 test/functional/v1/users_controller_test.rb |  3 ++-
 test/unit/account_test.rb                   | 17 +++++++++++++++++
 5 files changed, 50 insertions(+), 7 deletions(-)

diff --git a/app/controllers/v1/users_controller.rb b/app/controllers/v1/users_controller.rb
index 8296eb0..6640d10 100644
--- a/app/controllers/v1/users_controller.rb
+++ b/app/controllers/v1/users_controller.rb
@@ -63,7 +63,7 @@ module V1
     # tester auth can only create test users.
     def create_test_account
       if User::is_test?(params[:user][:login])
-        @user = Account.create(params[:user])
+        @user = Account.create(params[:user], :invite_required => false)
         respond_with @user
       else
         head :forbidden
diff --git a/app/models/account.rb b/app/models/account.rb
index a85e56c..7310250 100644
--- a/app/models/account.rb
+++ b/app/models/account.rb
@@ -14,13 +14,26 @@ class Account
     @user = user
   end
 
+  #
+  # Creates a new user, with matching identity record.
+  #
   # Returns the user record so it can be used in views.
-  def self.create(attrs)
+  #
+  # options:
+  #
+  #  :invite_required -- if 'false', will overrides app-wide
+  #                      configuration by same name.
+  #
+  def self.create(attrs, options={})
     identity = nil
     user = nil
     user = User.new(attrs)
+    if options[:invite_required] == false
+      user.ignore_invites!
+    end
     user.save
 
+    # this is not very atomic, but we do the best we can:
     if !user.is_tmp? && user.persisted?
       identity = user.identity
       identity.user_id = user.id
@@ -28,8 +41,7 @@ class Account
       identity.errors.each do |attr, msg|
         user.errors.add(attr, msg)
       end
-
-      if APP_CONFIG[:invite_required]
+      if user.invite_required?
         user_invite_code = InviteCode.find_by_invite_code user.invite_code
         user_invite_code.invite_count += 1
         user_invite_code.save
diff --git a/app/models/user.rb b/app/models/user.rb
index 51e9279..cb093cf 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -43,8 +43,7 @@ class User < CouchRest::Model::Base
     :mx_with_fallback => true
 
 
-  validates_with InviteCodeValidator, on: :create, if: -> {APP_CONFIG[:invite_required]}
-
+  validates_with InviteCodeValidator, :on => :create, :if => :invite_required?
 
   timestamps!
 
@@ -57,6 +56,11 @@ class User < CouchRest::Model::Base
 
   include TemporaryUser # MUST come after designs are defined.
 
+  def initialize(*args)
+    super
+    @invite_required = APP_CONFIG[:invite_required]
+  end
+
   def self.login_starts_with(query)
     self.by_login.startkey(query).endkey(query + "\ufff0")
   end
@@ -113,6 +117,15 @@ class User < CouchRest::Model::Base
     false
   end
 
+  def invite_required?
+    @invite_required
+  end
+
+  # should only be called for testing or monitoring purposes
+  def ignore_invites!
+    @invite_required = false
+  end
+
   def most_recent_tickets(count=3)
     Ticket.for_user(self).limit(count).all #defaults to having most recent updated first
   end
diff --git a/test/functional/v1/users_controller_test.rb b/test/functional/v1/users_controller_test.rb
index 7afbb02..df59c4d 100644
--- a/test/functional/v1/users_controller_test.rb
+++ b/test/functional/v1/users_controller_test.rb
@@ -102,7 +102,8 @@ class V1::UsersControllerTest < ActionController::TestCase
   end
 
   test "api monitor auth can create and destroy test users" do
-    with_config(allow_registration: false) do
+    # should work even with registration off and/or invites required
+    with_config(allow_registration: false, invite_required: true) do
       monitor_auth do
         user_attribs = record_attributes_for :test_user
         post :create, :user => user_attribs, :format => :json
diff --git a/test/unit/account_test.rb b/test/unit/account_test.rb
index 9680b33..d56541a 100644
--- a/test/unit/account_test.rb
+++ b/test/unit/account_test.rb
@@ -21,6 +21,23 @@ class AccountTest < ActiveSupport::TestCase
     user.account.destroy
   end
 
+  test "fail to create account without invite" do
+    with_config invite_required: true do
+      user = Account.create(FactoryGirl.attributes_for(:user))
+      assert !user.valid?, "user should not be valid"
+      assert !user.persisted?, "user should not have been saved"
+    end
+  end
+
+  test "allow invite_required override" do
+    with_config invite_required: true do
+      user = Account.create(FactoryGirl.attributes_for(:user), :invite_required => false)
+      assert user.valid?, "unexpected errors: #{user.errors.inspect}"
+      assert user.persisted?, "user should have been saved"
+      user.account.destroy
+    end
+  end
+
   test "create a new account" do
     with_config invite_required: false do
       user = Account.create(FactoryGirl.attributes_for(:user))
-- 
cgit v1.2.3