fixed a potentially bad bug with nil invite tokens

b300adbe · maxwell · 4c3de52f · b300adbe · b300adbe
--- a/app/controllers/invitations_controller.rb
+++ b/app/controllers/invitations_controller.rb
@@ -32,13 +32,15 @@ class InvitationsController < Devise::InvitationsController
  def update
    begin
-      puts "foobar"
+      invitation_token = params[:user][:invitation_token]
-      puts params.inspect
+      if invitation_token.nil? || invitation_token.blank?
+        raise "Invalid Invite Token"
+      end
      user = User.find_by_invitation_token(params[:user][:invitation_token])
      puts user.inspect
      user.seed_aspects
      user.accept_invitation!(params[:user])
-    rescue MongoMapper::DocumentNotValid => e
+    rescue Exception => e
      user = nil
      flash[:error] = e.message
    end

--- a/app/views/invitations/edit.html.haml
+++ b/app/views/invitations/edit.html.haml
@@ -19,8 +19,8 @@
      %p
        = f.label :password_confirmation , t('password_confirmation')
        = f.password_field :password_confirmation, :title => t('registrations.new.enter_password_again') 
-        = f.hidden_field :invitation_token
      = f.submit t('registrations.new.sign_up')
+      %br
      = render :partial => "devise/shared/links"