Silently fail if user tries to sneak in

When 'invite only' is enabled, there's no way for a user to create an account unless they try and sneak in by POSTing to /users/. We will silently fail if this happens.
2025-05-21 18:12:32 +08:00 · 2013-06-05 11:08:21 -07:00
parent 8f14e46964
commit d432798ff8
2 changed files with 28 additions and 10 deletions
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@ -426,6 +426,19 @@ describe UsersController do
      it_should_behave_like 'honeypot fails'
    end

+    context "when 'invite only' setting is enabled" do
+      before { SiteSetting.expects(:invite_only?).returns(true) }
+
+      let(:create_params) {{
+        name: @user.name,
+        username: @user.username,
+        password: 'strongpassword',
+        email: @user.email
+      }}
+
+      it_should_behave_like 'honeypot fails'
+    end
+
    shared_examples_for 'failed signup' do
      it 'should not create a new User' do
        expect { xhr :post, :create, create_params }.to_not change { User.count }