Bug/4817 abuse of invite system

app/assets/v2/js/pages/bounty_share.js

@@ -30,7 +30,7 @@ const sendInvites = (users) => {
   var sendEmail = fetchData(
     '/api/v0.1/social_contribution_email/',
     'POST',
-    {usersId, msg, bountyId, invite_url},
+    {usersId, msg, bountyId},
     {'X-CSRFToken': csrftoken}
   );
 

app/dashboard/templates/social_contribution_modal.html

@@ -81,5 +81,4 @@ <h4>{% trans "Click to instantly share on the following networks" %}</h4>
   {% csrf_token %}
   <script type="text/javascript">
     var csrftoken = jQuery("[name=csrfmiddlewaretoken]").val();
-    var invite_url = '{{invite_url}}';
   </script>

app/dashboard/views.py

@@ -1137,11 +1137,9 @@ def social_contribution_email(request):
     from .utils import get_bounty_invite_url
 
     emails = []
-    user_ids = request.POST.getlist('usersId[]', [])
-    invite_url = request.POST.get('invite_url', '')
     bounty_id = request.POST.get('bountyId')
-    if not invite_url:
-        invite_url = f'{settings.BASE_URL}issue/{get_bounty_invite_url(request.user.username, bounty_id)}'
+    user_ids = request.POST.getlist('usersId[]', [])
+    invite_url = f'{settings.BASE_URL}issue/{get_bounty_invite_url(request.user.username, bounty_id)}'
 
     inviter = request.user if request.user.is_authenticated else None
     bounty = Bounty.objects.current().get(id=int(bounty_id))