Hinweis, wenn Einladung für anderen Nutzer #328

2026-03-13 00:07:22 +00:00 · 2021-11-05 15:54:55 +01:00 · 2021-11-05 15:54:55 +01:00 · 431a4f6bd3
commit 431a4f6bd3
parent d77dfcf313
3 changed files with 44 additions and 22 deletions
--- a/project/views/utils.py
+++ b/project/views/utils.py
@ -249,6 +249,17 @@ def get_calendar_links(event_date: EventDate) -> dict:
 def get_invitation_access_result(email: str):
    from project.services.user import find_user_by_email

+    # Wenn der aktuelle Nutzer nicht der Empfänger der Einladung ist, Meldung ausgeben
+    if current_user.is_authenticated and not strings_are_equal_ignoring_case(
+        email, current_user.email
+    ):
+        return permission_missing(
+            url_for("profile"),
+            gettext(
+                "The invitation was issued to another user. Sign in with the email address the invitation was sent to."
+            ),
+        )
+
    # Wenn Email nicht als Nutzer vorhanden, dann direkt zu Registrierung
    if not find_user_by_email(email):
        return redirect(url_for("security.register"))
@ -257,13 +268,4 @@ def get_invitation_access_result(email: str):
    if not current_user.is_authenticated:
        return app.login_manager.unauthorized()

-    # Wenn der aktuelle Nutzer nicht der Empfänger der Einladung ist, Meldung ausgeben
-    if not strings_are_equal_ignoring_case(email, current_user.email):
-        return permission_missing(
-            url_for("profile"),
-            gettext(
-                "The invitation was issued to another user. Sign in with the email address the invitation was sent to."
-            ),
-        )
-
    return None
--- a/tests/views/test_admin_unit_member_invitation.py
+++ b/tests/views/test_admin_unit_member_invitation.py
@ -1,3 +1,6 @@
+import pytest
+
+
 def test_create(client, app, utils, seeder, mocker):
    seeder.create_user()
    user_id = utils.login()
@ -200,8 +203,7 @@ def test_read_db_error(client, app, utils, seeder, mocker):


 def test_read_new_member_not_registered(client, app, utils, seeder):
-    seeder.create_user()
-    user_id = utils.login()
+    user_id = seeder.create_user()
    admin_unit_id = seeder.create_admin_unit(user_id, "Meine Crew")
    email = "new@member.de"

@ -228,20 +230,28 @@ def test_read_new_member_not_authenticated(client, app, utils, seeder):
    assert response.headers["Location"].startswith("http://localhost/login")


-def test_read_currentUserDoesNotMatchInvitationEmail(client, app, db, utils, seeder):
+@pytest.mark.parametrize("user_exists", [True, False])
+def test_read_currentUserDoesNotMatchInvitationEmail(
+    client, app, db, utils, seeder, user_exists
+):
    user_id = seeder.create_user()
    utils.login()
    admin_unit_id = seeder.create_admin_unit(user_id, "Meine Crew")

    email = "new@member.de"
-    seeder.create_user(email)
-
    invitation_id = seeder.create_invitation(admin_unit_id, email)

+    if user_exists:
+        seeder.create_user(email)
+
    url = "/invitations/%d" % invitation_id
-    response = client.get(url)
-    assert response.status_code == 302
-    assert response.headers["Location"] == "http://localhost/profile"
+    environ, response = client.get(url, follow_redirects=True, as_tuple=True)
+
+    assert environ["REQUEST_URI"] == "/profile"
+    utils.assert_response_ok(response)
+    utils.assert_response_contains(
+        response, "Die Einladung wurde für einen anderen Nutzer ausgestellt."
+    )


 def test_delete(client, app, utils, seeder):
--- a/tests/views/test_user.py
+++ b/tests/views/test_user.py
@ -1,3 +1,6 @@
+import pytest
+
+
 def test_profile(client, seeder, utils):
    user_id, admin_unit_id = seeder.setup_base()
    seeder.create_event(admin_unit_id)
@ -26,17 +29,24 @@ def test_organization_invitation_not_authenticated(client, app, utils, seeder):
    assert response.headers["Location"].startswith("http://localhost/login")


+@pytest.mark.parametrize("user_exists", [True, False])
 def test_organization_invitation_currentUserDoesNotMatchInvitationEmail(
-    client, app, db, utils, seeder
+    client, app, db, utils, seeder, user_exists
 ):
    _, admin_unit_id = seeder.setup_base()
    invitation_id = seeder.create_admin_unit_invitation(admin_unit_id)

-    seeder.create_user("invited@test.de")
+    if user_exists:
+        seeder.create_user("invited@test.de")
+
    url = utils.get_url("user_organization_invitation", id=invitation_id)
-    response = client.get(url)
-    assert response.status_code == 302
-    assert response.headers["Location"] == "http://localhost/profile"
+    environ, response = client.get(url, follow_redirects=True, as_tuple=True)
+
+    assert environ["REQUEST_URI"] == "/profile"
+    utils.assert_response_ok(response)
+    utils.assert_response_contains(
+        response, "Die Einladung wurde für einen anderen Nutzer ausgestellt."
+    )


 def test_organization_invitation_list(client, seeder, utils):