Allow guest access to the platform for 30 minutes when invitation code is used

Author: rsmithlal

app/controllers/better_together/application_controller.rb

@@ -10,6 +10,8 @@ class ApplicationController < ActionController::Base # rubocop:todo Metrics/Clas
     before_action :check_platform_setup
     before_action :set_locale
     before_action :store_user_location!, if: :storable_location?
+
+    before_action :set_platform_invitation
     before_action :check_platform_privacy
     # The callback which stores the current location must be added before you authenticate the user
     # as `authenticate_user!` (or whatever your resource is) will halt the filter chain and redirect
@@ -24,7 +26,7 @@ class ApplicationController < ActionController::Base # rubocop:todo Metrics/Clas
     rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
     rescue_from StandardError, with: :handle_error
 
-    helper_method :default_url_options
+    helper_method :default_url_options, :valid_platform_invitation_token_present?
 
     def self.default_url_options
       super.merge(locale: I18n.locale)
@@ -56,15 +58,58 @@ def check_platform_setup
       redirect_to setup_wizard_path
     end
 
+    def set_platform_invitation
+      # Only proceed if there's an invitation token in the URL or already in the session.
+      return unless params[:invitation_code].present? || session[:platform_invitation_token].present?
+
+      # Check if the session token has expired.
+      if session[:platform_invitation_expires_at].present? && Time.current > session[:platform_invitation_expires_at]
+        session.delete(:platform_invitation_token)
+        session.delete(:platform_invitation_expires_at)
+        return
+      end
+
+      if params[:invitation_code].present?
+        # On first visit with the invitation code, update the session with the token and a new expiry.
+        token = params[:invitation_code]
+        session[:platform_invitation_token] = token
+        session[:platform_invitation_expires_at] ||= Time.current + platform_invitation_expiry_time
+      else
+        # If no params, simply use the token stored in the session.
+        token = session[:platform_invitation_token]
+      end
+
+      return unless token.present?
+
+      @platform_invitation = ::BetterTogether::PlatformInvitation.pending.find_by(token: token)
+
+      unless @platform_invitation
+        session.delete(:platform_invitation_token)
+        session.delete(:platform_invitation_expires_at)
+      end
+    end
+
     def check_platform_privacy
       return if helpers.host_platform.privacy_public?
       return if current_user
       return unless BetterTogether.user_class.any?
+      return if valid_platform_invitation_token_present?
 
       flash[:error] = I18n.t('globals.platform_not_public')
       redirect_to new_user_session_path(locale: I18n.locale)
     end
 
+    def valid_platform_invitation_token_present?
+      token = session[:platform_invitation_token]
+      return false unless token.present?
+
+      return false if session[:platform_invitation_expires_at].present? && Time.current > session[:platform_invitation_expires_at]
+
+      ::BetterTogether::PlatformInvitation.pending.exists?(token: token)
+    end
+
+    private
+
     def handle404
       render_404
     end
@@ -171,8 +216,18 @@ def after_sign_in_path_for(resource)
         end
     end
 
+    def after_inactive_sign_up_path_for(resource)
+      new_user_session_path if helpers.host_platform&.private?
+      super
+    end
+
     def after_sign_out_path_for(_resource_or_scope)
       BetterTogether.base_path_with_locale
     end
+
+    # Configurable expiration time (e.g., 30 minutes)
+    def platform_invitation_expiry_time
+      30.minutes
+    end
   end
 end

app/controllers/better_together/users/registrations_controller.rb

@@ -7,8 +7,6 @@ class RegistrationsController < ::Devise::RegistrationsController
       include DeviseLocales
       skip_before_action :check_platform_privacy
 
-      before_action :set_platform_invitation, only: %i[new create]
-
       def new
         super do |user|
           user.email = @platform_invitation.invitee_email if @platform_invitation && user.email.empty?
@@ -51,12 +49,6 @@ def create # rubocop:todo Metrics/MethodLength, Metrics/AbcSize
 
       protected
 
-      def set_platform_invitation
-        return unless params[:invitation_code].present?
-
-        @platform_invitation = ::BetterTogether::PlatformInvitation.pending.find_by(token: params[:invitation_code])
-      end
-
       def person_params
         params.require(:user).require(:person_attributes).permit(%i[identifier name description])
       end

app/helpers/better_together/platforms_helper.rb

@@ -2,5 +2,8 @@
 
 module BetterTogether
   module PlatformsHelper # rubocop:todo Style/Documentation
+    def invitation_token_expires_at
+      session[:platform_invitation_expires_at].to_datetime.to_i
+    end
   end
 end

app/javascript/controllers/better_together/invitation_timer_controller.js

@@ -0,0 +1,35 @@
+// app/javascript/controllers/invitation_timer_controller.js
+
+import { Controller } from '@hotwired/stimulus'
+
+export default class extends Controller {
+  static values = {
+    expiresAt: Number // Timestamp in seconds (epoch time)
+  }
+
+  connect() {
+    this.updateTimer()
+    this.interval = setInterval(() => this.updateTimer(), 1000)
+  }
+
+  disconnect() {
+    clearInterval(this.interval)
+  }
+
+  updateTimer() {
+    const now = Math.floor(Date.now() / 1000)
+    const remainingSeconds = this.expiresAtValue - now
+    console.log("Timer:", { expiresAt: this.expiresAtValue, now, remainingSeconds })
+
+    if (remainingSeconds <= 0) {
+      this.element.textContent = 'Expired'
+      this.element.classList.remove('bg-info')
+      this.element.classList.add('bg-danger')
+      clearInterval(this.interval)
+      return
+    }
+
+    const minutes = Math.floor(remainingSeconds / 60)
+    this.element.textContent = `${minutes} min`
+  }
+}

app/views/layouts/better_together/_header.html.erb

@@ -58,7 +58,24 @@
           <% else %>
             <!-- If user is not signed in, show 'Sign In' -->
             <li class="nav-item">
-              <%= link_to t('navbar.sign_in'), new_user_session_path, class: "nav-link" %>
+              <% if valid_platform_invitation_token_present? %>
+                <%= link_to new_user_registration_path(invitation_code: session[:platform_invitation_token]), class: "nav-link d-flex align-items-center gap-2" do %>
+                  <i class="fas fa-envelope-open-text"></i>
+                  <%= t('navbar.accept_invitation') %>
+                  <% expires_at_unix = invitation_token_expires_at %>
+
+                  <span class="badge bg-info ms-2"
+                      data-controller="better_together--invitation-timer"
+                      data-better_together--invitation-timer-expires-at-value="<%= expires_at_unix %>">
+                    <%= t('invitations.calculating') %>
+                  </span>
+                <% end %>
+              <% else %>
+                <%= link_to new_user_session_path, class: "nav-link d-flex align-items-center gap-2" do %>
+                  <i class="fas fa-sign-in-alt"></i>
+                  <%= t('navbar.sign_in') %>
+                <% end %>
+              <% end %>
             </li>
           <% end %>
         </ul>