chore: temporarily enable e2e tests

- auth clients are always shared, cannot be disabled
- custom connections are enabled by default, can be disabled
- any existing connections can be reconnected regardless of its AppConfig or AppAuthClient states

.devcontainer/boot.sh

@@ -5,8 +5,11 @@ BACKEND_PORT=3000
 WEB_PORT=3001
 
 echo "Configuring backend environment variables..."
+
 cd packages/backend
+
 rm -rf .env
+
 echo "
 PORT=$BACKEND_PORT
 WEB_APP_URL=http://localhost:$WEB_PORT
@@ -21,24 +24,35 @@ WEBHOOK_SECRET_KEY=sample_webhook_secret_key
 APP_SECRET_KEY=sample_app_secret_key
 REDIS_HOST=redis
 SERVE_WEB_APP_SEPARATELY=true" >> .env
+
+echo "Installing backend dependencies..."
+
+yarn
+
 cd $CURRENT_DIR
 
 echo "Configuring web environment variables..."
+
 cd packages/web
+
 rm -rf .env
+
 echo "
 PORT=$WEB_PORT
 REACT_APP_BACKEND_URL=http://localhost:$BACKEND_PORT
 " >> .env
+
+echo "Installing web dependencies..."
+
+yarn
+
 cd $CURRENT_DIR
 
-echo "Installing and linking dependencies..."
-yarn
-yarn lerna bootstrap
-
 echo "Migrating database..."
+
 cd packages/backend
+
 yarn db:migrate
 yarn db:seed:user
 
-echo "Done!"
+echo "Done!"

.github/workflows/backend.yml

@@ -41,8 +41,11 @@ jobs:
         with:
           node-version: 18
       - name: Install dependencies
-        run: cd packages/backend && yarn
+        run: yarn
+        working-directory: packages/backend
       - name: Copy .env-example.test file to .env.test
-        run: cd packages/backend && cp .env-example.test .env.test
+        run: cp .env-example.test .env.test
+        working-directory: packages/backend
       - name: Run tests
-        run: cd packages/backend && yarn test
+        run: yarn test:coverage
+        working-directory: packages/backend

.github/workflows/ci.yml

@@ -18,11 +18,13 @@ jobs:
         with:
           node-version: '18'
           cache: 'yarn'
-          cache-dependency-path: yarn.lock
+          cache-dependency-path: packages/backend/yarn.lock
       - run: echo "💡 The ${{ github.repository }} repository has been cloned to the runner."
       - run: echo "🖥️ The workflow is now ready to test your code on the runner."
       - run: yarn --frozen-lockfile
-      - run: cd packages/backend && yarn lint
+        working-directory: packages/backend
+      - run: yarn lint
+        working-directory: packages/backend
       - run: echo "🍏 This job's status is ${{ job.status }}."
   start-backend-server:
     runs-on: ubuntu-latest
@@ -35,11 +37,13 @@ jobs:
         with:
           node-version: '18'
           cache: 'yarn'
-          cache-dependency-path: yarn.lock
+          cache-dependency-path: packages/backend/yarn.lock
       - run: echo "💡 The ${{ github.repository }} repository has been cloned to the runner."
       - run: echo "🖥️ The workflow is now ready to test your code on the runner."
-      - run: yarn --frozen-lockfile && yarn lerna bootstrap
+      - run: yarn --frozen-lockfile
-      - run: cd packages/backend && yarn start
+        working-directory: packages/backend
+      - run: yarn start
+        working-directory: packages/backend
         env:
           ENCRYPTION_KEY: sample_encryption_key
           WEBHOOK_SECRET_KEY: sample_webhook_secret_key
@@ -55,11 +59,13 @@ jobs:
         with:
           node-version: '18'
           cache: 'yarn'
-          cache-dependency-path: yarn.lock
+          cache-dependency-path: packages/backend/yarn.lock
       - run: echo "💡 The ${{ github.repository }} repository has been cloned to the runner."
       - run: echo "🖥️ The workflow is now ready to test your code on the runner."
-      - run: yarn --frozen-lockfile && yarn lerna bootstrap
+      - run: yarn --frozen-lockfile
-      - run: cd packages/backend && yarn start:worker
+        working-directory: packages/backend
+      - run: yarn start:worker
+        working-directory: packages/backend
         env:
           ENCRYPTION_KEY: sample_encryption_key
           WEBHOOK_SECRET_KEY: sample_webhook_secret_key
@@ -75,11 +81,13 @@ jobs:
         with:
           node-version: '18'
           cache: 'yarn'
-          cache-dependency-path: yarn.lock
+          cache-dependency-path: packages/web/yarn.lock
       - run: echo "💡 The ${{ github.repository }} repository has been cloned to the runner."
       - run: echo "🖥️ The workflow is now ready to test your code on the runner."
-      - run: yarn --frozen-lockfile && yarn lerna bootstrap
+      - run: yarn --frozen-lockfile
-      - run: cd packages/web && yarn build
+        working-directory: packages/web
+      - run: yarn build
+        working-directory: packages/web
         env:
           CI: false
       - run: echo "🍏 This job's status is ${{ job.status }}."

.github/workflows/playwright.yml

@@ -3,6 +3,7 @@ on:
   push:
     branches:
       - main
+  # TODO: Add pull request after optimizing the total excecution time of the test suite.
   pull_request:
     paths:
       - 'packages/backend/**'
@@ -12,9 +13,6 @@ on:
   workflow_dispatch:
 
 env:
-  BULLMQ_DASHBOARD_USERNAME: root
-  BULLMQ_DASHBOARD_PASSWORD: sample
-  ENABLE_BULLMQ_DASHBOARD: true
   ENCRYPTION_KEY: sample_encryption_key
   WEBHOOK_SECRET_KEY: sample_webhook_secret_key
   APP_SECRET_KEY: sample_app_secret_key
@@ -25,7 +23,6 @@ env:
   POSTGRES_PASSWORD: automatisch_password
   REDIS_HOST: localhost
   APP_ENV: production
-  PORT: 3000
   LICENSE_KEY: dummy_license_key
 
 jobs:
@@ -62,13 +59,21 @@ jobs:
       - uses: actions/setup-node@v3
         with:
           node-version: 18
-      - name: Install dependencies
+      - name: Install web dependencies
-        run: yarn && yarn lerna bootstrap
+        run: yarn
+        working-directory: ./packages/web
+      - name: Install backend dependencies
+        run: yarn
+        working-directory: ./packages/backend
+      - name: Install e2e-tests dependencies
+        run: yarn
+        working-directory: ./packages/e2e-tests
       - name: Install Playwright Browsers
         run: yarn playwright install --with-deps
+        working-directory: ./packages/e2e-tests
       - name: Build Automatisch web
-        working-directory: ./packages/web
         run: yarn build
+        working-directory: ./packages/web
         env:
           # Keep this until we clean up warnings in build processes
           CI: false

.gitignore

@@ -4,7 +4,6 @@ logs
 npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
-lerna-debug.log*
 .pnpm-debug.log*
 
 # Diagnostic reports (https://nodejs.org/api/report.html)

docker/Dockerfile

@@ -11,10 +11,12 @@ WORKDIR /automatisch
 # copy the app, note .dockerignore
 COPY . /automatisch
 
-RUN yarn
+RUN cd packages/web && yarn
 
 RUN cd packages/web && yarn build
 
+RUN cd packages/backend && yarn --production
+
 RUN \
   rm -rf /usr/local/share/.cache/ && \
   apk del build-dependencies

lerna.json

@@ -1,13 +0,0 @@
-{
-  "packages": [
-    "packages/*"
-  ],
-  "version": "0.10.0",
-  "npmClient": "yarn",
-  "useWorkspaces": true,
-  "command": {
-    "add": {
-      "exact": true
-    }
-  }
-}

package.json

@@ -1,32 +0,0 @@
-{
-  "name": "@automatisch/root",
-  "license": "See LICENSE file",
-  "private": true,
-  "scripts": {
-    "start": "lerna run --stream --parallel --scope=@*/{web,backend} dev",
-    "start:web": "lerna run --stream --scope=@*/web dev",
-    "start:backend": "lerna run --stream --scope=@*/backend dev",
-    "build:docs": "cd ./packages/docs && yarn install && yarn build"
-  },
-  "workspaces": {
-    "packages": [
-      "packages/*"
-    ],
-    "nohoist": [
-      "**/babel-loader",
-      "**/webpack",
-      "**/@automatisch/web",
-      "**/ajv"
-    ]
-  },
-  "devDependencies": {
-    "eslint": "^8.13.0",
-    "eslint-config-prettier": "^8.3.0",
-    "eslint-plugin-prettier": "^4.0.0",
-    "lerna": "^4.0.0",
-    "prettier": "^2.5.1"
-  },
-  "publishConfig": {
-    "access": "public"
-  }
-}

packages/backend/package.json

@@ -12,6 +12,7 @@
     "pretest": "APP_ENV=test node ./test/setup/prepare-test-env.js",
     "test": "APP_ENV=test vitest run",
     "test:watch": "APP_ENV=test vitest watch",
+    "test:coverage": "yarn test --coverage",
     "lint": "eslint .",
     "db:create": "node ./bin/database/create.js",
     "db:seed:user": "node ./bin/database/seed-user.js",
@@ -23,6 +24,7 @@
   "dependencies": {
     "@bull-board/express": "^3.10.1",
     "@casl/ability": "^6.5.0",
+    "@faker-js/faker": "^9.2.0",
     "@node-saml/passport-saml": "^4.0.4",
     "@rudderstack/rudder-sdk-node": "^1.1.2",
     "@sentry/node": "^7.42.0",
@@ -36,6 +38,9 @@
     "crypto-js": "^4.1.1",
     "debug": "~2.6.9",
     "dotenv": "^10.0.0",
+    "eslint": "^8.13.0",
+    "eslint-config-prettier": "^8.3.0",
+    "eslint-plugin-prettier": "^4.0.0",
     "express": "~4.18.2",
     "express-async-errors": "^3.1.1",
     "express-basic-auth": "^1.2.1",
@@ -61,6 +66,7 @@
     "pg": "^8.7.1",
     "php-serialize": "^4.0.2",
     "pluralize": "^8.0.0",
+    "prettier": "^2.5.1",
     "raw-body": "^2.5.2",
     "showdown": "^2.1.0",
     "uuid": "^9.0.1",
@@ -92,10 +98,11 @@
     "url": "https://github.com/automatisch/automatisch/issues"
   },
   "devDependencies": {
+    "@vitest/coverage-v8": "^2.1.5",
     "node-gyp": "^10.1.0",
     "nodemon": "^2.0.13",
     "supertest": "^6.3.3",
-    "vitest": "^1.1.3"
+    "vitest": "^2.1.5"
   },
   "publishConfig": {
     "access": "public"

packages/backend/src/apps/wordpress/auth/index.js

@@ -8,7 +8,7 @@ export default {
       key: 'instanceUrl',
       label: 'WordPress instance URL',
       type: 'string',
-      required: false,
+      required: true,
       readOnly: false,
       value: null,
       placeholder: null,

packages/backend/src/config/app.js

@@ -52,7 +52,7 @@ const appConfig = {
   isDev: appEnv === 'development',
   isTest: appEnv === 'test',
   isProd: appEnv === 'production',
-  version: '0.13.1',
+  version: '0.14.0',
   postgresDatabase: process.env.POSTGRES_DATABASE || 'automatisch_development',
   postgresSchema: process.env.POSTGRES_SCHEMA || 'public',
   postgresPort: parseInt(process.env.POSTGRES_PORT || '5432'),

packages/backend/src/controllers/api/v1/access-tokens/create-access-token.test.js

@@ -32,7 +32,7 @@ describe('POST /api/v1/access-tokens', () => {
       })
       .expect(422);
 
-    expect(response.body.errors.general).toEqual([
+    expect(response.body.errors.general).toStrictEqual([
       'Incorrect email or password.',
     ]);
   });

packages/backend/src/controllers/api/v1/admin/apps/create-auth-client.ee.test.js

@@ -83,7 +83,7 @@ describe('POST /api/v1/admin/apps/:appKey/auth-clients', () => {
       .send(appAuthClient)
       .expect(422);
 
-    expect(response.body.meta.type).toEqual('ModelValidation');
+    expect(response.body.meta.type).toStrictEqual('ModelValidation');
     expect(response.body.errors).toMatchObject({
       name: ["must have required property 'name'"],
       formattedAuthDefaults: [

packages/backend/src/controllers/api/v1/admin/apps/create-config.ee.js

@@ -10,12 +10,11 @@ export default async (request, response) => {
 };
 
 const appConfigParams = (request) => {
-  const { allowCustomConnection, shared, disabled } = request.body;
+  const { useOnlyPredefinedAuthClients, disabled } = request.body;
 
   return {
     key: request.params.appKey,
-    allowCustomConnection,
+    useOnlyPredefinedAuthClients,
-    shared,
     disabled,
   };
 };

packages/backend/src/controllers/api/v1/admin/apps/create-config.ee.test.js

@@ -23,8 +23,7 @@ describe('POST /api/v1/admin/apps/:appKey/config', () => {
 
   it('should return created app config', async () => {
     const appConfig = {
-      allowCustomConnection: true,
+      useOnlyPredefinedAuthClients: false,
-      shared: true,
       disabled: false,
     };
 
@@ -38,14 +37,14 @@ describe('POST /api/v1/admin/apps/:appKey/config', () => {
       ...appConfig,
       key: 'gitlab',
     });
+
     expect(response.body).toMatchObject(expectedPayload);
   });
 
   it('should return HTTP 422 for already existing app config', async () => {
     const appConfig = {
       key: 'gitlab',
-      allowCustomConnection: true,
+      useOnlyPredefinedAuthClients: false,
-      shared: true,
       disabled: false,
     };
 
@@ -59,7 +58,7 @@ describe('POST /api/v1/admin/apps/:appKey/config', () => {
       })
       .expect(422);
 
-    expect(response.body.meta.type).toEqual('UniqueViolationError');
+    expect(response.body.meta.type).toStrictEqual('UniqueViolationError');
     expect(response.body.errors).toMatchObject({
       key: ["'key' must be unique."],
     });

packages/backend/src/controllers/api/v1/admin/apps/get-auth-client.ee.test.js

@@ -32,7 +32,7 @@ describe('GET /api/v1/admin/apps/:appKey/auth-clients/:appAuthClientId', () => {
       .expect(200);
 
     const expectedPayload = getAppAuthClientMock(currentAppAuthClient);
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 
   it('should return not found response for not existing app auth client ID', async () => {

packages/backend/src/controllers/api/v1/admin/apps/get-auth-clients.ee.test.js

@@ -39,6 +39,6 @@ describe('GET /api/v1/admin/apps/:appKey/auth-clients', () => {
       appAuthClientOne,
     ]);
 
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 });

packages/backend/src/controllers/api/v1/admin/apps/update-config.ee.js

@@ -8,17 +8,19 @@ export default async (request, response) => {
     })
     .throwIfNotFound();
 
-  await appConfig.$query().patchAndFetch(appConfigParams(request));
+  await appConfig.$query().patchAndFetch({
+    ...appConfigParams(request),
+    key: request.params.appKey,
+  });
 
   renderObject(response, appConfig);
 };
 
 const appConfigParams = (request) => {
-  const { allowCustomConnection, shared, disabled } = request.body;
+  const { useOnlyPredefinedAuthClients, disabled } = request.body;
 
   return {
-    allowCustomConnection,
+    useOnlyPredefinedAuthClients,
-    shared,
     disabled,
   };
 };

packages/backend/src/controllers/api/v1/admin/apps/update-config.ee.test.js

@@ -24,17 +24,15 @@ describe('PATCH /api/v1/admin/apps/:appKey/config', () => {
   it('should return updated app config', async () => {
     const appConfig = {
       key: 'gitlab',
-      allowCustomConnection: true,
+      useOnlyPredefinedAuthClients: true,
-      shared: true,
       disabled: false,
     };
 
     await createAppConfig(appConfig);
 
     const newAppConfigValues = {
-      shared: false,
       disabled: true,
-      allowCustomConnection: false,
+      useOnlyPredefinedAuthClients: false,
     };
 
     const response = await request(app)
@@ -53,9 +51,8 @@ describe('PATCH /api/v1/admin/apps/:appKey/config', () => {
 
   it('should return not found response for unexisting app config', async () => {
     const appConfig = {
-      shared: false,
       disabled: true,
-      allowCustomConnection: false,
+      useOnlyPredefinedAuthClients: false,
     };
 
     await request(app)
@@ -68,8 +65,7 @@ describe('PATCH /api/v1/admin/apps/:appKey/config', () => {
   it('should return HTTP 422 for invalid app config data', async () => {
     const appConfig = {
       key: 'gitlab',
-      allowCustomConnection: true,
+      useOnlyPredefinedAuthClients: true,
-      shared: true,
       disabled: false,
     };
 
@@ -83,7 +79,7 @@ describe('PATCH /api/v1/admin/apps/:appKey/config', () => {
       })
       .expect(422);
 
-    expect(response.body.meta.type).toEqual('ModelValidation');
+    expect(response.body.meta.type).toStrictEqual('ModelValidation');
     expect(response.body.errors).toMatchObject({
       disabled: ['must be boolean'],
     });

packages/backend/src/controllers/api/v1/admin/config/update.ee.test.js

@@ -50,8 +50,8 @@ describe('PATCH /api/v1/admin/config', () => {
       .send(newConfigValues)
       .expect(200);
 
-    expect(response.body.data.title).toEqual(newTitle);
+    expect(response.body.data.title).toStrictEqual(newTitle);
-    expect(response.body.meta.type).toEqual('Config');
+    expect(response.body.meta.type).toStrictEqual('Config');
   });
 
   it('should return created config for unexisting config', async () => {
@@ -67,8 +67,8 @@ describe('PATCH /api/v1/admin/config', () => {
       .send(newConfigValues)
       .expect(200);
 
-    expect(response.body.data.title).toEqual(newTitle);
+    expect(response.body.data.title).toStrictEqual(newTitle);
-    expect(response.body.meta.type).toEqual('Config');
+    expect(response.body.meta.type).toStrictEqual('Config');
   });
 
   it('should return null for deleted config entry', async () => {
@@ -83,6 +83,6 @@ describe('PATCH /api/v1/admin/config', () => {
       .expect(200);
 
     expect(response.body.data.title).toBeNull();
-    expect(response.body.meta.type).toEqual('Config');
+    expect(response.body.meta.type).toStrictEqual('Config');
   });
 });

packages/backend/src/controllers/api/v1/admin/permissions/get-permissions-catalog.ee.test.js

@@ -27,6 +27,6 @@ describe('GET /api/v1/admin/permissions/catalog', () => {
 
     const expectedPayload = await getPermissionsCatalogMock();
 
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 });

packages/backend/src/controllers/api/v1/admin/roles/create-role.ee.test.js

@@ -58,7 +58,7 @@ describe('POST /api/v1/admin/roles', () => {
       ]
     );
 
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 
   it('should return unprocessable entity response for invalid role data', async () => {

packages/backend/src/controllers/api/v1/admin/roles/delete-role.ee.test.js

@@ -92,21 +92,4 @@ describe('DELETE /api/v1/admin/roles/:roleId', () => {
       },
     });
   });
-
-  it('should not delete role and permissions on unsuccessful response', async () => {
-    const role = await createRole();
-    const permission = await createPermission({ roleId: role.id });
-    await createUser({ roleId: role.id });
-
-    await request(app)
-      .delete(`/api/v1/admin/roles/${role.id}`)
-      .set('Authorization', token)
-      .expect(422);
-
-    const refetchedRole = await role.$query();
-    const refetchedPermission = await permission.$query();
-
-    expect(refetchedRole).toStrictEqual(role);
-    expect(refetchedPermission).toStrictEqual(permission);
-  });
 });

packages/backend/src/controllers/api/v1/admin/roles/get-role.ee.test.js

@@ -34,7 +34,7 @@ describe('GET /api/v1/admin/roles/:roleId', () => {
       permissionTwo,
     ]);
 
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 
   it('should return not found response for not existing role UUID', async () => {

packages/backend/src/controllers/api/v1/admin/roles/get-roles.ee.test.js

@@ -28,6 +28,6 @@ describe('GET /api/v1/admin/roles', () => {
 
     const expectedPayload = await getRolesMock([roleOne, roleTwo]);
 
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 });

packages/backend/src/controllers/api/v1/admin/saml-auth-providers/get-role-mappings.ee.js

@@ -7,7 +7,7 @@ export default async (request, response) => {
     .throwIfNotFound();
 
   const roleMappings = await samlAuthProvider
-    .$relatedQuery('samlAuthProvidersRoleMappings')
+    .$relatedQuery('roleMappings')
     .orderBy('remote_role_name', 'asc');
 
   renderObject(response, roleMappings);

packages/backend/src/controllers/api/v1/admin/saml-auth-providers/get-role-mappings.ee.test.js

@@ -46,6 +46,6 @@ describe('GET /api/v1/admin/saml-auth-providers/:samlAuthProviderId/role-mapping
       roleMappingTwo,
     ]);
 
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 });

packages/backend/src/controllers/api/v1/admin/saml-auth-providers/get-saml-auth-provider.ee.test.js

@@ -30,7 +30,7 @@ describe('GET /api/v1/admin/saml-auth-provider/:samlAuthProviderId', () => {
 
     const expectedPayload = await getSamlAuthProviderMock(samlAuthProvider);
 
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 
   it('should return not found response for not existing saml auth provider UUID', async () => {

packages/backend/src/controllers/api/v1/admin/saml-auth-providers/get-saml-auth-providers.ee.test.js

@@ -34,6 +34,6 @@ describe('GET /api/v1/admin/saml-auth-providers', () => {
       samlAuthProviderOne,
     ]);
 
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 });

packages/backend/src/controllers/api/v1/admin/saml-auth-providers/update-role-mappings.ee.js

@@ -8,15 +8,14 @@ export default async (request, response) => {
     .findById(samlAuthProviderId)
     .throwIfNotFound();
 
-  const samlAuthProvidersRoleMappings =
+  const roleMappings = await samlAuthProvider.updateRoleMappings(
-    await samlAuthProvider.updateRoleMappings(
+    roleMappingsParams(request)
-      samlAuthProvidersRoleMappingsParams(request)
+  );
-    );
 
-  renderObject(response, samlAuthProvidersRoleMappings);
+  renderObject(response, roleMappings);
 };
 
-const samlAuthProvidersRoleMappingsParams = (request) => {
+const roleMappingsParams = (request) => {
   const roleMappings = request.body;
 
   return roleMappings.map(({ roleId, remoteRoleName }) => ({

packages/backend/src/controllers/api/v1/admin/saml-auth-providers/update-role-mappings.ee.test.js

@@ -6,7 +6,7 @@ import createAuthTokenByUserId from '../../../../../helpers/create-auth-token-by
 import { createRole } from '../../../../../../test/factories/role.js';
 import { createUser } from '../../../../../../test/factories/user.js';
 import { createSamlAuthProvider } from '../../../../../../test/factories/saml-auth-provider.ee.js';
-import { createSamlAuthProvidersRoleMapping } from '../../../../../../test/factories/saml-auth-providers-role-mapping.js';
+import { createRoleMapping } from '../../../../../../test/factories/role-mapping.js';
 import createRoleMappingsMock from '../../../../../../test/mocks/rest/api/v1/admin/saml-auth-providers/update-role-mappings.ee.js';
 import * as license from '../../../../../helpers/license.ee.js';
 
@@ -21,12 +21,12 @@ describe('PATCH /api/v1/admin/saml-auth-providers/:samlAuthProviderId/role-mappi
 
     samlAuthProvider = await createSamlAuthProvider();
 
-    await createSamlAuthProvidersRoleMapping({
+    await createRoleMapping({
       samlAuthProviderId: samlAuthProvider.id,
       remoteRoleName: 'Viewer',
     });
 
-    await createSamlAuthProvidersRoleMapping({
+    await createRoleMapping({
       samlAuthProviderId: samlAuthProvider.id,
       remoteRoleName: 'Editor',
     });
@@ -64,7 +64,7 @@ describe('PATCH /api/v1/admin/saml-auth-providers/:samlAuthProviderId/role-mappi
 
   it('should delete role mappings when given empty role mappings', async () => {
     const existingRoleMappings = await samlAuthProvider.$relatedQuery(
-      'samlAuthProvidersRoleMappings'
+      'roleMappings'
     );
 
     expect(existingRoleMappings.length).toBe(2);
@@ -149,34 +149,4 @@ describe('PATCH /api/v1/admin/saml-auth-providers/:samlAuthProviderId/role-mappi
       .send(roleMappings)
       .expect(404);
   });
-
-  it('should not delete existing role mapping when error thrown', async () => {
-    const roleMappings = [
-      {
-        roleId: userRole.id,
-        remoteRoleName: {
-          invalid: 'data',
-        },
-      },
-    ];
-
-    const roleMappingsBeforeRequest = await samlAuthProvider.$relatedQuery(
-      'samlAuthProvidersRoleMappings'
-    );
-
-    await request(app)
-      .patch(
-        `/api/v1/admin/saml-auth-providers/${samlAuthProvider.id}/role-mappings`
-      )
-      .set('Authorization', token)
-      .send(roleMappings)
-      .expect(422);
-
-    const roleMappingsAfterRequest = await samlAuthProvider.$relatedQuery(
-      'samlAuthProvidersRoleMappings'
-    );
-
-    expect(roleMappingsBeforeRequest).toStrictEqual(roleMappingsAfterRequest);
-    expect(roleMappingsAfterRequest.length).toBe(2);
-  });
 });

packages/backend/src/controllers/api/v1/admin/users/get-user.ee.test.js

@@ -30,7 +30,7 @@ describe('GET /api/v1/admin/users/:userId', () => {
       .expect(200);
 
     const expectedPayload = getUserMock(anotherUser, anotherUserRole);
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 
   it('should return not found response for not existing user UUID', async () => {

packages/backend/src/controllers/api/v1/admin/users/get-users.ee.test.js

@@ -40,6 +40,6 @@ describe('GET /api/v1/admin/users', () => {
       [anotherUserRole, currentUserRole]
     );
 
-    expect(response.body).toEqual(expectedResponsePayload);
+    expect(response.body).toStrictEqual(expectedResponsePayload);
   });
 });

packages/backend/src/controllers/api/v1/admin/users/update-user.ee.test.js

@@ -61,7 +61,8 @@ describe('PATCH /api/v1/admin/users/:userId', () => {
       .send(anotherUserUpdatedData)
       .expect(422);
 
-    expect(response.body.meta.type).toEqual('ModelValidation');
+    expect(response.body.meta.type).toStrictEqual('ModelValidation');
+
     expect(response.body.errors).toMatchObject({
       email: ['must be string'],
       fullName: ['must be string'],

packages/backend/src/controllers/api/v1/apps/create-connection.test.js

@@ -155,7 +155,7 @@ describe('POST /api/v1/apps/:appKey/connections', () => {
       await createAppConfig({
         key: 'gitlab',
         disabled: false,
-        allowCustomConnection: true,
+        useOnlyPredefinedAuthClients: false,
       });
     });
 
@@ -218,7 +218,7 @@ describe('POST /api/v1/apps/:appKey/connections', () => {
       await createAppConfig({
         key: 'gitlab',
         disabled: false,
-        allowCustomConnection: false,
+        useOnlyPredefinedAuthClients: true,
       });
     });
 
@@ -266,14 +266,14 @@ describe('POST /api/v1/apps/:appKey/connections', () => {
     });
   });
 
-  describe('with auth clients enabled', async () => {
+  describe('with auth client enabled', async () => {
     let appAuthClient;
 
     beforeEach(async () => {
       await createAppConfig({
         key: 'gitlab',
         disabled: false,
-        shared: true,
+        useOnlyPredefinedAuthClients: false,
       });
 
       appAuthClient = await createAppAuthClient({
@@ -310,19 +310,6 @@ describe('POST /api/v1/apps/:appKey/connections', () => {
       expect(response.body).toStrictEqual(expectedPayload);
     });
 
-    it('should return not authorized response for appAuthClientId and formattedData together', async () => {
-      const connectionData = {
-        appAuthClientId: appAuthClient.id,
-        formattedData: {},
-      };
-
-      await request(app)
-        .post('/api/v1/apps/gitlab/connections')
-        .set('Authorization', token)
-        .send(connectionData)
-        .expect(403);
-    });
-
     it('should return not found response for invalid app key', async () => {
       await request(app)
         .post('/api/v1/apps/invalid-app-key/connections')
@@ -349,18 +336,20 @@ describe('POST /api/v1/apps/:appKey/connections', () => {
       });
     });
   });
-  describe('with auth clients disabled', async () => {
+
+  describe('with auth client disabled', async () => {
     let appAuthClient;
 
     beforeEach(async () => {
       await createAppConfig({
         key: 'gitlab',
         disabled: false,
-        shared: false,
+        useOnlyPredefinedAuthClients: false,
       });
 
       appAuthClient = await createAppAuthClient({
         appKey: 'gitlab',
+        active: false,
       });
     });
 
@@ -373,7 +362,7 @@ describe('POST /api/v1/apps/:appKey/connections', () => {
         .post('/api/v1/apps/gitlab/connections')
         .set('Authorization', token)
         .send(connectionData)
-        .expect(403);
+        .expect(404);
     });
 
     it('should return not found response for invalid app key', async () => {

packages/backend/src/controllers/api/v1/apps/get-action-substeps.test.js

@@ -29,7 +29,7 @@ describe('GET /api/v1/apps/:appKey/actions/:actionKey/substeps', () => {
       .expect(200);
 
     const expectedPayload = getActionSubstepsMock(exampleAction.substeps);
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 
   it('should return not found response for invalid app key', async () => {
@@ -47,6 +47,6 @@ describe('GET /api/v1/apps/:appKey/actions/:actionKey/substeps', () => {
       .set('Authorization', token)
       .expect(200);
 
-    expect(response.body.data).toEqual([]);
+    expect(response.body.data).toStrictEqual([]);
   });
 });

packages/backend/src/controllers/api/v1/apps/get-actions.test.js

@@ -23,7 +23,7 @@ describe('GET /api/v1/apps/:appKey/actions', () => {
       .expect(200);
 
     const expectedPayload = getActionsMock(exampleApp.actions);
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 
   it('should return not found response for invalid app key', async () => {

packages/backend/src/controllers/api/v1/apps/get-app.test.js

@@ -23,7 +23,7 @@ describe('GET /api/v1/apps/:appKey', () => {
       .expect(200);
 
     const expectedPayload = getAppMock(exampleApp);
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 
   it('should return not found response for invalid app key', async () => {

packages/backend/src/controllers/api/v1/apps/get-apps.test.js

@@ -22,7 +22,7 @@ describe('GET /api/v1/apps', () => {
       .expect(200);
 
     const expectedPayload = getAppsMock(apps);
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 
   it('should return all apps filtered by name', async () => {
@@ -34,7 +34,7 @@ describe('GET /api/v1/apps', () => {
       .expect(200);
 
     const expectedPayload = getAppsMock(appsWithNameGit);
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 
   it('should return only the apps with triggers', async () => {
@@ -46,7 +46,7 @@ describe('GET /api/v1/apps', () => {
       .expect(200);
 
     const expectedPayload = getAppsMock(appsWithTriggers);
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 
   it('should return only the apps with actions', async () => {
@@ -58,6 +58,6 @@ describe('GET /api/v1/apps', () => {
       .expect(200);
 
     const expectedPayload = getAppsMock(appsWithActions);
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 });

packages/backend/src/controllers/api/v1/apps/get-auth-client.ee.test.js

@@ -29,7 +29,7 @@ describe('GET /api/v1/apps/:appKey/auth-clients/:appAuthClientId', () => {
       .expect(200);
 
     const expectedPayload = getAppAuthClientMock(currentAppAuthClient);
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 
   it('should return not found response for not existing app auth client ID', async () => {

packages/backend/src/controllers/api/v1/apps/get-auth-clients.ee.test.js

@@ -37,6 +37,6 @@ describe('GET /api/v1/apps/:appKey/auth-clients', () => {
       appAuthClientOne,
     ]);
 
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 });

packages/backend/src/controllers/api/v1/apps/get-auth.test.js

@@ -23,7 +23,7 @@ describe('GET /api/v1/apps/:appKey/auth', () => {
       .expect(200);
 
     const expectedPayload = getAuthMock(exampleApp.auth);
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 
   it('should return not found response for invalid app key', async () => {

packages/backend/src/controllers/api/v1/apps/get-config.ee.test.js

@@ -17,8 +17,7 @@ describe('GET /api/v1/apps/:appKey/config', () => {
 
     appConfig = await createAppConfig({
       key: 'deepl',
-      allowCustomConnection: true,
+      useOnlyPredefinedAuthClients: false,
-      shared: true,
       disabled: false,
     });
 
@@ -32,7 +31,7 @@ describe('GET /api/v1/apps/:appKey/config', () => {
       .expect(200);
 
     const expectedPayload = getAppConfigMock(appConfig);
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 
   it('should return not found response for not existing app key', async () => {

packages/backend/src/controllers/api/v1/apps/get-connections.test.js

@@ -47,7 +47,7 @@ describe('GET /api/v1/apps/:appKey/connections', () => {
       currentUserConnectionOne,
     ]);
 
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 
   it('should return the connections data of specified app for another user', async () => {
@@ -82,19 +82,19 @@ describe('GET /api/v1/apps/:appKey/connections', () => {
       anotherUserConnectionOne,
     ]);
 
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 
   it('should return not found response for invalid connection UUID', async () => {
     await createPermission({
-      action: 'update',
+      action: 'read',
       subject: 'Connection',
       roleId: currentUserRole.id,
       conditions: ['isCreator'],
     });
 
     await request(app)
-      .get('/api/v1/connections/invalid-connection-id/connections')
+      .get('/api/v1/apps/invalid-connection-id/connections')
       .set('Authorization', token)
       .expect(404);
   });

packages/backend/src/controllers/api/v1/apps/get-flows.test.js

@@ -62,7 +62,7 @@ describe('GET /api/v1/apps/:appKey/flows', () => {
       [triggerStepFlowOne, actionStepFlowOne]
     );
 
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 
   it('should return the flows data of specified app for another user', async () => {
@@ -110,7 +110,7 @@ describe('GET /api/v1/apps/:appKey/flows', () => {
       [triggerStepFlowOne, actionStepFlowOne]
     );
 
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 
   it('should return not found response for invalid app key', async () => {

packages/backend/src/controllers/api/v1/apps/get-trigger-substeps.test.js

@@ -29,7 +29,7 @@ describe('GET /api/v1/apps/:appKey/triggers/:triggerKey/substeps', () => {
       .expect(200);
 
     const expectedPayload = getTriggerSubstepsMock(exampleTrigger.substeps);
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 
   it('should return not found response for invalid app key', async () => {
@@ -47,6 +47,6 @@ describe('GET /api/v1/apps/:appKey/triggers/:triggerKey/substeps', () => {
       .set('Authorization', token)
       .expect(200);
 
-    expect(response.body.data).toEqual([]);
+    expect(response.body.data).toStrictEqual([]);
   });
 });

packages/backend/src/controllers/api/v1/apps/get-triggers.test.js

@@ -23,7 +23,7 @@ describe('GET /api/v1/apps/:appKey/triggers', () => {
       .expect(200);
 
     const expectedPayload = getTriggersMock(exampleApp.triggers);
-    expect(response.body).toEqual(expectedPayload);
+    expect(expectedPayload).toMatchObject(response.body);
   });
 
   it('should return not found response for invalid app key', async () => {

packages/backend/src/controllers/api/v1/automatisch/info.test.js

@@ -20,6 +20,6 @@ describe('GET /api/v1/automatisch/info', () => {
 
     const expectedPayload = infoMock();
 
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 });

packages/backend/src/controllers/api/v1/automatisch/license.test.js

@@ -18,6 +18,6 @@ describe('GET /api/v1/automatisch/license', () => {
 
     const expectedPayload = licenseMock();
 
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 });

packages/backend/src/controllers/api/v1/automatisch/version.test.js

@@ -10,7 +10,7 @@ describe('GET /api/v1/automatisch/version', () => {
 
     const expectedPayload = {
       data: {
-        version: '0.13.1',
+        version: '0.14.0',
       },
       meta: {
         count: 1,
@@ -21,6 +21,6 @@ describe('GET /api/v1/automatisch/version', () => {
       },
     };
 
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 });

packages/backend/src/controllers/api/v1/connections/get-flows.test.js

@@ -69,7 +69,7 @@ describe('GET /api/v1/connections/:connectionId/flows', () => {
       [triggerStepFlowOne, actionStepFlowOne]
     );
 
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 
   it('should return the flows data of specified connection for another user', async () => {
@@ -123,6 +123,6 @@ describe('GET /api/v1/connections/:connectionId/flows', () => {
       [triggerStepFlowOne, actionStepFlowOne]
     );
 
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 });

packages/backend/src/controllers/api/v1/connections/reset-connection.test.js

@@ -47,7 +47,6 @@ describe('POST /api/v1/connections/:connectionId/reset', () => {
 
     const expectedPayload = resetConnectionMock({
       ...refetchedCurrentUserConnection,
-      reconnectable: refetchedCurrentUserConnection.reconnectable,
       formattedData: {
         screenName: 'Connection name',
       },

packages/backend/src/controllers/api/v1/connections/test-connection.test.js

@@ -43,7 +43,7 @@ describe('POST /api/v1/connections/:connectionId/test', () => {
       .set('Authorization', token)
       .expect(200);
 
-    expect(response.body.data.verified).toEqual(false);
+    expect(response.body.data.verified).toStrictEqual(false);
   });
 
   it('should update the connection as not verified for another user', async () => {
@@ -74,7 +74,7 @@ describe('POST /api/v1/connections/:connectionId/test', () => {
       .set('Authorization', token)
       .expect(200);
 
-    expect(response.body.data.verified).toEqual(false);
+    expect(response.body.data.verified).toStrictEqual(false);
   });
 
   it('should return not found response for not existing connection UUID', async () => {

packages/backend/src/controllers/api/v1/connections/update-connection.js

@@ -8,7 +8,7 @@ export default async (request, response) => {
     })
     .throwIfNotFound();
 
-  connection = await connection.update(connectionParams(request));
+  connection = await connection.updateFormattedData(connectionParams(request));
 
   renderObject(response, connection);
 };

packages/backend/src/controllers/api/v1/connections/update-connection.test.js

@@ -55,10 +55,9 @@ describe('PATCH /api/v1/connections/:connectionId', () => {
 
     const refetchedCurrentUserConnection = await currentUserConnection.$query();
 
-    const expectedPayload = updateConnectionMock({
+    const expectedPayload = updateConnectionMock(
-      ...refetchedCurrentUserConnection,
+      refetchedCurrentUserConnection
-      reconnectable: refetchedCurrentUserConnection.reconnectable,
+    );
-    });
 
     expect(response.body).toStrictEqual(expectedPayload);
   });

packages/backend/src/controllers/api/v1/connections/verify-connection.test.js

@@ -47,7 +47,7 @@ describe('POST /api/v1/connections/:connectionId/verify', () => {
       .set('Authorization', token)
       .expect(200);
 
-    expect(response.body.data.verified).toEqual(true);
+    expect(response.body.data.verified).toStrictEqual(true);
   });
 
   it('should return not found response for not existing connection UUID', async () => {

packages/backend/src/controllers/api/v1/executions/get-execution-steps.test.js

@@ -69,7 +69,7 @@ describe('GET /api/v1/executions/:executionId/execution-steps', () => {
       [stepOne, stepTwo]
     );
 
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 
   it('should return the execution steps of another user execution', async () => {
@@ -118,7 +118,7 @@ describe('GET /api/v1/executions/:executionId/execution-steps', () => {
       [stepOne, stepTwo]
     );
 
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 
   it('should return not found response for not existing execution step UUID', async () => {

packages/backend/src/controllers/api/v1/executions/get-execution.test.js

@@ -57,7 +57,7 @@ describe('GET /api/v1/executions/:executionId', () => {
       [stepOne, stepTwo]
     );
 
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 
   it('should return the execution data of another user', async () => {
@@ -99,7 +99,7 @@ describe('GET /api/v1/executions/:executionId', () => {
       [stepOne, stepTwo]
     );
 
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 
   it('should return not found response for not existing execution UUID', async () => {

packages/backend/src/controllers/api/v1/executions/get-executions.test.js

@@ -66,7 +66,7 @@ describe('GET /api/v1/executions', () => {
       [stepOne, stepTwo]
     );
 
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 
   it('should return the executions of another user', async () => {
@@ -114,6 +114,6 @@ describe('GET /api/v1/executions', () => {
       [stepOne, stepTwo]
     );
 
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 });

packages/backend/src/controllers/api/v1/flows/create-flow.js

@@ -1,11 +1,11 @@
 import { renderObject } from '../../../../helpers/renderer.js';
 
 export default async (request, response) => {
-  let flow = await request.currentUser.$relatedQuery('flows').insert({
+  const flow = await request.currentUser.$relatedQuery('flows').insertAndFetch({
     name: 'Name your flow',
   });
 
-  flow = await flow.createInitialSteps();
+  await flow.createInitialSteps();
 
   renderObject(response, flow, { status: 201 });
 };

packages/backend/src/controllers/api/v1/flows/create-step.js

@@ -6,7 +6,7 @@ export default async (request, response) => {
     .findById(request.params.flowId)
     .throwIfNotFound();
 
-  const createdActionStep = await flow.createActionStep(
+  const createdActionStep = await flow.createStepAfter(
     request.body.previousStepId
   );
 

packages/backend/src/controllers/api/v1/flows/get-flow.test.js

@@ -41,7 +41,7 @@ describe('GET /api/v1/flows/:flowId', () => {
       actionStep,
     ]);
 
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 
   it('should return the flow data of another user', async () => {
@@ -67,7 +67,7 @@ describe('GET /api/v1/flows/:flowId', () => {
       actionStep,
     ]);
 
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 
   it('should return not found response for not existing flow UUID', async () => {

packages/backend/src/controllers/api/v1/flows/get-flows.test.js

@@ -63,7 +63,7 @@ describe('GET /api/v1/flows', () => {
       ]
     );
 
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 
   it('should return the flows data of another user', async () => {
@@ -113,6 +113,6 @@ describe('GET /api/v1/flows', () => {
       ]
     );
 
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 });

packages/backend/src/controllers/api/v1/installation/users/create-user.test.js

@@ -53,7 +53,7 @@ describe('POST /api/v1/installation/users', () => {
 
       const usersCountAfter = await User.query().resultSize();
 
-      expect(usersCountBefore).toEqual(usersCountAfter);
+      expect(usersCountBefore).toStrictEqual(usersCountAfter);
     });
   });
 

packages/backend/src/controllers/api/v1/payment/get-paddle-info.ee.test.js

@@ -28,6 +28,6 @@ describe('GET /api/v1/payment/paddle-info', () => {
 
     const expectedResponsePayload = await getPaddleInfoMock();
 
-    expect(response.body).toEqual(expectedResponsePayload);
+    expect(response.body).toStrictEqual(expectedResponsePayload);
   });
 });

packages/backend/src/controllers/api/v1/payment/get-plans.ee.test.js

@@ -24,6 +24,6 @@ describe('GET /api/v1/payment/plans', () => {
 
     const expectedResponsePayload = await getPaymentPlansMock();
 
-    expect(response.body).toEqual(expectedResponsePayload);
+    expect(response.body).toStrictEqual(expectedResponsePayload);
   });
 });

packages/backend/src/controllers/api/v1/saml-auth-providers/get-saml-auth-providers.ee.test.js

@@ -25,6 +25,6 @@ describe('GET /api/v1/saml-auth-providers', () => {
       samlAuthProviderOne,
     ]);
 
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 });

packages/backend/src/controllers/api/v1/steps/create-dynamic-data.test.js

@@ -78,7 +78,7 @@ describe('POST /api/v1/steps/:stepId/dynamic-data', () => {
         })
         .expect(200);
 
-      expect(response.body.data).toEqual(repositories);
+      expect(response.body.data).toStrictEqual(repositories);
     });
 
     it('of the another users step', async () => {
@@ -117,7 +117,7 @@ describe('POST /api/v1/steps/:stepId/dynamic-data', () => {
         })
         .expect(200);
 
-      expect(response.body.data).toEqual(repositories);
+      expect(response.body.data).toStrictEqual(repositories);
     });
   });
 
@@ -171,7 +171,7 @@ describe('POST /api/v1/steps/:stepId/dynamic-data', () => {
         })
         .expect(422);
 
-      expect(response.body.errors).toEqual(errors);
+      expect(response.body.errors).toStrictEqual(errors);
     });
   });
 
@@ -193,7 +193,7 @@ describe('POST /api/v1/steps/:stepId/dynamic-data', () => {
     const notExistingStepUUID = Crypto.randomUUID();
 
     await request(app)
-      .get(`/api/v1/steps/${notExistingStepUUID}/dynamic-data`)
+      .post(`/api/v1/steps/${notExistingStepUUID}/dynamic-data`)
       .set('Authorization', token)
       .expect(404);
   });
@@ -216,7 +216,7 @@ describe('POST /api/v1/steps/:stepId/dynamic-data', () => {
     const step = await createStep({ appKey: null });
 
     await request(app)
-      .get(`/api/v1/steps/${step.id}/dynamic-data`)
+      .post(`/api/v1/steps/${step.id}/dynamic-data`)
       .set('Authorization', token)
       .expect(404);
   });

packages/backend/src/controllers/api/v1/steps/create-dynamic-fields.test.js

@@ -56,7 +56,7 @@ describe('POST /api/v1/steps/:stepId/dynamic-fields', () => {
 
     const expectedPayload = await createDynamicFieldsMock();
 
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 
   it('should return dynamically created fields of the another users step', async () => {
@@ -97,7 +97,7 @@ describe('POST /api/v1/steps/:stepId/dynamic-fields', () => {
 
     const expectedPayload = await createDynamicFieldsMock();
 
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 
   it('should return not found response for not existing step UUID', async () => {
@@ -118,7 +118,7 @@ describe('POST /api/v1/steps/:stepId/dynamic-fields', () => {
     const notExistingStepUUID = Crypto.randomUUID();
 
     await request(app)
-      .get(`/api/v1/steps/${notExistingStepUUID}/dynamic-fields`)
+      .post(`/api/v1/steps/${notExistingStepUUID}/dynamic-fields`)
       .set('Authorization', token)
       .expect(404);
   });
@@ -138,10 +138,11 @@ describe('POST /api/v1/steps/:stepId/dynamic-fields', () => {
       conditions: [],
     });
 
-    const step = await createStep({ appKey: null });
+    const step = await createStep();
+    await step.$query().patch({ appKey: null });
 
     await request(app)
-      .get(`/api/v1/steps/${step.id}/dynamic-fields`)
+      .post(`/api/v1/steps/${step.id}/dynamic-fields`)
       .set('Authorization', token)
       .expect(404);
   });

packages/backend/src/controllers/api/v1/steps/get-connection.test.js

@@ -43,7 +43,7 @@ describe('GET /api/v1/steps/:stepId/connection', () => {
 
     const expectedPayload = await getConnectionMock(currentUserConnection);
 
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 
   it('should return the current user connection data of specified step', async () => {
@@ -70,7 +70,7 @@ describe('GET /api/v1/steps/:stepId/connection', () => {
 
     const expectedPayload = await getConnectionMock(anotherUserConnection);
 
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 
   it('should return not found response for not existing step without connection', async () => {

packages/backend/src/controllers/api/v1/steps/get-previous-steps.test.js

@@ -70,7 +70,7 @@ describe('GET /api/v1/steps/:stepId/previous-steps', () => {
       [executionStepOne, executionStepTwo]
     );
 
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 
   it('should return the previous steps of the specified step of another user', async () => {
@@ -124,7 +124,7 @@ describe('GET /api/v1/steps/:stepId/previous-steps', () => {
       [executionStepOne, executionStepTwo]
     );
 
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 
   it('should return not found response for not existing step UUID', async () => {

packages/backend/src/controllers/api/v1/users/get-apps.test.js

@@ -79,7 +79,7 @@ describe('GET /api/v1/users/:userId/apps', () => {
       .expect(200);
 
     const expectedPayload = getAppsMock();
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 
   it('should return all apps of the another user', async () => {
@@ -143,7 +143,7 @@ describe('GET /api/v1/users/:userId/apps', () => {
       .expect(200);
 
     const expectedPayload = getAppsMock();
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 
   it('should return specified app of the current user', async () => {
@@ -204,7 +204,7 @@ describe('GET /api/v1/users/:userId/apps', () => {
       .set('Authorization', token)
       .expect(200);
 
-    expect(response.body.data.length).toEqual(1);
+    expect(response.body.data.length).toStrictEqual(1);
-    expect(response.body.data[0].key).toEqual('deepl');
+    expect(response.body.data[0].key).toStrictEqual('deepl');
   });
 });

packages/backend/src/controllers/api/v1/users/get-current-user.test.js

@@ -39,6 +39,6 @@ describe('GET /api/v1/users/me', () => {
       permissionTwo,
     ]);
 
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 });

packages/backend/src/controllers/api/v1/users/get-invoices.ee.test.js

@@ -29,6 +29,6 @@ describe('GET /api/v1/user/invoices', () => {
 
     const expectedPayload = await getInvoicesMock(invoices);
 
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 });

packages/backend/src/controllers/api/v1/users/get-plan-and-usage.ee.test.js

@@ -36,7 +36,7 @@ describe('GET /api/v1/users/:userId/plan-and-usage', () => {
       },
     };
 
-    expect(response.body.data).toEqual(expectedResponseData);
+    expect(response.body.data).toStrictEqual(expectedResponseData);
   });
 
   it('should return current plan and usage data', async () => {
@@ -63,6 +63,6 @@ describe('GET /api/v1/users/:userId/plan-and-usage', () => {
       },
     };
 
-    expect(response.body.data).toEqual(expectedResponseData);
+    expect(response.body.data).toStrictEqual(expectedResponseData);
   });
 });

packages/backend/src/controllers/api/v1/users/get-subscription.ee.test.js

@@ -33,7 +33,7 @@ describe('GET /api/v1/users/:userId/subscription', () => {
 
     const expectedPayload = getSubscriptionMock(subscription);
 
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 
   it('should return not found response if there is no current subscription', async () => {

packages/backend/src/controllers/api/v1/users/get-user-trial.ee.test.js

@@ -32,7 +32,7 @@ describe('GET /api/v1/users/:userId/trial', () => {
         .expect(200);
 
       const expectedResponsePayload = await getUserTrialMock(user);
-      expect(response.body).toEqual(expectedResponsePayload);
+      expect(response.body).toStrictEqual(expectedResponsePayload);
     });
   });
 });

packages/backend/src/controllers/api/v1/users/update-current-user-password.test.js

@@ -43,7 +43,7 @@ describe('PATCH /api/v1/users/:userId/password', () => {
       .send(userData)
       .expect(422);
 
-    expect(response.body.meta.type).toEqual('ValidationError');
+    expect(response.body.meta.type).toStrictEqual('ValidationError');
     expect(response.body.errors).toMatchObject({
       currentPassword: ['is incorrect.'],
     });

packages/backend/src/controllers/api/v1/users/update-current-user.test.js

@@ -47,7 +47,8 @@ describe('PATCH /api/v1/users/:userId', () => {
       .send(userData)
       .expect(422);
 
-    expect(response.body.meta.type).toEqual('ModelValidation');
+    expect(response.body.meta.type).toStrictEqual('ModelValidation');
+
     expect(response.body.errors).toMatchObject({
       email: ['must be string'],
       fullName: ['must be string'],

packages/backend/src/db/migrations/20241002121145_add_connection_allowed_to_app_configs.js

@@ -0,0 +1,37 @@
+export async function up(knex) {
+  await knex.schema.alterTable('app_configs', (table) => {
+    table.boolean('connection_allowed').defaultTo(false);
+  });
+
+  const appConfigs = await knex('app_configs').select('*');
+
+  for (const appConfig of appConfigs) {
+    const appAuthClients = await knex('app_auth_clients').where(
+      'app_key',
+      appConfig.key
+    );
+
+    const hasSomeActiveAppAuthClients = !!appAuthClients?.some(
+      (appAuthClient) => appAuthClient.active
+    );
+    const shared = appConfig.shared;
+    const active = appConfig.disabled === false;
+
+    const connectionAllowedConditions = [
+      hasSomeActiveAppAuthClients,
+      shared,
+      active,
+    ];
+    const connectionAllowed = connectionAllowedConditions.every(Boolean);
+
+    await knex('app_configs')
+      .where('id', appConfig.id)
+      .update({ connection_allowed: connectionAllowed });
+  }
+}
+
+export async function down(knex) {
+  await knex.schema.alterTable('app_configs', (table) => {
+    table.dropColumn('connection_allowed');
+  });
+}

packages/backend/src/db/migrations/20241009094438_rename_allow_custom_connection_as_custom_connection_allowed_in_app_configs.js

@@ -0,0 +1,11 @@
+export async function up(knex) {
+  return knex.schema.alterTable('app_configs', (table) => {
+    table.renameColumn('allow_custom_connection', 'custom_connection_allowed');
+  });
+}
+
+export async function down(knex) {
+  return knex.schema.alterTable('app_configs', (table) => {
+    table.renameColumn('custom_connection_allowed', 'allow_custom_connection');
+  });
+}

packages/backend/src/db/migrations/20241024130418_make_key_primary_for_app_configs.js

@@ -0,0 +1,13 @@
+export async function up(knex) {
+  return knex.schema.alterTable('app_configs', function (table) {
+    table.dropPrimary();
+    table.primary('key');
+  });
+}
+
+export async function down(knex) {
+  return knex.schema.alterTable('app_configs', function (table) {
+    table.dropPrimary();
+    table.primary('id');
+  });
+}

packages/backend/src/db/migrations/20241024131158_remove_id_column_from_app_configs.js

@@ -0,0 +1,11 @@
+export async function up(knex) {
+  return knex.schema.alterTable('app_configs', function (table) {
+    table.dropColumn('id');
+  });
+}
+
+export async function down(knex) {
+  return knex.schema.alterTable('app_configs', function (table) {
+    table.uuid('id').defaultTo(knex.raw('gen_random_uuid()'));
+  });
+}

packages/backend/src/db/migrations/20241125141647_rename_saml_auth_providers_role_mappings_as_role_mappings.js

@@ -0,0 +1,52 @@
+export async function up(knex) {
+  await knex.schema.createTable('role_mappings', (table) => {
+    table.uuid('id').primary().defaultTo(knex.raw('gen_random_uuid()'));
+    table
+      .uuid('saml_auth_provider_id')
+      .references('id')
+      .inTable('saml_auth_providers');
+    table.uuid('role_id').references('id').inTable('roles');
+    table.string('remote_role_name').notNullable();
+
+    table.unique(['saml_auth_provider_id', 'remote_role_name']);
+
+    table.timestamps(true, true);
+  });
+
+  const existingRoleMappings = await knex('saml_auth_providers_role_mappings');
+
+  if (existingRoleMappings.length) {
+    await knex('role_mappings').insert(existingRoleMappings);
+  }
+
+  return await knex.schema.dropTable('saml_auth_providers_role_mappings');
+}
+
+export async function down(knex) {
+  await knex.schema.createTable(
+    'saml_auth_providers_role_mappings',
+    (table) => {
+      table.uuid('id').primary().defaultTo(knex.raw('gen_random_uuid()'));
+      table
+        .uuid('saml_auth_provider_id')
+        .references('id')
+        .inTable('saml_auth_providers');
+      table.uuid('role_id').references('id').inTable('roles');
+      table.string('remote_role_name').notNullable();
+
+      table.unique(['saml_auth_provider_id', 'remote_role_name']);
+
+      table.timestamps(true, true);
+    }
+  );
+
+  const existingRoleMappings = await knex('role_mappings');
+
+  if (existingRoleMappings.length) {
+    await knex('saml_auth_providers_role_mappings').insert(
+      existingRoleMappings
+    );
+  }
+
+  return await knex.schema.dropTable('role_mappings');
+}

packages/backend/src/db/migrations/20241204103153_add_use_only_predefined_auth_clients_in_app_config.js

@@ -0,0 +1,11 @@
+export async function up(knex) {
+  return await knex.schema.alterTable('app_configs', (table) => {
+    table.boolean('use_only_predefined_auth_clients').defaultTo(false);
+  });
+}
+
+export async function down(knex) {
+  return await knex.schema.alterTable('app_configs', (table) => {
+    table.dropColumn('use_only_predefined_auth_clients');
+  });
+}

packages/backend/src/db/migrations/20241204103355_remove_obsolete_fields_in_app_config.js

@@ -0,0 +1,15 @@
+export async function up(knex) {
+  return await knex.schema.alterTable('app_configs', (table) => {
+    table.dropColumn('shared');
+    table.dropColumn('connection_allowed');
+    table.dropColumn('custom_connection_allowed');
+  });
+}
+
+export async function down(knex) {
+  return await knex.schema.alterTable('app_configs', (table) => {
+    table.boolean('shared').defaultTo(false);
+    table.boolean('connection_allowed').defaultTo(false);
+    table.boolean('custom_connection_allowed').defaultTo(false);
+  });
+}

packages/backend/src/helpers/find-or-create-user-by-saml-identity.ee.js

@@ -30,7 +30,7 @@ const findOrCreateUserBySamlIdentity = async (
     : [mappedUser.role];
 
   const samlAuthProviderRoleMapping = await samlAuthProvider
-    .$relatedQuery('samlAuthProvidersRoleMappings')
+    .$relatedQuery('roleMappings')
     .whereIn('remote_role_name', mappedRoles)
     .limit(1)
     .first();

packages/backend/src/helpers/user-ability.test.js

@@ -0,0 +1,46 @@
+import { describe, expect, it } from 'vitest';
+import userAbility from './user-ability.js';
+
+describe('userAbility', () => {
+  it('should return PureAbility instantiated with user permissions', () => {
+    const user = {
+      permissions: [
+        {
+          subject: 'Flow',
+          action: 'read',
+          conditions: ['isCreator'],
+        },
+      ],
+      role: {
+        name: 'User',
+      },
+    };
+
+    const ability = userAbility(user);
+
+    expect(ability.rules).toStrictEqual(user.permissions);
+  });
+
+  it('should return permission-less PureAbility for user with no role', () => {
+    const user = {
+      permissions: [
+        {
+          subject: 'Flow',
+          action: 'read',
+          conditions: ['isCreator'],
+        },
+      ],
+      role: null,
+    };
+    const ability = userAbility(user);
+
+    expect(ability.rules).toStrictEqual([]);
+  });
+
+  it('should return permission-less PureAbility for user with no permissions', () => {
+    const user = { permissions: null, role: { name: 'User' } };
+    const ability = userAbility(user);
+
+    expect(ability.rules).toStrictEqual([]);
+  });
+});

packages/backend/src/models/__snapshots__/app-config.test.js.snap

@@ -0,0 +1,33 @@
+// Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html
+
+exports[`AppConfig model > jsonSchema should have correct validations 1`] = `
+{
+  "properties": {
+    "createdAt": {
+      "type": "string",
+    },
+    "disabled": {
+      "default": false,
+      "type": "boolean",
+    },
+    "id": {
+      "format": "uuid",
+      "type": "string",
+    },
+    "key": {
+      "type": "string",
+    },
+    "updatedAt": {
+      "type": "string",
+    },
+    "useOnlyPredefinedAuthClients": {
+      "default": false,
+      "type": "boolean",
+    },
+  },
+  "required": [
+    "key",
+  ],
+  "type": "object",
+}
+`;

packages/backend/src/models/__snapshots__/flow.test.js.snap

@@ -0,0 +1,42 @@
+// Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html
+
+exports[`Flow model > jsonSchema should have correct validations 1`] = `
+{
+  "properties": {
+    "active": {
+      "type": "boolean",
+    },
+    "createdAt": {
+      "type": "string",
+    },
+    "deletedAt": {
+      "type": "string",
+    },
+    "id": {
+      "format": "uuid",
+      "type": "string",
+    },
+    "name": {
+      "minLength": 1,
+      "type": "string",
+    },
+    "publishedAt": {
+      "type": "string",
+    },
+    "remoteWebhookId": {
+      "type": "string",
+    },
+    "updatedAt": {
+      "type": "string",
+    },
+    "userId": {
+      "format": "uuid",
+      "type": "string",
+    },
+  },
+  "required": [
+    "name",
+  ],
+  "type": "object",
+}
+`;

packages/backend/src/models/__snapshots__/permission.test.js.snap

@@ -0,0 +1,42 @@
+// Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html
+
+exports[`Permission model > jsonSchema should have correct validations 1`] = `
+{
+  "properties": {
+    "action": {
+      "minLength": 1,
+      "type": "string",
+    },
+    "conditions": {
+      "items": {
+        "type": "string",
+      },
+      "type": "array",
+    },
+    "createdAt": {
+      "type": "string",
+    },
+    "id": {
+      "format": "uuid",
+      "type": "string",
+    },
+    "roleId": {
+      "format": "uuid",
+      "type": "string",
+    },
+    "subject": {
+      "minLength": 1,
+      "type": "string",
+    },
+    "updatedAt": {
+      "type": "string",
+    },
+  },
+  "required": [
+    "roleId",
+    "action",
+    "subject",
+  ],
+  "type": "object",
+}
+`;

packages/backend/src/models/__snapshots__/role-mapping.ee.test.js.snap

@@ -0,0 +1,30 @@
+// Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html
+
+exports[`RoleMapping model > jsonSchema should have the correct schema 1`] = `
+{
+  "properties": {
+    "id": {
+      "format": "uuid",
+      "type": "string",
+    },
+    "remoteRoleName": {
+      "minLength": 1,
+      "type": "string",
+    },
+    "roleId": {
+      "format": "uuid",
+      "type": "string",
+    },
+    "samlAuthProviderId": {
+      "format": "uuid",
+      "type": "string",
+    },
+  },
+  "required": [
+    "samlAuthProviderId",
+    "roleId",
+    "remoteRoleName",
+  ],
+  "type": "object",
+}
+`;

packages/backend/src/models/__snapshots__/role.test.js.snap

@@ -0,0 +1,33 @@
+// Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html
+
+exports[`Role model > jsonSchema should have correct validations 1`] = `
+{
+  "properties": {
+    "createdAt": {
+      "type": "string",
+    },
+    "description": {
+      "maxLength": 255,
+      "type": [
+        "string",
+        "null",
+      ],
+    },
+    "id": {
+      "format": "uuid",
+      "type": "string",
+    },
+    "name": {
+      "minLength": 1,
+      "type": "string",
+    },
+    "updatedAt": {
+      "type": "string",
+    },
+  },
+  "required": [
+    "name",
+  ],
+  "type": "object",
+}
+`;

packages/backend/src/models/__snapshots__/saml-auth-provider.ee.test.js.snap

@@ -0,0 +1,72 @@
+// Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html
+
+exports[`SamlAuthProvider model > jsonSchema should have the correct schema 1`] = `
+{
+  "properties": {
+    "active": {
+      "type": "boolean",
+    },
+    "certificate": {
+      "minLength": 1,
+      "type": "string",
+    },
+    "defaultRoleId": {
+      "format": "uuid",
+      "type": "string",
+    },
+    "emailAttributeName": {
+      "minLength": 1,
+      "type": "string",
+    },
+    "entryPoint": {
+      "minLength": 1,
+      "type": "string",
+    },
+    "firstnameAttributeName": {
+      "minLength": 1,
+      "type": "string",
+    },
+    "id": {
+      "format": "uuid",
+      "type": "string",
+    },
+    "issuer": {
+      "minLength": 1,
+      "type": "string",
+    },
+    "name": {
+      "minLength": 1,
+      "type": "string",
+    },
+    "roleAttributeName": {
+      "minLength": 1,
+      "type": "string",
+    },
+    "signatureAlgorithm": {
+      "enum": [
+        "sha1",
+        "sha256",
+        "sha512",
+      ],
+      "type": "string",
+    },
+    "surnameAttributeName": {
+      "minLength": 1,
+      "type": "string",
+    },
+  },
+  "required": [
+    "name",
+    "certificate",
+    "signatureAlgorithm",
+    "entryPoint",
+    "issuer",
+    "firstnameAttributeName",
+    "surnameAttributeName",
+    "emailAttributeName",
+    "roleAttributeName",
+    "defaultRoleId",
+  ],
+  "type": "object",
+}
+`;

packages/backend/src/models/__snapshots__/saml-auth-providers-role-mapping.ee.test.js.snap

@@ -1,6 +1,6 @@
 // Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html
 
-exports[`SamlAuthProvidersRoleMapping model > jsonSchema should have the correct schema 1`] = `
+exports[`RoleMapping model > jsonSchema should have the correct schema 1`] = `
 {
   "properties": {
     "id": {
@@ -28,14 +28,3 @@ exports[`SamlAuthProvidersRoleMapping model > jsonSchema should have the correct
   "type": "object",
 }
 `;
-
-exports[`SamlAuthProvidersRoleMapping model > relationMappings should have samlAuthProvider relation 1`] = `
-{
-  "join": {
-    "from": "saml_auth_providers_role_mappings.saml_auth_provider_id",
-    "to": "saml_auth_providers.id",
-  },
-  "modelClass": [Function],
-  "relation": [Function],
-}
-`;

packages/backend/src/models/__snapshots__/step.test.js.snap

@@ -0,0 +1,77 @@
+// Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html
+
+exports[`Step model > jsonSchema should have correct validations 1`] = `
+{
+  "properties": {
+    "appKey": {
+      "maxLength": 255,
+      "minLength": 1,
+      "type": [
+        "string",
+        "null",
+      ],
+    },
+    "connectionId": {
+      "format": "uuid",
+      "type": [
+        "string",
+        "null",
+      ],
+    },
+    "createdAt": {
+      "type": "string",
+    },
+    "deletedAt": {
+      "type": "string",
+    },
+    "flowId": {
+      "format": "uuid",
+      "type": "string",
+    },
+    "id": {
+      "format": "uuid",
+      "type": "string",
+    },
+    "key": {
+      "type": [
+        "string",
+        "null",
+      ],
+    },
+    "parameters": {
+      "type": "object",
+    },
+    "position": {
+      "type": "integer",
+    },
+    "status": {
+      "default": "incomplete",
+      "enum": [
+        "incomplete",
+        "completed",
+      ],
+      "type": "string",
+    },
+    "type": {
+      "enum": [
+        "action",
+        "trigger",
+      ],
+      "type": "string",
+    },
+    "updatedAt": {
+      "type": "string",
+    },
+    "webhookPath": {
+      "type": [
+        "string",
+        "null",
+      ],
+    },
+  },
+  "required": [
+    "type",
+  ],
+  "type": "object",
+}
+`;

packages/backend/src/models/__snapshots__/user.test.js.snap

@@ -0,0 +1,81 @@
+// Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html
+
+exports[`User model > jsonSchema should have correct validations 1`] = `
+{
+  "properties": {
+    "createdAt": {
+      "type": "string",
+    },
+    "deletedAt": {
+      "type": "string",
+    },
+    "email": {
+      "format": "email",
+      "maxLength": 255,
+      "minLength": 1,
+      "type": "string",
+    },
+    "fullName": {
+      "minLength": 1,
+      "type": "string",
+    },
+    "id": {
+      "format": "uuid",
+      "type": "string",
+    },
+    "invitationToken": {
+      "type": [
+        "string",
+        "null",
+      ],
+    },
+    "invitationTokenSentAt": {
+      "format": "date-time",
+      "type": [
+        "string",
+        "null",
+      ],
+    },
+    "password": {
+      "minLength": 6,
+      "type": "string",
+    },
+    "resetPasswordToken": {
+      "type": [
+        "string",
+        "null",
+      ],
+    },
+    "resetPasswordTokenSentAt": {
+      "format": "date-time",
+      "type": [
+        "string",
+        "null",
+      ],
+    },
+    "roleId": {
+      "format": "uuid",
+      "type": "string",
+    },
+    "status": {
+      "default": "active",
+      "enum": [
+        "active",
+        "invited",
+      ],
+      "type": "string",
+    },
+    "trialExpiryDate": {
+      "type": "string",
+    },
+    "updatedAt": {
+      "type": "string",
+    },
+  },
+  "required": [
+    "fullName",
+    "email",
+  ],
+  "type": "object",
+}
+`;

packages/backend/src/models/app-auth-client.js

@@ -2,6 +2,7 @@ import AES from 'crypto-js/aes.js';
 import enc from 'crypto-js/enc-utf8.js';
 import appConfig from '../config/app.js';
 import Base from './base.js';
+import AppConfig from './app-config.js';
 
 class AppAuthClient extends Base {
   static tableName = 'app_auth_clients';
@@ -21,6 +22,17 @@ class AppAuthClient extends Base {
     },
   };
 
+  static relationMappings = () => ({
+    appConfig: {
+      relation: Base.BelongsToOneRelation,
+      modelClass: AppConfig,
+      join: {
+        from: 'app_auth_clients.app_key',
+        to: 'app_configs.key',
+      },
+    },
+  });
+
   encryptData() {
     if (!this.eligibleForEncryption()) return;
 
@@ -52,14 +64,24 @@ class AppAuthClient extends Base {
   // beforeInsert and beforeUpdate separately for the same operation.
   async $beforeInsert(queryContext) {
     await super.$beforeInsert(queryContext);
+
     this.encryptData();
   }
 
+  async $afterInsert(queryContext) {
+    await super.$afterInsert(queryContext);
+  }
+
   async $beforeUpdate(opt, queryContext) {
     await super.$beforeUpdate(opt, queryContext);
+
     this.encryptData();
   }
 
+  async $afterUpdate(opt, queryContext) {
+    await super.$afterUpdate(opt, queryContext);
+  }
+
   async $afterFind() {
     this.decryptData();
   }

packages/backend/src/models/app-auth-client.test.js

@@ -2,7 +2,9 @@ import { describe, it, expect, vi } from 'vitest';
 import AES from 'crypto-js/aes.js';
 import enc from 'crypto-js/enc-utf8.js';
 
+import AppConfig from './app-config.js';
 import AppAuthClient from './app-auth-client.js';
+import Base from './base.js';
 import appConfig from '../config/app.js';
 import { createAppAuthClient } from '../../test/factories/app-auth-client.js';
 
@@ -15,6 +17,23 @@ describe('AppAuthClient model', () => {
     expect(AppAuthClient.jsonSchema).toMatchSnapshot();
   });
 
+  it('relationMappings should return correct associations', () => {
+    const relationMappings = AppAuthClient.relationMappings();
+
+    const expectedRelations = {
+      appConfig: {
+        relation: Base.BelongsToOneRelation,
+        modelClass: AppConfig,
+        join: {
+          from: 'app_auth_clients.app_key',
+          to: 'app_configs.key',
+        },
+      },
+    };
+
+    expect(relationMappings).toStrictEqual(expectedRelations);
+  });
+
   describe('encryptData', () => {
     it('should return undefined if eligibleForEncryption is not true', async () => {
       vi.spyOn(
@@ -49,7 +68,9 @@ describe('AppAuthClient model', () => {
       );
 
       expect(formattedAuthDefaults).toStrictEqual(expectedDecryptedValue);
-      expect(appAuthClient.authDefaults).not.toEqual(formattedAuthDefaults);
+      expect(appAuthClient.authDefaults).not.toStrictEqual(
+        formattedAuthDefaults
+      );
     });
 
     it('should encrypt formattedAuthDefaults and remove formattedAuthDefaults', async () => {
@@ -104,7 +125,9 @@ describe('AppAuthClient model', () => {
       expect(appAuthClient.formattedAuthDefaults).toStrictEqual(
         formattedAuthDefaults
       );
-      expect(appAuthClient.authDefaults).not.toEqual(formattedAuthDefaults);
+      expect(appAuthClient.authDefaults).not.toStrictEqual(
+        formattedAuthDefaults
+      );
     });
   });
 

packages/backend/src/models/app-config.js

@@ -5,6 +5,10 @@ import Base from './base.js';
 class AppConfig extends Base {
   static tableName = 'app_configs';
 
+  static get idColumn() {
+    return 'key';
+  }
+
   static jsonSchema = {
     type: 'object',
     required: ['key'],
@@ -12,8 +16,7 @@ class AppConfig extends Base {
     properties: {
       id: { type: 'string', format: 'uuid' },
       key: { type: 'string' },
-      allowCustomConnection: { type: 'boolean', default: false },
+      useOnlyPredefinedAuthClients: { type: 'boolean', default: false },
-      shared: { type: 'boolean', default: false },
       disabled: { type: 'boolean', default: false },
       createdAt: { type: 'string' },
       updatedAt: { type: 'string' },
@@ -31,26 +34,6 @@ class AppConfig extends Base {
     },
   });
 
-  static get virtualAttributes() {
-    return ['canConnect', 'canCustomConnect'];
-  }
-
-  get canCustomConnect() {
-    return !this.disabled && this.allowCustomConnection;
-  }
-
-  get canConnect() {
-    const hasSomeActiveAppAuthClients = !!this.appAuthClients?.some(
-      (appAuthClient) => appAuthClient.active
-    );
-    const shared = this.shared;
-    const active = this.disabled === false;
-
-    const conditions = [hasSomeActiveAppAuthClients, shared, active];
-
-    return conditions.every(Boolean);
-  }
-
   async getApp() {
     if (!this.key) return null;