MM-9779: Incorporate a Token into the invitations system (#8604)

* Incorporate a Token into the invitations system

* Adding unit tests

* Fixing some api4 client tests

* Removing unnecesary hash validation

* Change the Hash concept on invitations with tokenId

* Not send invitation if it wasn't able to create the Token

* Fixing some naming problems

* Changing the hash query params received from the client side

* Removed unneded data param in the token usage

1 files changed, 10 insertions, 6 deletions

diff --git a/api/user_test.go b/api/user_test.go
index 518379305..05ec0e096 100644
--- a/api/user_test.go
+++ b/api/user_test.go
@@ -5,7 +5,6 @@ package api
 
 import (
 	"bytes"
-	"fmt"
 	"image"
 	"image/color"
 	"io"
@@ -176,21 +175,26 @@ func TestLogin(t *testing.T) {
 		t.Fatal("Should have errored, signed up without hashed email")
 	}
 
+	token := model.NewToken(
+		app.TOKEN_TYPE_TEAM_INVITATION,
+		model.MapToJson(map[string]string{"teamId": rteam2.Data.(*model.Team).Id, "email": user2.Email}),
+	)
+	<-th.App.Srv.Store.Token().Save(token)
 	props := make(map[string]string)
 	props["email"] = user2.Email
-	props["id"] = rteam2.Data.(*model.Team).Id
 	props["display_name"] = rteam2.Data.(*model.Team).DisplayName
-	props["time"] = fmt.Sprintf("%v", model.GetMillis())
 	data := model.MapToJson(props)
-	hash := utils.HashSha256(fmt.Sprintf("%v:%v", data, th.App.Config().EmailSettings.InviteSalt))
 
-	ruser2, err := Client.CreateUserFromSignup(&user2, data, hash)
+	ruser2, err := Client.CreateUserFromSignup(&user2, data, token.Token)
 	if err != nil {
 		t.Fatal(err)
 	}
+	if result := <-th.App.Srv.Store.Token().GetByToken(token.Token); result.Err == nil {
+		t.Fatal("The token must be deleted after be used")
+	}
 
 	if _, err := Client.Login(ruser2.Data.(*model.User).Email, user2.Password); err != nil {
-		t.Fatal("From verified hash")
+		t.Fatal("From verified token")
 	}
 
 	Client.AuthToken = authToken