diff options
| author | Jonathan <jonfritz@gmail.com> | 2018-02-12 09:16:17 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-02-12 09:16:17 -0500 |
| commit | 9707ac3aaf2cb4352c573aadf54b8535e237dd9e (patch) | |
| tree | 9f8986f88f8e2fb51135fb5ca918651d087709f9 /app/team.go | |
| parent | c1b6e8792c9f91c66c35737438c20757ef43066f (diff) | |
| download | chat-9707ac3aaf2cb4352c573aadf54b8535e237dd9e.tar.gz chat-9707ac3aaf2cb4352c573aadf54b8535e237dd9e.tar.bz2 chat-9707ac3aaf2cb4352c573aadf54b8535e237dd9e.zip | |
Added invite_id field to email invite url, along with validation of this field on the server (#8235)
Diffstat (limited to 'app/team.go')
| -rw-r--r-- | app/team.go | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/app/team.go b/app/team.go index 21b8e5879..8e8c29e2a 100644 --- a/app/team.go +++ b/app/team.go @@ -234,6 +234,11 @@ func (a *App) AddUserToTeamByHash(userId string, hash string, data string) (*mod team = result.Data.(*model.Team) } + // verify that the team's invite id hasn't been changed since the invite was sent + if team.InviteId != props["invite_id"] { + return nil, model.NewAppError("JoinUserToTeamByHash", "api.user.create_user.signup_link_mismatched_invite_id.app_error", nil, "", http.StatusBadRequest) + } + var user *model.User if result := <-uchan; result.Err != nil { return nil, result.Err |