From bfa301bd7b9546dc6eab96b23209e82dafb5c559 Mon Sep 17 00:00:00 2001
From: Dan Ungureanu <dan@ungureanu.me>
Date: Thu, 15 Apr 2021 15:23:49 +0300
Subject: [PATCH] FIX: Show invite validation errors to users (#12717)

The server used to respond with a generic 'error, contact admin' message
which did not offer any hint what the error was. This happened even when
the error could be easily corrected by the user (for example, if they
chose a very common password).
---
 app/controllers/invites_controller.rb    | 4 +---
 config/locales/server.en.yml             | 1 -
 spec/requests/invites_controller_spec.rb | 1 -
 3 files changed, 1 insertion(+), 5 deletions(-)

diff --git a/app/controllers/invites_controller.rb b/app/controllers/invites_controller.rb
index 9caa9a1beb2..b7cf7b33fe1 100644
--- a/app/controllers/invites_controller.rb
+++ b/app/controllers/invites_controller.rb
@@ -228,9 +228,7 @@ class InvitesController < ApplicationController
         end
 
         user = invite.redeem(**attrs)
-      rescue ActiveRecord::RecordInvalid, ActiveRecord::RecordNotSaved => e
-        return render json: failed_json.merge(errors: e.record&.errors&.to_hash, message: I18n.t('invite.error_message')), status: 412
-      rescue Invite::UserExists => e
+      rescue ActiveRecord::RecordInvalid, ActiveRecord::RecordNotSaved, Invite::UserExists => e
         return render json: failed_json.merge(message: e.message), status: 412
       end
 
diff --git a/config/locales/server.en.yml b/config/locales/server.en.yml
index b17c72222b6..5d94936bd84 100644
--- a/config/locales/server.en.yml
+++ b/config/locales/server.en.yml
@@ -239,7 +239,6 @@ en:
       <p>Otherwise please <a href="%{base_url}/password-reset">Reset Password</a>.</p>
     not_found_template_link: |
       <p>The invitation to <a href="%{base_url}">%{site_name}</a> can no longer be redeemed. Please ask the person who invited you to send you a new invitation.</p>
-    error_message: "There was an error accepting invite. Please contact the site's administrator."
     user_exists: "There's no need to invite <b>%{email}</b>, they <a href='%{base_path}/u/%{username}/summary'>already have an account!</a>"
     invalid_email: "%{email} isn't a valid email address."
     confirm_email: "<p>You’re almost done! We sent an activation mail to your email address. Please follow the instructions in the mail to activate your account.</p><p>If it doesn’t arrive, check your spam folder.</p>"
diff --git a/spec/requests/invites_controller_spec.rb b/spec/requests/invites_controller_spec.rb
index f2001d53097..66840107057 100644
--- a/spec/requests/invites_controller_spec.rb
+++ b/spec/requests/invites_controller_spec.rb
@@ -443,7 +443,6 @@ describe InvitesController do
       it 'does not log in the user if there are validation errors' do
         put "/invites/show/#{invite.invite_key}.json", params: { password: 'password' }
         expect(response.status).to eq(412)
-        expect(response.parsed_body['errors']['password']).to be_present
       end
 
       it 'fails when local login is disabled and no external auth is configured' do