aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--options/locale/locale_en-US.ini1
-rw-r--r--routers/web/org/teams.go8
-rw-r--r--templates/org/team/invite.tmpl28
3 files changed, 26 insertions, 11 deletions
diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index b4d5ba00bc..180fd1c18d 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -2559,6 +2559,7 @@ teams.all_repositories_admin_permission_desc = This team grants <strong>Admin</s
teams.invite.title = You've been invited to join team <strong>%s</strong> in organization <strong>%s</strong>.
teams.invite.by = Invited by %s
teams.invite.description = Please click the button below to join the team.
+teams.invite.email_mismatch = Your email address does not match this invite.
[admin]
dashboard = Dashboard
diff --git a/routers/web/org/teams.go b/routers/web/org/teams.go
index 2ce4bf5322..9a0f49b688 100644
--- a/routers/web/org/teams.go
+++ b/routers/web/org/teams.go
@@ -552,6 +552,7 @@ func TeamInvite(ctx *context.Context) {
ctx.Data["Organization"] = org
ctx.Data["Team"] = team
ctx.Data["Inviter"] = inviter
+ ctx.Data["EmailMismatch"] = ctx.Doer.Email != invite.Email
ctx.HTML(http.StatusOK, tplTeamInvite)
}
@@ -568,6 +569,13 @@ func TeamInvitePost(ctx *context.Context) {
return
}
+ // check that the Doer is the invitee
+ if ctx.Doer.Email != invite.Email {
+ log.Info("invite %d does not apply to the current user %d", invite.ID, ctx.Doer.ID)
+ ctx.NotFound("ErrTeamInviteNotFound", err)
+ return
+ }
+
if err := models.AddTeamMember(team, ctx.Doer.ID); err != nil {
ctx.ServerError("AddTeamMember", err)
return
diff --git a/templates/org/team/invite.tmpl b/templates/org/team/invite.tmpl
index 55ecd049b3..8d1fad0141 100644
--- a/templates/org/team/invite.tmpl
+++ b/templates/org/team/invite.tmpl
@@ -6,17 +6,23 @@
<div class="image">
{{avatar $.Context .Organization 140}}
</div>
- <div class="content">
- <div class="header">{{.locale.Tr "org.teams.invite.title" .Team.Name .Organization.Name | Str2html}}</div>
- <div class="meta">{{.locale.Tr "org.teams.invite.by" .Inviter.Name}}</div>
- <div class="description">{{.locale.Tr "org.teams.invite.description"}}</div>
- </div>
- <div class="extra content">
- <form class="ui form" action="" method="post">
- {{.CsrfTokenHtml}}
- <button class="fluid ui green button">{{.locale.Tr "org.teams.join"}}</button>
- </form>
- </div>
+ {{if .EmailMismatch}}
+ <div class="content">
+ <div class="header">{{.locale.Tr "org.teams.invite.email_mismatch"}}</div>
+ </div>
+ {{else}}
+ <div class="content">
+ <div class="header">{{.locale.Tr "org.teams.invite.title" .Team.Name .Organization.Name | Str2html}}</div>
+ <div class="meta">{{.locale.Tr "org.teams.invite.by" .Inviter.Name}}</div>
+ <div class="description">{{.locale.Tr "org.teams.invite.description"}}</div>
+ </div>
+ <div class="extra content">
+ <form class="ui form" action="" method="post">
+ {{.CsrfTokenHtml}}
+ <button class="fluid ui green button">{{.locale.Tr "org.teams.join"}}</button>
+ </form>
+ </div>
+ {{end}}
</div>
</div>
</div>
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-07 20:36:33 +0000