binarybeach/bb-plane-fork
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[VPAT-51] fix: update workspace invitation flow to use token for validation #8508

Browse source 
- Modified the invite link to include a token for enhanced security.
- Updated the WorkspaceJoinEndpoint to validate the token instead of the email.
- Adjusted the workspace invitation task to generate links with the token.
- Refactored the frontend to handle token in the invitation process.

Co-authored-by: sriram veeraghanta <veeraghanta.sriram@gmail.com>
This commit is contained in:
Dheeraj Kumar Ketireddy 2026-02-17 00:02:18 +05:30 committed by GitHub
parent c8a800104c
commit ef5d481a19
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 15 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

8
apps/api/plane/app/views/workspace/invite.py
View file

@ -163,10 +163,10 @@ class WorkspaceJoinEndpoint(BaseAPIView):
def post(self, request, slug, pk):
workspace_invite = WorkspaceMemberInvite.objects.get(pk=pk, workspace__slug=slug)
email = request.data.get("email", "")
token = request.data.get("token", "")
# Check the email
if email == "" or workspace_invite.email != email:
# Validate the token to verify the user received the invitation email
if not token or workspace_invite.token != token:
return Response(
{"error": "You do not have permission to join the workspace"},
status=status.HTTP_403_FORBIDDEN,
@ -180,7 +180,7 @@ class WorkspaceJoinEndpoint(BaseAPIView):
if workspace_invite.accepted:
# Check if the user created account after invitation
user = User.objects.filter(email=email).first()
user = User.objects.filter(email=workspace_invite.email).first()
# If the user is present then create the workspace member
if user is not None: