diff --git a/common/locales/en/groups.json b/common/locales/en/groups.json index 2e0f245232..00257c8670 100644 --- a/common/locales/en/groups.json +++ b/common/locales/en/groups.json @@ -177,6 +177,7 @@ "inviteMissingEmail": "Missing email address in invite.", "partyMustbePrivate": "Parties must be private", "userAlreadyInGroup": "User already in that group.", + "cannotInviteSelfToGroup": "You cannot invite yourself to a group.", "userAlreadyInvitedToGroup": "User already invited to that group.", "userAlreadyPendingInvitation": "User already pending invitation.", "userAlreadyInAParty": "User already in a party.", diff --git a/test/api/v3/integration/groups/POST-groups_invite.test.js b/test/api/v3/integration/groups/POST-groups_invite.test.js index 92328463b2..3e6ed0be30 100644 --- a/test/api/v3/integration/groups/POST-groups_invite.test.js +++ b/test/api/v3/integration/groups/POST-groups_invite.test.js @@ -33,6 +33,17 @@ describe('Post /groups/:groupId/invite', () => { }); }); + it('returns an error when inviting yourself to a group', async () => { + await expect(inviter.post(`/groups/${group._id}/invite`, { + uuids: [inviter._id], + })) + .to.eventually.be.rejected.and.eql({ + code: 400, + error: 'BadRequest', + message: t('cannotInviteSelfToGroup'), + }); + }); + it('returns an error when uuids is not an array', async () => { let fakeID = generateUUID(); diff --git a/website/server/controllers/api-v3/groups.js b/website/server/controllers/api-v3/groups.js index 07e9b5be54..de59bd7e17 100644 --- a/website/server/controllers/api-v3/groups.js +++ b/website/server/controllers/api-v3/groups.js @@ -487,6 +487,8 @@ async function _inviteByUUID (uuid, group, inviter, req, res) { if (!userToInvite) { throw new NotFound(res.t('userWithIDNotFound', {userId: uuid})); + } else if (inviter._id === userToInvite._id) { + throw new BadRequest(res.t('cannotInviteSelfToGroup')); } if (group.type === 'guild') {