From c9e53020583b06924751eda7a970f80bff81dde8 Mon Sep 17 00:00:00 2001
From: pierre-lehnen-rc <55164754+pierre-lehnen-rc@users.noreply.github.com>
Date: Thu, 14 May 2020 19:15:39 -0300
Subject: [PATCH] [FIX] Secret Registration not properly validating Invite
 Token (#17618)

---
 server/methods/registerUser.js | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/server/methods/registerUser.js b/server/methods/registerUser.js
index 8b104dde7f35..9ef019fab962 100644
--- a/server/methods/registerUser.js
+++ b/server/methods/registerUser.js
@@ -39,12 +39,14 @@ Meteor.methods({
 		}
 
 		if (settings.get('Accounts_RegistrationForm') === 'Secret URL' && (!formData.secretURL || formData.secretURL !== settings.get('Accounts_RegistrationForm_SecretURL'))) {
-			if (formData.secretURL) {
-				try {
-					validateInviteToken(formData.secretURL);
-				} catch (e) {
-					throw new Meteor.Error('error-user-registration-secret', 'User registration is only allowed via Secret URL', { method: 'registerUser' });
-				}
+			if (!formData.secretURL) {
+				throw new Meteor.Error('error-user-registration-secret', 'User registration is only allowed via Secret URL', { method: 'registerUser' });
+			}
+
+			try {
+				validateInviteToken(formData.secretURL);
+			} catch (e) {
+				throw new Meteor.Error('error-user-registration-secret', 'User registration is only allowed via Secret URL', { method: 'registerUser' });
 			}
 		}