improve admin invite (#5403)

* check for admin invite * refactor the invitation logic * cleanup check for undefined token * prevent wrong user from accepting invitation
2025-10-30 01:38:20 +02:00 · 2025-01-20 20:21:44 +01:00
parent 29f2b433f0
commit ef2695de0c
5 changed files with 77 additions and 96 deletions
--- a/src/mail.rs
+++ b/src/mail.rs
@@ -259,8 +259,8 @@ pub async fn send_single_org_removed_from_org(address: &str, org_name: &str) ->

 pub async fn send_invite(
    user: &User,
-    org_id: Option<OrganizationId>,
-    member_id: Option<MembershipId>,
+    org_id: OrganizationId,
+    member_id: MembershipId,
    org_name: &str,
    invited_by_email: Option<String>,
 ) -> EmptyResult {
@@ -272,22 +272,14 @@ pub async fn send_invite(
        invited_by_email,
    );
    let invite_token = encode_jwt(&claims);
-    let org_id = match org_id {
-        Some(ref org_id) => org_id.as_ref(),
-        None => "_",
-    };
-    let member_id = match member_id {
-        Some(ref member_id) => member_id.as_ref(),
-        None => "_",
-    };
    let mut query = url::Url::parse("https://query.builder").unwrap();
    {
        let mut query_params = query.query_pairs_mut();
        query_params
            .append_pair("email", &user.email)
            .append_pair("organizationName", org_name)
-            .append_pair("organizationId", org_id)
-            .append_pair("organizationUserId", member_id)
+            .append_pair("organizationId", &org_id)
+            .append_pair("organizationUserId", &member_id)
            .append_pair("token", &invite_token);
        if user.private_key.is_some() {
            query_params.append_pair("orgUserHasExistingUser", "true");