Add Sending Invitations to Join Your Team in Quepid Capability (#259)

* Broken dependencies

* OMG this is partly working!

* checkpoint

* checkopint, fighjting with the any_of stuff

* yeomans work on progress towards eliminating any_of, had to use raw SQL unfortuanntly

* fixing up more tests!

* clean up gems

* lets run api tests first

* try and run rails before js

* one more try

* one more try

* fixing more tests

* frustrated with circleci

* so many fixes

* more fixes

* Welcome back jquery

* fixes!

* one more

* more fixes

* more datamodeling fun, especially caused by a force param that we dont use

* upgrade for the cop

* rubo

* more fixes

* more fixes

* rubocopy you are so needy, upgrade you

* started doing more rubocop

* onemore

* fixin

* fixed

* magic fix

* for some reason after_create is now working

* fix up

* turns out we have better vlidation now in rails 5 then in 4

* getting closer

* update doc

* fixes

* bumping to updated Ruby that Heroku uses, and removing 12factor since Rails 5 provides what Heroku wants

* one more

* get tests to run again

* get all tests to run

* we got rid of using any_of, so now remove gem

* doh

* rubocop

* update

* need to fix this (#223)

* Move "docid" from the URL to a JSON payload (#233)

* swap JS side over to using payloads for doc ids

* refactor to be more railsy is working

* Add import ltr format (#204)

* hotfix: k=5 despite scores being changed to @10, i.e k should be 10

* the errant comma at the end of the line loading the scorer code was causing it to not run

* Turns out we were updating a non communal ndcg scorer, hence not seeing the update for the communal

* document fixes

* fixes #178 with some messaging (#235)

* document fix

* turns out we need to work around the default DELETE in angular

* document the bug

* use fancier defaults to demo capablity (#236)

* found two tickets fixed by same pr

* add teams owner controller tests and add check for ownership before a… (#239)

* add teams owner controller tests and add check for ownership before allowing it to change

* new unit test uncovered deprecated method use

Co-authored-by: Jacob Graves <[email protected]>
Co-authored-by: epugh <[email protected]>

* control signup enablement via config (#238)

* add customization SIGNUP_ENABLED

defaults to true.

currently just disables the controller, but does not change the
frontend.

* read SIGNUP_ENABLED in js app

Pass it through the configuration service, similarly to the email
marketing mode flag.

Only display the signup div if signup is enabled.

* add tests for configurationSvc.isSignupEnabled

* Provide explicit defaults.

I don't know if I like or dislike the way we do the defaults for environment variables, but lets keep following the pattern.  Having the environment variable in the docker-compose.prod.yml reminds folks it's there, likewise in the .env.example.

Co-authored-by: epugh <[email protected]>

* uncovered a old debugging statement that leaves a undefined message in the console

* Renaming a Case on the Teams Listing Page doesn't work (#240)

* uncovered a old debugging statement that leaves a undefined message in the console

* hey, we fixed it, but now have two ways of renaming a case

* removing watches seems to actually let updates happen

* jshint

* remove old method

* update unit test

* found a lingering .rename

* jshint

* remove commented code

* easy in place case name editing (#242)

* easy in place case name editing

* went ahead and made the try editable as well

* Issue 231: Fixing CSV Injection (#245)

* Issue 231: Fixing CSV Injection

When a query starts with =,-,+,@ and is exported to csv, it can cause malicious commands to be ran when imported elsewhere. This fix adds a space for these queries when it is exported.

This has been updated in the erb and the javascript to cover both cases.

* Clean up syntax with rubocop

* document vulnerability fix

* often we add improvemnts, so make it an option

* 232 stored xss - add new env flag to forbid user scorers and only allow communal scorers (#246)

* wire up new flag and behaviour it controls

* add tests for scorers controller to ensure respecting new environment flag

* fix ruby syntax issues

* switch to true boolean

Co-authored-by: Jacob Graves <[email protected]>

* document fixes

* Harden export import cycle for queries no docs (#252)

* fixing up export import to deal with queries that had no docs

* fix up the snapshot

* rubocop

* finalize rubocop

* be smarter on generating ratings

* rubocop

* Remove sharing from communal scorers (#251)

* document fix

* document vulnerability fix

* only show sharing for custom scorers

* doc fix

* doc fix

* Initialize scorer.scaleWithLabels (#254)

* Issue 225 (#253)

* patch up nDCG logic for less than 10 result to fix #234

* fix #225 for AP@10 being inccorect if less than 10 docs are returned

* mergin

* one more fix

Co-authored-by: [email protected] <>

* mergin

* fixes

* roll

* testing fix

* harden test

* rubocop

* rubocop

* fix up for now

* rubocop

* rubocop

* rubocop

* rubcop

* rubocop

* so much rubocop

* more rubocop

* fixin

* backing out message cause this is still used

* tweaks

* ignore a rule

* more rubo

* rubocop

* rubo

* bug fix

* update

* Deal with cases not auto being created, so we need to create explictly a case.

Go ahead and pretty up the output!

* remove the CurrentUserDecorator, we don't actually need it..

looks like just a bit of syntactic sugar, and I think the abstraction doesn't actually help us.

* while I like firstTime better, I'd rather have consistency on both sides!

* rubocop

* optimization of sprockets for files that only matter in test

* Trying to resolve the gzip issue in running test:js led me down a path

of upgrades..   webconsole burped, and we never use it, so ripping it out!

* small optimization

* explicit bundler version install

* tweak name!

* rubocop

* fixes

* Much better name than user.case for method.

I thought I could get rid of the Finder classes, but apparently not!

* docs

* clean up!

* rubocop!

* fix ups

* more fix up

* one more fix

* deal with bigint being default in rails 5, and we don't want that.

* update docs

* Strip out Spring since we are in a container world and don't get the benefit

* rubo

* rails 5 is stricter on params!

* dan agrees we should simplify

* solve the try_id versus try_number issue

* small fix to prevent messages showing up till page has loaded all angular

this only showed up in dev mode because of the long compile time, but was very confusion!

* kill a constant we don't use

* old debuggin

* change up default, add some debuggin

* rubo

* Quit creating dummy Try Number 0, and instead start with 1, and at the end

of the wizard, just update it in place.  Dont' constantly genrate a try 0, then to 1 at the end of the wizard!

* Update UPGRADING_RAILS_NOTES.md

* use our new put method!

* jshint

* Some code from the dawn of Quepid that isn't used!

* suspected this change would happen!

* some per fixes

* doc fixe

* rubo

* looks like we have some upgrades that elminiate this issue!

* had to upgrade to Rails 5, but now we can try inviting users!

* make matching on names case insentsive

* first cut of adding invitations.

* looking up by user name and email was too slow!

* have the invite accept screen working!

* lifecycle test is working!

* rubocop!

* rubocop

* not sure why current_team_finder.rb was different than current_case_finder.rb

however makign this change as one of our tests was flagging it as causing extra unrequired loads!   also makes it the same as the others!

* making same as others, and making it not happen unless called!

* this appears to matter on circle ci, and we don't need it to be a variable.

* Update test.rb

* rubo

* deal with the signup flag

* now dealing with t and c and agreed time.

* no longer need the true on callsbacks in rails 5..

* finally get arms around the boolean beting string or bool!

* polish up emails

* Properly track who has a pending invite!

* track links

* notes

* figured out we were attempting to diff snapshot with deleted query docs

* small fix

* use better regex to pluck out the raw invite token.  Thanks Nate!

* Missed conflict

Co-authored-by: Daniel Worley <[email protected]>
Co-authored-by: [email protected] <>
Co-authored-by: jacobgraves <[email protected]>
Co-authored-by: Jacob Graves <[email protected]>
Co-authored-by: Michael Lawrence <[email protected]>
Co-authored-by: nicholaskwan <[email protected]>
Co-authored-by: Nathan (Nate) Day <[email protected]>

Gemfile

@@ -15,6 +15,7 @@ gem 'turbolinks', '~> 5'
 gem 'colorize', require: false
 gem 'cookies_eu'
 gem 'devise', '>= 4.6.2'
+gem 'devise_invitable', '~> 2.0'
 gem 'font-awesome-sass', '>= 4.4.0'
 gem 'gabba'
 gem 'intercom-rails'

Gemfile.lock

@@ -93,6 +93,9 @@ GEM
       railties (>= 4.1.0)
       responders
       warden (~> 1.2.3)
+    devise_invitable (2.0.3)
+      actionmailer (>= 5.0)
+      devise (>= 4.6)
     docile (1.3.2)
     erubi (1.10.0)
     execjs (2.7.0)
@@ -305,6 +308,7 @@ DEPENDENCIES
   colorize
   cookies_eu
   devise (>= 4.6.2)
+  devise_invitable (~> 2.0)
   font-awesome-sass (>= 4.4.0)
   foreman
   gabba

README.md

@@ -389,6 +389,20 @@ which will install/upgrade the Node module, and then save that dependency to `pa
 
 Then check in the updated `package.json` and `yarn.lock` files.
 
+## I'd like to use a new Ruby Gem
+
+Typically you would simply do:
+
+```
+bin/docker r bundle add foobar
+```
+
+which will install the new Gem, and then save that dependency to `Gemfile`.
+
+Then check in the updated `package.json` and `yarn.lock` files.  For good measure
+run the `bin/setup_docker`.
+
+
 ## I'd like to test SSL
 
 There's a directory `.ssl` that contains they key and cert files used for SSL. This is a self signed generated certificate for use in development ONLY!
@@ -451,11 +465,11 @@ heroku restart -a quepid-staging
 
 ## Seed Data
 
-The following accounts are created through the seeds. The all follow the following format:
+The following accounts are created through the seeds. They all follow the following format:
 
 ```
 email: quepid+[type]@o19s.com
-password: quepid+[type]
+password: password
 ```
 
 where type is one of the following:
@@ -498,7 +512,6 @@ To comply with GDPR, and be a good citizen, the hosted version of Quepid asks if
 EMAIL_MARKETING_MODE=true   # Enables a checkbox on user signup to consent to emails
 ```
 
-
 # Thank You's
 
 Quepid would not be possible without the contributions from many individuals and organizations.   

UPGRADING_RAILS_NOTES.md

@@ -14,8 +14,33 @@ Todos:
 * DONE (Changed my mind, I used it to reduce some extra sql joins etc) rip out extra dev analystics stuff
 * DONE (no issue!) export of general and detail from js doesn't work.
 * DONE Look at session in home_controller, do we use it???
+* DONE, (password blank works fine).  Chase down why :password="" is needed when inviting a user.
+* Deal with the format of the emails!  Make them quepid qlassy.
+* DONE Deal with environment variable for disabling forms.
 
 
+https://github.com/gonzalo-bulnes/simple_token_authentication
+https://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Token.html
+https://github.com/lynndylanhurley/devise_token_auth
+
+https://www.codementor.io/@gowiem/deviseinvitable-rails-api-9wzmbisus
+
+
+User.invite!(email: '[email protected]', name: 'Joe', password:'password')
+
+user = User.invite!(email: '[email protected]', name: 'joe3', password:'password') do |u|
+  u.skip_invitation = true
+end
+
+user = User.invite!({ email: '[email protected]', name: 'Joe8', password:'password' }, current_user)
+User.invite!({ email: '[email protected]' }, current_user)
+
+
+User.accept_invitation!(invitation_token: params[:invitation_token], password: 'ad97nwj3o2', name: 'John Doe')
+User.accept_invitation!(invitation_token: '9ngHVdcWyvSNrg54a8yj', password: 'ad97nwj3o2', name: 'John Doe')
+
+
+user = User.invite!({ email: '[email protected]' }, current_user)
 
 
 KEY!   http://railsdiff.org/4.2.11/5.2.4.4

app/assets/javascripts/components/add_member/add_member.html

@@ -1,28 +1,40 @@
 <script type="text/ng-template" id="member_popup.html">
   <a>
-      <img ng-src="{{match.model.avatar_url}}" width="24">
+      <img ng-src="{{match.model.avatar_url}}" width="48">
       {{match.model.display_name}} (<span ng-bind-html="match.model.email"></span>)
   </a>
 </script>
 
 <div class='form-group'>
-  <input id="user-lookup" type="text" ng-model="ctrl.selected" placeholder="Look for users via email or display name"
+  <form class="form input-append">
+  <input id="user-lookup" class="form-control email" size="30" type="text" ng-model="ctrl.selected" placeholder="Look for users via email or display name"
     uib-typeahead="user as user.display_name for user in ctrl.getUsers($viewValue)"
     typeahead-loading="loadingUsers"
+    typeahead-no-results="noMatches"
     typeahead-template-url="member_popup.html"
     class="form-control"
     typeahead-on-select="ctrl.selectMember($item, $model, $label)"
   />
-  <i ng-show="loadingUsers" class="fa fa-refresh fa-spin"></i>
-  <a
+
+  <a ng-if="!(noMatches && ctrl.testIsEmailAddress(ctrl.selected))"
     class="btn btn-success"
     ng-click="ctrl.addMember()"
   >
-    Add
+    Add user
+  </a>
+
+  <a ng-if="(noMatches && ctrl.testIsEmailAddress(ctrl.selected))"
+    class="btn btn-success"
+    ng-click="ctrl.inviteUserToJoin()"
+  >
+    Send invitation
   </a>
+  <i ng-show="loadingUsers" class="fa fa-spinner fa-spin"></i>
+  </form>
 
   <p class='help-block'>
-    Start typing an email to add user as a member to this team.
-    Once you select a user, click on "Add" to add them as a member.
+    Start typing an email address to add an existing user to this team.
+    If the email address doesn't match anyone, you will be able to invite them to join Quepid and this team.
   </p>
+
 </div>

app/assets/javascripts/components/add_member/add_member_controller.js

@@ -22,6 +22,8 @@ angular.module('QuepidApp')
       ctrl.addMember    = addMember;
       ctrl.getUsers     = getUsers;
       ctrl.selectMember = selectMember;
+      ctrl.testIsEmailAddress = testIsEmailAddress;
+      ctrl.inviteUserToJoin = inviteUserToJoin;
 
       function selectMember($item) {
         ctrl.selectedMember = $item;
@@ -53,5 +55,26 @@ angular.module('QuepidApp')
             return response.data.users;
           });
       }
+
+      function inviteUserToJoin() {
+        teamSvc.inviteUserToJoin(ctrl.team, ctrl.selected)
+          .then(function() {
+            flash.success = 'Invitation sent to ' + ctrl.selected;
+            ctrl.selected = '';
+          }, function(response) {
+            flash.error = response.data.error;
+          });
+
+      }
+
+      function testIsEmailAddress(val) {
+        var emailVer = /^[a-z]+[a-z0-9._]+@[a-z]+\.[a-z.]{2,5}$/;
+        if( emailVer.test(val) ){
+          return true;
+        }
+        else {
+          return false;
+        }
+      }
     }
   ]);

app/assets/javascripts/components/move_query/_modal.html

@@ -10,7 +10,13 @@ <h3 class="modal-title">Move Query to Another Case</h3>
     </p>
   </div>
 
-  <div ng-show="!ctrl.loading">
+  <div class="text-center" ng-show="ctrl.cases.length === 0 && !ctrl.loading">
+    <p>
+      Please create another case to move this query to first.
+    </p>
+  </div>
+
+  <div ng-show="ctrl.cases.length > 0 && !ctrl.loading">
     <p>Select a case:</p>
     <ul class="list-group move-query-cases-list">
       <li class="list-group-item" ng-repeat="case in ctrl.cases" ng-class="{ active: case == ctrl.activeCase }" ng-click="ctrl.selectCase(case)">

app/assets/javascripts/components/user_listing/user_listing.html

@@ -14,6 +14,8 @@ <h5 class="user-name">
 
     {{ ctrl.user.email }}
 
+    <span class="text-muted" ng-if="ctrl.user.pending_invite"> Pending Invitation </span>
+
     <span class="item-actions">
       <remove-member this-member="ctrl.user" this-team="ctrl.team"></remove-member>
     </span>

app/assets/javascripts/controllers/signup.js

@@ -37,7 +37,7 @@ angular.module('QuepidSecureApp')
           return;
         }
 
-        var emailVer = /^.+@.*$/;
+        var emailVer = /^[a-z]+[a-z0-9._]+@[a-z]+\.[a-z.]{2,5}$/;
         if( !emailVer.test(email) ){
           $scope.warnEmail = true;
           return;

app/assets/javascripts/services/teamSvc.js

@@ -187,6 +187,25 @@ angular.module('QuepidApp')
           });
       };
 
+      this.inviteUserToJoin = function(team, email) {
+        // http POST /api/teams/<int:teamId>/members/invite
+        var url   = '/api/teams/' + team.id + '/members/invite';
+        var data  = { id:  email };
+
+        if ( team.members === undefined ) {
+          team.members = [];
+        }
+
+        return $http.post(url, data)
+          .then(function(response) {
+            var member = response.data;
+
+            if ( !hasMember(team, member) ) {
+              team.members.push(member);
+            }
+          });
+      };
+
       this.removeMember = function(team, member) {
         // http DELETE /api/teams/<int:teamId>/members/<int:memberId>
         var url   = '/api/teams/' + team.id + '/members/' + member.id;

app/assets/templates/views/teams/show.html

@@ -27,7 +27,7 @@ <h4>
       {{ currentTeam.owner.email }}
     </div>
 
-    <div class="team-stats col-xs-6 col-sm-6 col-md-4 col-lg-3">
+    <div class="team-stats col-xs-6 col-sm-6 col-md-4 col-lg-4">
       <div class="vcard-stats border-bottom row">
         <span class="vcard-stat col-sm-4">
           <strong class="vcard-stat-count d-block">
@@ -51,24 +51,19 @@ <h4>
 
       <div class="add-member border-bottom row">
         <h4>
-          Add Member
+          Add Team Member
         </h4>
 
         <add-member team='currentTeam'></add-member>
       </div>
 
-      <div
-        class="change-owner border-bottom row"
-
-
-      >
+      <div class="change-owner border-bottom row">
         <h4>
           Change Owner
         </h4>
 
         <change-team-owner
           team='currentTeam'
-
           ng-if="currentUser.id == currentTeam.owner.id"
         ></change-team-owner>
 

app/controllers/api/api_controller.rb

@@ -27,6 +27,10 @@ def test
       render json: { message: 'Success!' }, status: :ok
     end
 
+    def signup_enabled?
+      Rails.application.config.signup_enabled
+    end
+
     protected
 
     def set_default_response_format

app/controllers/api/v1/signups_controller.rb

@@ -8,7 +8,6 @@ class SignupsController < Api::ApiController
 
       def create
         @user = User.new user_params
-        @user.agreed_time = Time.zone.now
 
         if @user.save
           Analytics::Tracker.track_signup_event @user

app/controllers/api/v1/team_members_controller.rb

@@ -3,8 +3,8 @@
 module Api
   module V1
     class TeamMembersController < Api::ApiController
-      before_action :set_team,          only: [ :index, :create, :destroy ]
-      before_action :check_team,        only: [ :index, :create, :destroy ]
+      before_action :set_team,          only: [ :index, :create, :destroy, :invite ]
+      before_action :check_team,        only: [ :index, :create, :destroy, :invite ]
 
       def index
         @members = @team.members
@@ -29,6 +29,24 @@ def create
         end
       end
 
+      def invite
+        unless signup_enabled?
+          render json: { error: 'Signups are disabled!' }, status: :not_found
+          return
+        end
+
+        @member = User.invite!({ email: params[:id], password: '' }, current_user)
+
+        @team.members << @member unless @team.members.exists?(@member.id)
+
+        if @team.save
+          Analytics::Tracker.track_member_added_to_team_event current_user, @team, @member
+          respond_with @member
+        else
+          render json: @member.errors, status: :bad_request
+        end
+      end
+
       def destroy
         member = @team.members.where('email = ? OR id = ?', params[:id].to_s.downcase, params[:id])
 

app/controllers/api/v1/users_controller.rb

@@ -9,7 +9,7 @@ def index
         @users = []
         if params[:prefix]
           prefix = params[:prefix].downcase
-          @users = User.where('email LIKE :prefix OR name LIKE :prefix', prefix: "#{prefix}%").limit(8)
+          @users = User.where('`email` LIKE :prefix', prefix: "#{prefix}%").limit(8)
         end
         respond_with @users
       end

app/controllers/application_controller.rb

@@ -23,4 +23,8 @@ class ApplicationController < ActionController::Base
   def ssl_enabled?
     'true' == ENV['FORCE_SSL']
   end
+
+  def signup_enabled?
+    Rails.application.config.signup_enabled
+  end
 end

app/controllers/concerns/authentication/current_team_manager.rb

@@ -7,9 +7,10 @@ module CurrentTeamManager
     private
 
     def set_team
-      @team = current_user.teams_im_in.where(id: params[:team_id])
-        .preload(:members)
-        .first
+      # @team = current_user.teams_im_in.where(id: params[:team_id])
+      #  .preload(:members)
+      #  .first
+      @team = current_user.teams_im_in.where(id: params[:team_id]).first
     end
 
     def check_team