From b300adbef586349a428b8d1fc76da51971ba4422 Mon Sep 17 00:00:00 2001
From: maxwell <maxwell@joindiaspora.com>
Date: Sat, 4 Dec 2010 16:13:44 -0800
Subject: [PATCH] fixed a potentially bad bug with nil invite tokens

---
 app/controllers/invitations_controller.rb | 8 +++++---
 app/views/invitations/edit.html.haml      | 2 +-
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/app/controllers/invitations_controller.rb b/app/controllers/invitations_controller.rb
index 5607698e7e..caff1cb0b9 100644
--- a/app/controllers/invitations_controller.rb
+++ b/app/controllers/invitations_controller.rb
@@ -32,13 +32,15 @@ class InvitationsController < Devise::InvitationsController
 
   def update
     begin
-      puts "foobar"
-      puts params.inspect
+      invitation_token = params[:user][:invitation_token]
+      if invitation_token.nil? || invitation_token.blank?
+        raise "Invalid Invite Token"
+      end
       user = User.find_by_invitation_token(params[:user][:invitation_token])
       puts user.inspect
       user.seed_aspects
       user.accept_invitation!(params[:user])
-    rescue MongoMapper::DocumentNotValid => e
+    rescue Exception => e
       user = nil
       flash[:error] = e.message
     end
diff --git a/app/views/invitations/edit.html.haml b/app/views/invitations/edit.html.haml
index 3dd99446e8..30c04e0d04 100644
--- a/app/views/invitations/edit.html.haml
+++ b/app/views/invitations/edit.html.haml
@@ -19,8 +19,8 @@
       %p
         = f.label :password_confirmation , t('password_confirmation')
         = f.password_field :password_confirmation, :title => t('registrations.new.enter_password_again') 
-        = f.hidden_field :invitation_token
 
       = f.submit t('registrations.new.sign_up')
+      %br
       = render :partial => "devise/shared/links"
 
-- 
GitLab