Handle allyship for invalid invitations

app/controllers/users/invitations_controller.rb

@@ -16,6 +16,36 @@ def create
       redirect_to new_user_invitation_path
     end
 
+    # PUT /resource/invitation
+    # rubocop:disable MethodLength
+    def update
+      raw_invitation_token = update_resource_params[:invitation_token]
+      self.resource = accept_resource
+      invitation_accepted = resource.errors.empty?
+
+      yield resource if block_given?
+
+      if invitation_accepted
+        AllyshipCreator.perform(ally_id: resource.id,
+                                current_user: resource.invited_by)
+        if resource.class.allow_insecure_sign_in_after_accept
+          # rubocop:disable LineLength
+          flash_message = resource.active_for_authentication? ? :updated : :updated_not_active
+          # rubocop:enable LineLength
+          set_flash_message :notice, flash_message if is_flashing_format?
+          sign_in(resource_name, resource)
+          respond_with resource, location: after_accept_path_for(resource)
+        else
+          set_flash_message :notice, :updated_not_active if is_flashing_format?
+          respond_with resource, location: new_session_path(resource_name)
+        end
+      else
+        resource.invitation_token = raw_invitation_token
+        respond_with_navigational(resource) { render :edit }
+      end
+    end
+    # rubocop:enable MethodLength
+
     private
 
     def invitation_flash_messages(invites, fails)
@@ -42,19 +72,5 @@ def get_status(has_invites)
     def get_message(has_invites)
       has_invites ? :send_instructions : :failed_send
     end
-
-    def accept_resource
-      invitation_token = update_resource_params[:invitation_token]
-      # rubocop:disable Rails/DynamicFindBy
-      # Disabling this Rubocop check because
-      # find_by_invitation_token is a custom method on Devise::Invitable
-      # and not a shortcut for find_by + invitation_token
-      invitee = User.find_by_invitation_token(invitation_token, true)
-      # rubocop:enable Rails/DynamicFindBy
-      inviter = invitee.invited_by
-      AllyshipCreator.perform(ally_id: invitee.id,
-                              current_user: inviter)
-      resource_class.accept_invitation!(update_resource_params)
-    end
   end
 end

db/migrate/20190419023259_replace_empty_name_with_email.rb

@@ -0,0 +1,13 @@
+class ReplaceEmptyNameWithEmail < ActiveRecord::Migration[5.2]
+  def up
+    User.find_each do |user|
+      if user.name.blank? && !user.email.blank?
+        user.name = user.email
+        user.save!
+      end
+    end
+  end
+
+  def down
+  end
+end

db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 2019_03_16_160238) do
+ActiveRecord::Schema.define(version: 2019_04_19_023259) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"

spec/controllers/users/invitations_controller_spec.rb

@@ -65,7 +65,7 @@
       end
 
       context 'when invalid params are given' do
-        let(:invalid_invite) { post :create, params: { user: { email: invalid_email.to_s } } }
+        let(:invalid_invite) { post :create, params: { user: { email: invalid_email } } }
 
         it 're-renders the invitation form' do
           invalid_invite
@@ -104,18 +104,50 @@
   end
 
   describe '#update' do
-    context 'when a user is signed in' do
-      include_context :logged_in_user
-      let(:password) { 'passworD@99' }
+    include_context :logged_in_user
+    let(:password) { 'passworD@99' }
+
+    before(:each) do
+      invite_one_friend
+    end
+
+    context 'when valid params are given' do
+      let(:name) { 'New Person' }
 
       it 'creates allyship with pending_from_ally status when a user accepts an invitation' do
-        invite_one_friend
         User.stub(:find_by_invitation_token) do
           User.last
         end
-        allow_any_instance_of(::Users::InvitationsController).to receive(:update_resource_params).and_return({ invitation_token: User.last.invitation_token })
-        put :update, params: { name: 'New Person', password: password, password_confirmation: password, invitation_token: User.last.invitation_token }
+        update_params = { name: name, password: password, password_confirmation: password, invitation_token: User.last.invitation_token }
+        allow_any_instance_of(::Users::InvitationsController).to receive(:update_resource_params).and_return(update_params)
+        put :update, params: update_params
         expect(user.allies_by_status(:pending_from_ally).first).to eq(User.last)
+        expect(response).to have_http_status(302)
+      end
+    end
+
+    context 'when invalid params are given' do
+      it 'does not create an allyship' do
+        User.stub(:find_by_invitation_token) do
+          User.last
+        end
+        allow_any_instance_of(::Users::InvitationsController).to receive(:update_resource_params).and_return({})
+        put :update, params: {}
+        expect(user.allies_by_status(:pending_from_ally).length).to eq(0)
+        expect(response).to have_http_status(200)
+      end
+    end
+
+    context 'when both valid and invalid params are given' do
+      it 'does not create an allyship' do
+        User.stub(:find_by_invitation_token) do
+          User.last
+        end
+        update_params = { password: password, password_confirmation: password, invitation_token: User.last.invitation_token }
+        allow_any_instance_of(::Users::InvitationsController).to receive(:update_resource_params).and_return(update_params)
+        put :update, params: update_params
+        expect(user.allies_by_status(:pending_from_ally).length).to eq(0)
+        expect(response).to have_http_status(200)
       end
     end
   end