feat: Implement user invitation backend functionality

packages/backend/src/controllers/api/v1/users/accept-invitation.js

@@ -0,0 +1,23 @@
+import User from '../../../../models/user.js';
+
+export default async (request, response) => {
+  const { token, password } = request.body;
+
+  if (!token) {
+    throw new Error('Invitation token is required!');
+  }
+
+  const user = await User.query()
+    .findOne({ invitation_token: token })
+    .throwIfNotFound();
+
+  if (!user.isInvitationTokenValid()) {
+    throw new Error(
+      'Invitation link is not valid or expired. You can use reset password to get a new link.'
+    );
+  }
+
+  await user.acceptInvitation(password);
+
+  response.status(204).end();
+};

packages/backend/src/db/migrations/20240708141218_add_invitation_token_to_users.js

@@ -0,0 +1,13 @@
+export async function up(knex) {
+  return knex.schema.table('users', (table) => {
+    table.string('invitation_token');
+    table.timestamp('invitation_token_sent_at');
+  });
+}
+
+export async function down(knex) {
+  return knex.schema.table('users', (table) => {
+    table.dropColumn('invitation_token');
+    table.dropColumn('invitation_token_sent_at');
+  });
+}

packages/backend/src/graphql/mutations/create-user.ee.js

@@ -1,10 +1,16 @@
+import appConfig from '../../config/app.js';
 import User from '../../models/user.js';
 import Role from '../../models/role.js';
+import emailQueue from '../../queues/email.js';
+import {
+  REMOVE_AFTER_30_DAYS_OR_150_JOBS,
+  REMOVE_AFTER_7_DAYS_OR_50_JOBS,
+} from '../../helpers/remove-job-configuration.js';
 
 const createUser = async (_parent, params, context) => {
   context.currentUser.can('create', 'User');
 
-  const { fullName, email, password } = params.input;
+  const { fullName, email } = params.input;
 
   const existingUser = await User.query().findOne({
     email: email.toLowerCase(),
@@ -17,7 +23,7 @@ const createUser = async (_parent, params, context) => {
   const userPayload = {
     fullName,
     email,
-    password,
+    status: 'pending',
   };
 
   try {
@@ -32,7 +38,29 @@ const createUser = async (_parent, params, context) => {
 
   const user = await User.query().insert(userPayload);
 
-  return user;
+  await user.generateInvitationToken();
+
+  const jobName = `Invitation Email - ${user.id}`;
+  const acceptInvitationUrl = `${appConfig.webAppUrl}/accept-invitation?token=${user.invitationToken}`;
+
+  const jobPayload = {
+    email: user.email,
+    subject: 'You are invited!',
+    template: 'invitation-instructions',
+    params: {
+      fullName: user.fullName,
+      acceptInvitationUrl,
+    },
+  };
+
+  const jobOptions = {
+    removeOnComplete: REMOVE_AFTER_7_DAYS_OR_50_JOBS,
+    removeOnFail: REMOVE_AFTER_30_DAYS_OR_150_JOBS,
+  };
+
+  await emailQueue.add(jobName, jobPayload, jobOptions);
+
+  return { user, acceptInvitationUrl };
 };
 
 export default createUser;

packages/backend/src/graphql/mutations/forgot-password.ee.js

@@ -22,7 +22,7 @@ const forgotPassword = async (_parent, params) => {
   const jobPayload = {
     email: user.email,
     subject: 'Reset Password',
-    template: 'reset-password-instructions',
+    template: 'reset-password-instructions.ee',
     params: {
       token: user.resetPasswordToken,
       webAppUrl: appConfig.webAppUrl,

packages/backend/src/graphql/schema.graphql

@@ -8,7 +8,7 @@ type Mutation {
   createFlow(input: CreateFlowInput): Flow
   createRole(input: CreateRoleInput): Role
   createStep(input: CreateStepInput): Step
-  createUser(input: CreateUserInput): User
+  createUser(input: CreateUserInput): UserWithAcceptInvitationUrl
   deleteConnection(input: DeleteConnectionInput): Boolean
   deleteCurrentUser: Boolean
   deleteFlow(input: DeleteFlowInput): Boolean
@@ -375,7 +375,6 @@ input DeleteStepInput {
 input CreateUserInput {
   fullName: String!
   email: String!
-  password: String!
   role: UserRoleInput!
 }
 
@@ -520,6 +519,11 @@ type User {
   updatedAt: String
 }
 
+type UserWithAcceptInvitationUrl {
+  user: User
+  acceptInvitationUrl: String
+}
+
 type Role {
   id: String
   name: String

packages/backend/src/helpers/compile-email.ee.js

@@ -6,7 +6,7 @@ import { fileURLToPath } from 'url';
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
 
 const compileEmail = (emailPath, replacements = {}) => {
-  const filePath = path.join(__dirname, `../views/emails/${emailPath}.ee.hbs`);
+  const filePath = path.join(__dirname, `../views/emails/${emailPath}.hbs`);
   const source = fs.readFileSync(filePath, 'utf-8').toString();
   const template = handlebars.compile(source);
   return template(replacements);

packages/backend/src/models/user.js

@@ -43,6 +43,11 @@ class User extends Base {
         type: ['string', 'null'],
         format: 'date-time',
       },
+      invitationToken: { type: ['string', 'null'] },
+      invitationTokenSentAt: {
+        type: ['string', 'null'],
+        format: 'date-time',
+      },
       trialExpiryDate: { type: 'string' },
       roleId: { type: 'string', format: 'uuid' },
       deletedAt: { type: 'string' },
@@ -210,6 +215,13 @@ class User extends Base {
     await this.$query().patch({ resetPasswordToken, resetPasswordTokenSentAt });
   }
 
+  async generateInvitationToken() {
+    const invitationToken = crypto.randomBytes(64).toString('hex');
+    const invitationTokenSentAt = new Date().toISOString();
+
+    await this.$query().patch({ invitationToken, invitationTokenSentAt });
+  }
+
   async resetPassword(password) {
     return await this.$query().patch({
       resetPasswordToken: null,
@@ -218,6 +230,14 @@ class User extends Base {
     });
   }
 
+  async acceptInvitation(password) {
+    return await this.$query().patch({
+      invitationToken: null,
+      invitationTokenSentAt: null,
+      password,
+    });
+  }
+
   async isResetPasswordTokenValid() {
     if (!this.resetPasswordTokenSentAt) {
       return false;
@@ -230,6 +250,18 @@ class User extends Base {
     return now.getTime() - sentAt.getTime() < fourHoursInMilliseconds;
   }
 
+  async isInvitationTokenValid() {
+    if (!this.invitationTokenSentAt) {
+      return false;
+    }
+
+    const sentAt = new Date(this.invitationTokenSentAt);
+    const now = new Date();
+    const seventyTwoHoursInMilliseconds = 1000 * 60 * 60 * 72;
+
+    return now.getTime() - sentAt.getTime() < seventyTwoHoursInMilliseconds;
+  }
+
   async generateHash() {
     if (this.password) {
       this.password = await bcrypt.hash(this.password, 10);

packages/backend/src/routes/api/v1/users.js

@@ -9,6 +9,7 @@ import getAppsAction from '../../../controllers/api/v1/users/get-apps.js';
 import getInvoicesAction from '../../../controllers/api/v1/users/get-invoices.ee.js';
 import getSubscriptionAction from '../../../controllers/api/v1/users/get-subscription.ee.js';
 import getPlanAndUsageAction from '../../../controllers/api/v1/users/get-plan-and-usage.ee.js';
+import acceptInvitationAction from '../../../controllers/api/v1/users/accept-invitation.js';
 
 const router = Router();
 
@@ -49,4 +50,6 @@ router.get(
   asyncHandler(getPlanAndUsageAction)
 );
 
+router.post('/invitation', asyncHandler(acceptInvitationAction));
+
 export default router;

packages/backend/src/views/emails/invitation-instructions.hbs

@@ -0,0 +1,23 @@
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>Invitation instructions</title>
+</head>
+<body>
+  <p>
+    Hello {{ fullName }},
+  </p>
+
+  <p>
+    You have been invited to join our platform. To accept the invitation, click the link below.
+  </p>
+
+  <p>
+    <a href="{{ acceptInvitationUrl }}">Accept invitation</a>
+  </p>
+
+  <p>
+    If you did not expect this invitation, you can ignore this email.
+  </p>
+</body>
+</html>

packages/backend/src/views/emails/reset-password-instructions.ee.hbs

@@ -9,7 +9,7 @@
   </p>
 
   <p>
-    Someone has requested a link to change your password, and you can do this through the link below.
+    Someone has requested a link to change your password, and you can do this through the link below within 72 hours.
   </p>
 
   <p>