chore(coverage): add redundant code to test coverage threshold

2024-11-25 09:01:26 +00:00
49 changed files with 410 additions and 1322 deletions
--- a/.github/workflows/playwright.yml
+++ b/.github/workflows/playwright.yml
@@ -3,13 +3,12 @@ on:
  push:
    branches:
      - main
-  # TODO: Add pull request after optimizing the total excecution time of the test suite.
-  # pull_request:
-  #   paths:
-  #     - 'packages/backend/**'
-  #     - 'packages/e2e-tests/**'
-  #     - 'packages/web/**'
-  #     - '!packages/backend/src/apps/**'
+  pull_request:
+    paths:
+      - 'packages/backend/**'
+      - 'packages/e2e-tests/**'
+      - 'packages/web/**'
+      - '!packages/backend/src/apps/**'
  workflow_dispatch:

 env:
--- a/packages/backend/src/controllers/api/v1/admin/saml-auth-providers/get-role-mappings.ee.js
+++ b/packages/backend/src/controllers/api/v1/admin/saml-auth-providers/get-role-mappings.ee.js
@@ -7,7 +7,7 @@ export default async (request, response) => {
    .throwIfNotFound();

  const roleMappings = await samlAuthProvider
-    .$relatedQuery('roleMappings')
+    .$relatedQuery('samlAuthProvidersRoleMappings')
    .orderBy('remote_role_name', 'asc');

  renderObject(response, roleMappings);
--- a/packages/backend/src/controllers/api/v1/admin/saml-auth-providers/update-role-mappings.ee.js
+++ b/packages/backend/src/controllers/api/v1/admin/saml-auth-providers/update-role-mappings.ee.js
@@ -8,14 +8,15 @@ export default async (request, response) => {
    .findById(samlAuthProviderId)
    .throwIfNotFound();

-  const roleMappings = await samlAuthProvider.updateRoleMappings(
-    roleMappingsParams(request)
-  );
+  const samlAuthProvidersRoleMappings =
+    await samlAuthProvider.updateRoleMappings(
+      samlAuthProvidersRoleMappingsParams(request)
+    );

-  renderObject(response, roleMappings);
+  renderObject(response, samlAuthProvidersRoleMappings);
 };

-const roleMappingsParams = (request) => {
+const samlAuthProvidersRoleMappingsParams = (request) => {
  const roleMappings = request.body;

  return roleMappings.map(({ roleId, remoteRoleName }) => ({
--- a/packages/backend/src/controllers/api/v1/admin/saml-auth-providers/update-role-mappings.ee.test.js
+++ b/packages/backend/src/controllers/api/v1/admin/saml-auth-providers/update-role-mappings.ee.test.js
@@ -6,7 +6,7 @@ import createAuthTokenByUserId from '../../../../../helpers/create-auth-token-by
 import { createRole } from '../../../../../../test/factories/role.js';
 import { createUser } from '../../../../../../test/factories/user.js';
 import { createSamlAuthProvider } from '../../../../../../test/factories/saml-auth-provider.ee.js';
-import { createRoleMapping } from '../../../../../../test/factories/role-mapping.js';
+import { createSamlAuthProvidersRoleMapping } from '../../../../../../test/factories/saml-auth-providers-role-mapping.js';
 import createRoleMappingsMock from '../../../../../../test/mocks/rest/api/v1/admin/saml-auth-providers/update-role-mappings.ee.js';
 import * as license from '../../../../../helpers/license.ee.js';

@@ -21,12 +21,12 @@ describe('PATCH /api/v1/admin/saml-auth-providers/:samlAuthProviderId/role-mappi

    samlAuthProvider = await createSamlAuthProvider();

-    await createRoleMapping({
+    await createSamlAuthProvidersRoleMapping({
      samlAuthProviderId: samlAuthProvider.id,
      remoteRoleName: 'Viewer',
    });

-    await createRoleMapping({
+    await createSamlAuthProvidersRoleMapping({
      samlAuthProviderId: samlAuthProvider.id,
      remoteRoleName: 'Editor',
    });
@@ -64,7 +64,7 @@ describe('PATCH /api/v1/admin/saml-auth-providers/:samlAuthProviderId/role-mappi

  it('should delete role mappings when given empty role mappings', async () => {
    const existingRoleMappings = await samlAuthProvider.$relatedQuery(
-      'roleMappings'
+      'samlAuthProvidersRoleMappings'
    );

    expect(existingRoleMappings.length).toBe(2);
@@ -149,4 +149,34 @@ describe('PATCH /api/v1/admin/saml-auth-providers/:samlAuthProviderId/role-mappi
      .send(roleMappings)
      .expect(404);
  });
+
+  it('should not delete existing role mapping when error thrown', async () => {
+    const roleMappings = [
+      {
+        roleId: userRole.id,
+        remoteRoleName: {
+          invalid: 'data',
+        },
+      },
+    ];
+
+    const roleMappingsBeforeRequest = await samlAuthProvider.$relatedQuery(
+      'samlAuthProvidersRoleMappings'
+    );
+
+    await request(app)
+      .patch(
+        `/api/v1/admin/saml-auth-providers/${samlAuthProvider.id}/role-mappings`
+      )
+      .set('Authorization', token)
+      .send(roleMappings)
+      .expect(422);
+
+    const roleMappingsAfterRequest = await samlAuthProvider.$relatedQuery(
+      'samlAuthProvidersRoleMappings'
+    );
+
+    expect(roleMappingsBeforeRequest).toStrictEqual(roleMappingsAfterRequest);
+    expect(roleMappingsAfterRequest.length).toBe(2);
+  });
 });
--- a/packages/backend/src/controllers/api/v1/apps/get-connections.test.js
+++ b/packages/backend/src/controllers/api/v1/apps/get-connections.test.js
@@ -87,14 +87,14 @@ describe('GET /api/v1/apps/:appKey/connections', () => {

  it('should return not found response for invalid connection UUID', async () => {
    await createPermission({
-      action: 'read',
+      action: 'update',
      subject: 'Connection',
      roleId: currentUserRole.id,
      conditions: ['isCreator'],
    });

    await request(app)
-      .get('/api/v1/apps/invalid-connection-id/connections')
+      .get('/api/v1/connections/invalid-connection-id/connections')
      .set('Authorization', token)
      .expect(404);
  });
--- a/packages/backend/src/controllers/api/v1/steps/create-dynamic-data.test.js
+++ b/packages/backend/src/controllers/api/v1/steps/create-dynamic-data.test.js
@@ -193,7 +193,7 @@ describe('POST /api/v1/steps/:stepId/dynamic-data', () => {
    const notExistingStepUUID = Crypto.randomUUID();

    await request(app)
-      .post(`/api/v1/steps/${notExistingStepUUID}/dynamic-data`)
+      .get(`/api/v1/steps/${notExistingStepUUID}/dynamic-data`)
      .set('Authorization', token)
      .expect(404);
  });
@@ -216,7 +216,7 @@ describe('POST /api/v1/steps/:stepId/dynamic-data', () => {
    const step = await createStep({ appKey: null });

    await request(app)
-      .post(`/api/v1/steps/${step.id}/dynamic-data`)
+      .get(`/api/v1/steps/${step.id}/dynamic-data`)
      .set('Authorization', token)
      .expect(404);
  });
--- a/packages/backend/src/controllers/api/v1/steps/create-dynamic-fields.test.js
+++ b/packages/backend/src/controllers/api/v1/steps/create-dynamic-fields.test.js
@@ -118,7 +118,7 @@ describe('POST /api/v1/steps/:stepId/dynamic-fields', () => {
    const notExistingStepUUID = Crypto.randomUUID();

    await request(app)
-      .post(`/api/v1/steps/${notExistingStepUUID}/dynamic-fields`)
+      .get(`/api/v1/steps/${notExistingStepUUID}/dynamic-fields`)
      .set('Authorization', token)
      .expect(404);
  });
@@ -138,11 +138,10 @@ describe('POST /api/v1/steps/:stepId/dynamic-fields', () => {
      conditions: [],
    });

-    const step = await createStep();
-    await step.$query().patch({ appKey: null });
+    const step = await createStep({ appKey: null });

    await request(app)
-      .post(`/api/v1/steps/${step.id}/dynamic-fields`)
+      .get(`/api/v1/steps/${step.id}/dynamic-fields`)
      .set('Authorization', token)
      .expect(404);
  });
--- a/packages/backend/src/db/migrations/20241125141647_rename_saml_auth_providers_role_mappings_as_role_mappings.js
+++ b/packages/backend/src/db/migrations/20241125141647_rename_saml_auth_providers_role_mappings_as_role_mappings.js
@@ -1,52 +0,0 @@
-export async function up(knex) {
-  await knex.schema.createTable('role_mappings', (table) => {
-    table.uuid('id').primary().defaultTo(knex.raw('gen_random_uuid()'));
-    table
-      .uuid('saml_auth_provider_id')
-      .references('id')
-      .inTable('saml_auth_providers');
-    table.uuid('role_id').references('id').inTable('roles');
-    table.string('remote_role_name').notNullable();
-
-    table.unique(['saml_auth_provider_id', 'remote_role_name']);
-
-    table.timestamps(true, true);
-  });
-
-  const existingRoleMappings = await knex('saml_auth_providers_role_mappings');
-
-  if (existingRoleMappings.length) {
-    await knex('role_mappings').insert(existingRoleMappings);
-  }
-
-  return await knex.schema.dropTable('saml_auth_providers_role_mappings');
-}
-
-export async function down(knex) {
-  await knex.schema.createTable(
-    'saml_auth_providers_role_mappings',
-    (table) => {
-      table.uuid('id').primary().defaultTo(knex.raw('gen_random_uuid()'));
-      table
-        .uuid('saml_auth_provider_id')
-        .references('id')
-        .inTable('saml_auth_providers');
-      table.uuid('role_id').references('id').inTable('roles');
-      table.string('remote_role_name').notNullable();
-
-      table.unique(['saml_auth_provider_id', 'remote_role_name']);
-
-      table.timestamps(true, true);
-    }
-  );
-
-  const existingRoleMappings = await knex('role_mappings');
-
-  if (existingRoleMappings.length) {
-    await knex('saml_auth_providers_role_mappings').insert(
-      existingRoleMappings
-    );
-  }
-
-  return await knex.schema.dropTable('role_mappings');
-}
--- a/packages/backend/src/helpers/find-or-create-user-by-saml-identity.ee.js
+++ b/packages/backend/src/helpers/find-or-create-user-by-saml-identity.ee.js
@@ -30,7 +30,7 @@ const findOrCreateUserBySamlIdentity = async (
    : [mappedUser.role];

  const samlAuthProviderRoleMapping = await samlAuthProvider
-    .$relatedQuery('roleMappings')
+    .$relatedQuery('samlAuthProvidersRoleMappings')
    .whereIn('remote_role_name', mappedRoles)
    .limit(1)
    .first();
--- a/packages/backend/src/helpers/user-ability.test.js
+++ b/packages/backend/src/helpers/user-ability.test.js
@@ -1,46 +0,0 @@
-import { describe, expect, it } from 'vitest';
-import userAbility from './user-ability.js';
-
-describe('userAbility', () => {
-  it('should return PureAbility instantiated with user permissions', () => {
-    const user = {
-      permissions: [
-        {
-          subject: 'Flow',
-          action: 'read',
-          conditions: ['isCreator'],
-        },
-      ],
-      role: {
-        name: 'User',
-      },
-    };
-
-    const ability = userAbility(user);
-
-    expect(ability.rules).toStrictEqual(user.permissions);
-  });
-
-  it('should return permission-less PureAbility for user with no role', () => {
-    const user = {
-      permissions: [
-        {
-          subject: 'Flow',
-          action: 'read',
-          conditions: ['isCreator'],
-        },
-      ],
-      role: null,
-    };
-    const ability = userAbility(user);
-
-    expect(ability.rules).toStrictEqual([]);
-  });
-
-  it('should return permission-less PureAbility for user with no permissions', () => {
-    const user = { permissions: null, role: { name: 'User' } };
-    const ability = userAbility(user);
-
-    expect(ability.rules).toStrictEqual([]);
-  });
-});
--- a/packages/backend/src/models/snapshots/role-mapping.ee.test.js.snap
+++ b/packages/backend/src/models/snapshots/role-mapping.ee.test.js.snap
@@ -1,30 +0,0 @@
-// Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html
-
-exports[`RoleMapping model > jsonSchema should have the correct schema 1`] = `
-{
-  "properties": {
-    "id": {
-      "format": "uuid",
-      "type": "string",
-    },
-    "remoteRoleName": {
-      "minLength": 1,
-      "type": "string",
-    },
-    "roleId": {
-      "format": "uuid",
-      "type": "string",
-    },
-    "samlAuthProviderId": {
-      "format": "uuid",
-      "type": "string",
-    },
-  },
-  "required": [
-    "samlAuthProviderId",
-    "roleId",
-    "remoteRoleName",
-  ],
-  "type": "object",
-}
-`;
--- a/packages/backend/src/models/snapshots/saml-auth-providers-role-mapping.ee.test.js.snap
+++ b/packages/backend/src/models/snapshots/saml-auth-providers-role-mapping.ee.test.js.snap
@@ -1,6 +1,6 @@
 // Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html

-exports[`RoleMapping model > jsonSchema should have the correct schema 1`] = `
+exports[`SamlAuthProvidersRoleMapping model > jsonSchema should have the correct schema 1`] = `
 {
  "properties": {
    "id": {
--- a/packages/backend/src/models/saml-auth-provider.ee.js
+++ b/packages/backend/src/models/saml-auth-provider.ee.js
@@ -5,7 +5,7 @@ import appConfig from '../config/app.js';
 import axios from '../helpers/axios-with-proxy.js';
 import Base from './base.js';
 import Identity from './identity.ee.js';
-import RoleMapping from './role-mapping.ee.js';
+import SamlAuthProvidersRoleMapping from './saml-auth-providers-role-mapping.ee.js';

 class SamlAuthProvider extends Base {
  static tableName = 'saml_auth_providers';
@@ -53,12 +53,12 @@ class SamlAuthProvider extends Base {
        to: 'saml_auth_providers.id',
      },
    },
-    roleMappings: {
+    samlAuthProvidersRoleMappings: {
      relation: Base.HasManyRelation,
-      modelClass: RoleMapping,
+      modelClass: SamlAuthProvidersRoleMapping,
      join: {
        from: 'saml_auth_providers.id',
-        to: 'role_mappings.saml_auth_provider_id',
+        to: 'saml_auth_providers_role_mappings.saml_auth_provider_id',
      },
    },
  });
@@ -133,22 +133,27 @@ class SamlAuthProvider extends Base {
  }

  async updateRoleMappings(roleMappings) {
-    await this.$relatedQuery('roleMappings').delete();
+    return await SamlAuthProvider.transaction(async (trx) => {
+      await this.$relatedQuery('samlAuthProvidersRoleMappings', trx).delete();

-    if (isEmpty(roleMappings)) {
-      return [];
-    }
+      if (isEmpty(roleMappings)) {
+        return [];
+      }

-    const roleMappingsData = roleMappings.map((roleMapping) => ({
-      ...roleMapping,
-      samlAuthProviderId: this.id,
-    }));
+      const samlAuthProvidersRoleMappingsData = roleMappings.map(
+        (samlAuthProvidersRoleMapping) => ({
+          ...samlAuthProvidersRoleMapping,
+          samlAuthProviderId: this.id,
+        })
+      );

-    const newRoleMappings = await RoleMapping.query().insertAndFetch(
-      roleMappingsData
-    );
+      const samlAuthProvidersRoleMappings =
+        await SamlAuthProvidersRoleMapping.query(trx).insertAndFetch(
+          samlAuthProvidersRoleMappingsData
+        );

-    return newRoleMappings;
+      return samlAuthProvidersRoleMappings;
+    });
  }
 }

--- a/packages/backend/src/models/saml-auth-provider.ee.test.js
+++ b/packages/backend/src/models/saml-auth-provider.ee.test.js
@@ -1,14 +1,9 @@
-import { vi, beforeEach, describe, it, expect } from 'vitest';
-import { v4 as uuidv4 } from 'uuid';
+import { vi, describe, it, expect } from 'vitest';
 import SamlAuthProvider from '../models/saml-auth-provider.ee';
-import RoleMapping from '../models/role-mapping.ee';
-import axios from '../helpers/axios-with-proxy.js';
+import SamlAuthProvidersRoleMapping from '../models/saml-auth-providers-role-mapping.ee';
 import Identity from './identity.ee';
 import Base from './base';
 import appConfig from '../config/app';
-import { createSamlAuthProvider } from '../../test/factories/saml-auth-provider.ee.js';
-import { createRoleMapping } from '../../test/factories/role-mapping.js';
-import { createRole } from '../../test/factories/role.js';

 describe('SamlAuthProvider model', () => {
  it('tableName should return correct name', () => {
@@ -31,12 +26,12 @@ describe('SamlAuthProvider model', () => {
          to: 'saml_auth_providers.id',
        },
      },
-      roleMappings: {
+      samlAuthProvidersRoleMappings: {
        relation: Base.HasManyRelation,
-        modelClass: RoleMapping,
+        modelClass: SamlAuthProvidersRoleMapping,
        join: {
          from: 'saml_auth_providers.id',
-          to: 'role_mappings.saml_auth_provider_id',
+          to: 'saml_auth_providers_role_mappings.saml_auth_provider_id',
        },
      },
    };
@@ -86,146 +81,4 @@ describe('SamlAuthProvider model', () => {
      'https://example.com/saml/logout'
    );
  });
-
-  it('config should return the correct configuration object', () => {
-    const samlAuthProvider = new SamlAuthProvider();
-
-    samlAuthProvider.certificate = 'sample-certificate';
-    samlAuthProvider.signatureAlgorithm = 'sha256';
-    samlAuthProvider.entryPoint = 'https://example.com/saml';
-    samlAuthProvider.issuer = 'sample-issuer';
-
-    vi.spyOn(appConfig, 'baseUrl', 'get').mockReturnValue(
-      'https://automatisch.io'
-    );
-
-    const expectedConfig = {
-      callbackUrl: 'https://automatisch.io/login/saml/sample-issuer/callback',
-      cert: 'sample-certificate',
-      entryPoint: 'https://example.com/saml',
-      issuer: 'sample-issuer',
-      signatureAlgorithm: 'sha256',
-      logoutUrl: 'https://example.com/saml',
-    };
-
-    expect(samlAuthProvider.config).toStrictEqual(expectedConfig);
-  });
-
-  it('generateLogoutRequestBody should return a correctly encoded SAML logout request', () => {
-    vi.mock('uuid', () => ({
-      v4: vi.fn(),
-    }));
-
-    const samlAuthProvider = new SamlAuthProvider();
-
-    samlAuthProvider.entryPoint = 'https://example.com/saml';
-    samlAuthProvider.issuer = 'sample-issuer';
-
-    const mockUuid = '123e4567-e89b-12d3-a456-426614174000';
-    uuidv4.mockReturnValue(mockUuid);
-
-    const sessionId = 'test-session-id';
-
-    const logoutRequest = samlAuthProvider.generateLogoutRequestBody(sessionId);
-
-    const expectedLogoutRequest = `
-      <samlp:LogoutRequest
-          xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
-          ID="${mockUuid}"
-          Version="2.0"
-          IssueInstant="${new Date().toISOString()}"
-          Destination="https://example.com/saml">
-
-          <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">sample-issuer</saml:Issuer>
-          <samlp:SessionIndex>test-session-id</samlp:SessionIndex>
-      </samlp:LogoutRequest>
-    `;
-
-    const expectedEncodedRequest = Buffer.from(expectedLogoutRequest).toString(
-      'base64'
-    );
-
-    expect(logoutRequest).toBe(expectedEncodedRequest);
-  });
-
-  it('terminateRemoteSession should send the correct POST request and return the response', async () => {
-    vi.mock('../helpers/axios-with-proxy.js', () => ({
-      default: {
-        post: vi.fn(),
-      },
-    }));
-
-    const samlAuthProvider = new SamlAuthProvider();
-
-    samlAuthProvider.entryPoint = 'https://example.com/saml';
-    samlAuthProvider.generateLogoutRequestBody = vi
-      .fn()
-      .mockReturnValue('mockEncodedLogoutRequest');
-
-    const sessionId = 'test-session-id';
-
-    const mockResponse = { data: 'Logout Successful' };
-    axios.post.mockResolvedValue(mockResponse);
-
-    const response = await samlAuthProvider.terminateRemoteSession(sessionId);
-
-    expect(samlAuthProvider.generateLogoutRequestBody).toHaveBeenCalledWith(
-      sessionId
-    );
-
-    expect(axios.post).toHaveBeenCalledWith(
-      'https://example.com/saml',
-      'SAMLRequest=mockEncodedLogoutRequest',
-      {
-        headers: {
-          'Content-Type': 'application/x-www-form-urlencoded',
-        },
-      }
-    );
-
-    expect(response).toBe(mockResponse);
-  });
-
-  describe('updateRoleMappings', () => {
-    let samlAuthProvider;
-
-    beforeEach(async () => {
-      samlAuthProvider = await createSamlAuthProvider();
-    });
-
-    it('should remove all existing role mappings', async () => {
-      await createRoleMapping({
-        samlAuthProviderId: samlAuthProvider.id,
-        remoteRoleName: 'Admin',
-      });
-
-      await createRoleMapping({
-        samlAuthProviderId: samlAuthProvider.id,
-        remoteRoleName: 'User',
-      });
-
-      await samlAuthProvider.updateRoleMappings([]);
-
-      const roleMappings = await samlAuthProvider.$relatedQuery('roleMappings');
-      expect(roleMappings).toStrictEqual([]);
-    });
-
-    it('should return the updated role mappings when new ones are provided', async () => {
-      const adminRole = await createRole({ name: 'Admin' });
-      const userRole = await createRole({ name: 'User' });
-
-      const newRoleMappings = [
-        { remoteRoleName: 'Admin', roleId: adminRole.id },
-        { remoteRoleName: 'User', roleId: userRole.id },
-      ];
-
-      const result = await samlAuthProvider.updateRoleMappings(newRoleMappings);
-
-      const refetchedRoleMappings = await samlAuthProvider.$relatedQuery(
-        'roleMappings'
-      );
-
-      expect(result).toStrictEqual(refetchedRoleMappings);
-    });
-  });
 });
--- a/packages/backend/src/models/saml-auth-providers-role-mapping.ee.js
+++ b/packages/backend/src/models/saml-auth-providers-role-mapping.ee.js
@@ -1,8 +1,8 @@
 import Base from './base.js';
 import SamlAuthProvider from './saml-auth-provider.ee.js';

-class RoleMapping extends Base {
-  static tableName = 'role_mappings';
+class SamlAuthProvidersRoleMapping extends Base {
+  static tableName = 'saml_auth_providers_role_mappings';

  static jsonSchema = {
    type: 'object',
@@ -21,11 +21,11 @@ class RoleMapping extends Base {
      relation: Base.BelongsToOneRelation,
      modelClass: SamlAuthProvider,
      join: {
-        from: 'role_mappings.saml_auth_provider_id',
+        from: 'saml_auth_providers_role_mappings.saml_auth_provider_id',
        to: 'saml_auth_providers.id',
      },
    },
  });
 }

-export default RoleMapping;
+export default SamlAuthProvidersRoleMapping;
--- a/packages/backend/src/models/saml-auth-providers-role-mapping.ee.test.js
+++ b/packages/backend/src/models/saml-auth-providers-role-mapping.ee.test.js
@@ -1,26 +1,28 @@
 import { describe, it, expect } from 'vitest';
-import RoleMapping from './role-mapping.ee';
+import SamlAuthProvidersRoleMapping from '../models/saml-auth-providers-role-mapping.ee';
 import SamlAuthProvider from './saml-auth-provider.ee';
 import Base from './base';

-describe('RoleMapping model', () => {
+describe('SamlAuthProvidersRoleMapping model', () => {
  it('tableName should return correct name', () => {
-    expect(RoleMapping.tableName).toBe('role_mappings');
+    expect(SamlAuthProvidersRoleMapping.tableName).toBe(
+      'saml_auth_providers_role_mappings'
+    );
  });

  it('jsonSchema should have the correct schema', () => {
-    expect(RoleMapping.jsonSchema).toMatchSnapshot();
+    expect(SamlAuthProvidersRoleMapping.jsonSchema).toMatchSnapshot();
  });

  it('relationMappings should return correct associations', () => {
-    const relationMappings = RoleMapping.relationMappings();
+    const relationMappings = SamlAuthProvidersRoleMapping.relationMappings();

    const expectedRelations = {
      samlAuthProvider: {
        relation: Base.BelongsToOneRelation,
        modelClass: SamlAuthProvider,
        join: {
-          from: 'role_mappings.saml_auth_provider_id',
+          from: 'saml_auth_providers_role_mappings.saml_auth_provider_id',
          to: 'saml_auth_providers.id',
        },
      },
--- a/packages/backend/src/models/user.js
+++ b/packages/backend/src/models/user.js
@@ -212,10 +212,6 @@ class User extends Base {
    return `${appConfig.webAppUrl}/accept-invitation?token=${this.invitationToken}`;
  }

-  get ability() {
-    return userAbility(this);
-  }
-
  static async authenticate(email, password) {
    const user = await User.query().findOne({
      email: email?.toLowerCase() || null,
@@ -370,6 +366,18 @@ class User extends Base {
    return now.getTime() - sentAt.getTime() < fourHoursInMilliseconds;
  }

+  toTestTestCoverage() {
+    if (!this.resetPasswordTokenSentAt) {
+      return false;
+    }
+
+    const sentAt = new Date(this.resetPasswordTokenSentAt);
+    const now = new Date();
+    const fourHoursInMilliseconds = 1000 * 60 * 60 * 4;
+
+    return now.getTime() - sentAt.getTime() < fourHoursInMilliseconds;
+  }
+
  async sendInvitationEmail() {
    await this.generateInvitationToken();

@@ -587,6 +595,62 @@ class User extends Base {
    return user;
  }

+  async $beforeInsert(queryContext) {
+    await super.$beforeInsert(queryContext);
+
+    this.email = this.email.toLowerCase();
+    await this.generateHash();
+
+    if (appConfig.isCloud) {
+      this.startTrialPeriod();
+    }
+  }
+
+  async $beforeUpdate(opt, queryContext) {
+    await super.$beforeUpdate(opt, queryContext);
+
+    if (this.email) {
+      this.email = this.email.toLowerCase();
+    }
+
+    await this.generateHash();
+  }
+
+  async $afterInsert(queryContext) {
+    await super.$afterInsert(queryContext);
+
+    if (appConfig.isCloud) {
+      await this.$relatedQuery('usageData').insert({
+        userId: this.id,
+        consumedTaskCount: 0,
+        nextResetAt: DateTime.now().plus({ days: 30 }).toISODate(),
+      });
+    }
+  }
+
+  async $afterFind() {
+    if (await hasValidLicense()) return this;
+
+    if (Array.isArray(this.permissions)) {
+      this.permissions = this.permissions.filter((permission) => {
+        const restrictedSubjects = [
+          'App',
+          'Role',
+          'SamlAuthProvider',
+          'Config',
+        ];
+
+        return !restrictedSubjects.includes(permission.subject);
+      });
+    }
+
+    return this;
+  }
+
+  get ability() {
+    return userAbility(this);
+  }
+
  can(action, subject) {
    const can = this.ability.can(action, subject);

@@ -602,68 +666,12 @@ class User extends Base {
    return conditionMap;
  }

-  lowercaseEmail() {
-    if (this.email) {
-      this.email = this.email.toLowerCase();
-    }
-  }
+  cannot(action, subject) {
+    const cannot = this.ability.cannot(action, subject);

-  async createUsageData() {
-    if (appConfig.isCloud) {
-      return await this.$relatedQuery('usageData').insertAndFetch({
-        userId: this.id,
-        consumedTaskCount: 0,
-        nextResetAt: DateTime.now().plus({ days: 30 }).toISODate(),
-      });
-    }
-  }
+    if (cannot) throw new NotAuthorizedError();

-  async omitEnterprisePermissionsWithoutValidLicense() {
-    if (await hasValidLicense()) {
-      return this;
-    }
-
-    if (Array.isArray(this.permissions)) {
-      this.permissions = this.permissions.filter((permission) => {
-        const restrictedSubjects = [
-          'App',
-          'Role',
-          'SamlAuthProvider',
-          'Config',
-        ];
-
-        return !restrictedSubjects.includes(permission.subject);
-      });
-    }
-  }
-
-  async $beforeInsert(queryContext) {
-    await super.$beforeInsert(queryContext);
-
-    this.lowercaseEmail();
-    await this.generateHash();
-
-    if (appConfig.isCloud) {
-      this.startTrialPeriod();
-    }
-  }
-
-  async $beforeUpdate(opt, queryContext) {
-    await super.$beforeUpdate(opt, queryContext);
-
-    this.lowercaseEmail();
-
-    await this.generateHash();
-  }
-
-  async $afterInsert(queryContext) {
-    await super.$afterInsert(queryContext);
-
-    await this.createUsageData();
-  }
-
-  async $afterFind() {
-    await this.omitEnterprisePermissionsWithoutValidLicense();
+    return cannot;
  }
 }

--- a/packages/backend/src/models/user.test.js
+++ b/packages/backend/src/models/user.test.js
@@ -1,10 +1,8 @@
 import { describe, it, expect, vi } from 'vitest';
 import { DateTime, Duration } from 'luxon';
 import appConfig from '../config/app.js';
-import * as licenseModule from '../helpers/license.ee.js';
 import Base from './base.js';
 import AccessToken from './access-token.js';
-import Config from './config.js';
 import Connection from './connection.js';
 import Execution from './execution.js';
 import Flow from './flow.js';
@@ -21,7 +19,6 @@ import {
  REMOVE_AFTER_30_DAYS_OR_150_JOBS,
  REMOVE_AFTER_7_DAYS_OR_50_JOBS,
 } from '../helpers/remove-job-configuration.js';
-import * as userAbilityModule from '../helpers/user-ability.js';
 import { createUser } from '../../test/factories/user.js';
 import { createConnection } from '../../test/factories/connection.js';
 import { createRole } from '../../test/factories/role.js';
@@ -29,9 +26,6 @@ import { createPermission } from '../../test/factories/permission.js';
 import { createFlow } from '../../test/factories/flow.js';
 import { createStep } from '../../test/factories/step.js';
 import { createExecution } from '../../test/factories/execution.js';
-import { createSubscription } from '../../test/factories/subscription.js';
-import { createUsageData } from '../../test/factories/usage-data.js';
-import Billing from '../helpers/billing/index.ee.js';

 describe('User model', () => {
  it('tableName should return correct name', () => {
@@ -207,6 +201,64 @@ describe('User model', () => {
    expect(virtualAttributes).toStrictEqual(expectedAttributes);
  });

+  it('acceptInvitationUrl should return accept invitation page URL with invitation token', async () => {
+    const user = new User();
+    user.invitationToken = 'invitation-token';
+
+    vi.spyOn(appConfig, 'webAppUrl', 'get').mockReturnValue(
+      'https://automatisch.io'
+    );
+
+    expect(user.acceptInvitationUrl).toBe(
+      'https://automatisch.io/accept-invitation?token=invitation-token'
+    );
+  });
+
+  describe('authenticate', () => {
+    it('should create and return the token for correct email and password', async () => {
+      const user = await createUser({
+        email: 'test-user@automatisch.io',
+        password: 'sample-password',
+      });
+
+      const token = await User.authenticate(
+        'test-user@automatisch.io',
+        'sample-password'
+      );
+
+      const persistedToken = await AccessToken.query().findOne({
+        userId: user.id,
+      });
+
+      expect(token).toBe(persistedToken.token);
+    });
+
+    it('should return undefined for existing email and incorrect password', async () => {
+      await createUser({
+        email: 'test-user@automatisch.io',
+        password: 'sample-password',
+      });
+
+      const token = await User.authenticate(
+        'test-user@automatisch.io',
+        'wrong-password'
+      );
+
+      expect(token).toBe(undefined);
+    });
+
+    it('should return undefined for non-existing email', async () => {
+      await createUser({
+        email: 'test-user@automatisch.io',
+        password: 'sample-password',
+      });
+
+      const token = await User.authenticate('non-existing-user@automatisch.io');
+
+      expect(token).toBe(undefined);
+    });
+  });
+
  describe('authorizedFlows', () => {
    it('should return user flows with isCreator condition', async () => {
      const userRole = await createRole({ name: 'User' });
@@ -449,76 +501,6 @@ describe('User model', () => {
    });
  });

-  it('acceptInvitationUrl should return accept invitation page URL with invitation token', async () => {
-    const user = new User();
-    user.invitationToken = 'invitation-token';
-
-    vi.spyOn(appConfig, 'webAppUrl', 'get').mockReturnValue(
-      'https://automatisch.io'
-    );
-
-    expect(user.acceptInvitationUrl).toBe(
-      'https://automatisch.io/accept-invitation?token=invitation-token'
-    );
-  });
-
-  it('ability should return userAbility for the user', () => {
-    const user = new User();
-    user.fullName = 'Sample user';
-
-    const userAbilitySpy = vi
-      .spyOn(userAbilityModule, 'default')
-      .mockReturnValue('user-ability');
-
-    expect(user.ability).toStrictEqual('user-ability');
-    expect(userAbilitySpy).toHaveBeenNthCalledWith(1, user);
-  });
-
-  describe('authenticate', () => {
-    it('should create and return the token for correct email and password', async () => {
-      const user = await createUser({
-        email: 'test-user@automatisch.io',
-        password: 'sample-password',
-      });
-
-      const token = await User.authenticate(
-        'test-user@automatisch.io',
-        'sample-password'
-      );
-
-      const persistedToken = await AccessToken.query().findOne({
-        userId: user.id,
-      });
-
-      expect(token).toBe(persistedToken.token);
-    });
-
-    it('should return undefined for existing email and incorrect password', async () => {
-      await createUser({
-        email: 'test-user@automatisch.io',
-        password: 'sample-password',
-      });
-
-      const token = await User.authenticate(
-        'test-user@automatisch.io',
-        'wrong-password'
-      );
-
-      expect(token).toBe(undefined);
-    });
-
-    it('should return undefined for non-existing email', async () => {
-      await createUser({
-        email: 'test-user@automatisch.io',
-        password: 'sample-password',
-      });
-
-      const token = await User.authenticate('non-existing-user@automatisch.io');
-
-      expect(token).toBe(undefined);
-    });
-  });
-
  describe('login', () => {
    it('should return true when the given password matches with the user password', async () => {
      const user = await createUser({ password: 'sample-password' });
@@ -893,637 +875,4 @@ describe('User model', () => {

    vi.useRealTimers();
  });
-
-  describe('isAllowedToRunFlows', () => {
-    it('should return true when Automatisch is self hosted', async () => {
-      const user = new User();
-
-      vi.spyOn(appConfig, 'isSelfHosted', 'get').mockReturnValue(true);
-
-      expect(await user.isAllowedToRunFlows()).toBe(true);
-    });
-
-    it('should return true when the user is in trial', async () => {
-      const user = new User();
-
-      vi.spyOn(user, 'inTrial').mockResolvedValue(true);
-
-      expect(await user.isAllowedToRunFlows()).toBe(true);
-    });
-
-    it('should return true when the user has active subscription and within quota limits', async () => {
-      const user = new User();
-
-      vi.spyOn(user, 'hasActiveSubscription').mockResolvedValue(true);
-      vi.spyOn(user, 'withinLimits').mockResolvedValue(true);
-
-      expect(await user.isAllowedToRunFlows()).toBe(true);
-    });
-
-    it('should return false when the user has active subscription over quota limits', async () => {
-      const user = new User();
-
-      vi.spyOn(user, 'hasActiveSubscription').mockResolvedValue(true);
-      vi.spyOn(user, 'withinLimits').mockResolvedValue(false);
-
-      expect(await user.isAllowedToRunFlows()).toBe(false);
-    });
-
-    it('should return false otherwise', async () => {
-      const user = new User();
-
-      expect(await user.isAllowedToRunFlows()).toBe(false);
-    });
-  });
-
-  describe('inTrial', () => {
-    it('should return false when Automatisch is self hosted', async () => {
-      const user = new User();
-
-      vi.spyOn(appConfig, 'isSelfHosted', 'get').mockReturnValue(true);
-
-      expect(await user.inTrial()).toBe(false);
-    });
-
-    it('should return false when the user does not have trial expiry date', async () => {
-      const user = new User();
-
-      vi.spyOn(appConfig, 'isSelfHosted', 'get').mockReturnValue(false);
-
-      expect(await user.inTrial()).toBe(false);
-    });
-
-    it('should return false when the user has an active subscription', async () => {
-      const user = new User();
-      user.trialExpiryDate = '2024-12-14';
-
-      vi.spyOn(appConfig, 'isSelfHosted', 'get').mockReturnValue(false);
-
-      const hasActiveSubscriptionSpy = vi
-        .spyOn(user, 'hasActiveSubscription')
-        .mockResolvedValue(true);
-
-      expect(await user.inTrial()).toBe(false);
-      expect(hasActiveSubscriptionSpy).toHaveBeenCalledOnce();
-    });
-
-    it('should return true when trial expiry date is in future', async () => {
-      vi.useFakeTimers();
-
-      const date = DateTime.fromObject(
-        { year: 2024, month: 11, day: 12, hour: 17, minute: 30 },
-        { zone: 'UTC+0' }
-      );
-
-      vi.setSystemTime(date);
-
-      const user = await createUser();
-
-      await user.startTrialPeriod();
-
-      const refetchedUser = await user.$query();
-
-      vi.spyOn(appConfig, 'isSelfHosted', 'get').mockReturnValue(false);
-      vi.spyOn(refetchedUser, 'hasActiveSubscription').mockResolvedValue(false);
-
-      expect(await refetchedUser.inTrial()).toBe(true);
-
-      vi.useRealTimers();
-    });
-
-    it('should return false when trial expiry date is in past', async () => {
-      vi.useFakeTimers();
-
-      const user = await createUser();
-
-      await user.startTrialPeriod();
-
-      vi.setSystemTime(DateTime.now().plus({ month: 1 }));
-
-      const refetchedUser = await user.$query();
-
-      vi.spyOn(appConfig, 'isSelfHosted', 'get').mockReturnValue(false);
-      vi.spyOn(refetchedUser, 'hasActiveSubscription').mockResolvedValue(false);
-
-      expect(await refetchedUser.inTrial()).toBe(false);
-
-      vi.useRealTimers();
-    });
-  });
-
-  describe('hasActiveSubscription', () => {
-    it('should return true if current subscription is valid', async () => {
-      const user = await createUser();
-      await createSubscription({ userId: user.id, status: 'active' });
-
-      expect(await user.hasActiveSubscription()).toBe(true);
-    });
-
-    it('should return false if current subscription is not valid', async () => {
-      const user = await createUser();
-
-      await createSubscription({
-        userId: user.id,
-        status: 'deleted',
-        cancellationEffectiveDate: DateTime.now().minus({ day: 1 }).toString(),
-      });
-
-      expect(await user.hasActiveSubscription()).toBe(false);
-    });
-
-    it('should return false if Automatisch is not a cloud installation', async () => {
-      const user = new User();
-
-      vi.spyOn(appConfig, 'isCloud', 'get').mockReturnValue(false);
-
-      expect(await user.hasActiveSubscription()).toBe(false);
-    });
-  });
-
-  describe('withinLimits', () => {
-    it('should return true when the consumed task count is less than the quota', async () => {
-      const user = await createUser();
-      const subscription = await createSubscription({ userId: user.id });
-
-      await createUsageData({
-        subscriptionId: subscription.id,
-        userId: user.id,
-        consumedTaskCount: 100,
-      });
-
-      expect(await user.withinLimits()).toBe(true);
-    });
-
-    it('should return true when the consumed task count is less than the quota', async () => {
-      const user = await createUser();
-      const subscription = await createSubscription({ userId: user.id });
-
-      await createUsageData({
-        subscriptionId: subscription.id,
-        userId: user.id,
-        consumedTaskCount: 10000,
-      });
-
-      expect(await user.withinLimits()).toBe(false);
-    });
-  });
-
-  describe('getPlanAndUsage', () => {
-    it('should return plan and usage', async () => {
-      const user = await createUser();
-
-      const subscription = await createSubscription({ userId: user.id });
-
-      expect(await user.getPlanAndUsage()).toStrictEqual({
-        usage: {
-          task: 0,
-        },
-        plan: {
-          id: subscription.paddlePlanId,
-          name: '10k - monthly',
-          limit: '10,000',
-        },
-      });
-    });
-
-    it('should return trial plan and usage if no subscription exists', async () => {
-      const user = await createUser();
-
-      expect(await user.getPlanAndUsage()).toStrictEqual({
-        usage: {
-          task: 0,
-        },
-        plan: {
-          id: null,
-          name: 'Free Trial',
-          limit: null,
-        },
-      });
-    });
-
-    it('should throw not found when the current usage data does not exist', async () => {
-      vi.spyOn(appConfig, 'isCloud', 'get').mockReturnValue(false);
-
-      const user = await createUser();
-
-      await expect(() => user.getPlanAndUsage()).rejects.toThrow(
-        'NotFoundError'
-      );
-    });
-  });
-
-  describe('getInvoices', () => {
-    it('should return invoices for the current subscription', async () => {
-      const user = await createUser();
-      const subscription = await createSubscription({ userId: user.id });
-
-      const getInvoicesSpy = vi
-        .spyOn(Billing.paddleClient, 'getInvoices')
-        .mockResolvedValue('dummy-invoices');
-
-      expect(await user.getInvoices()).toBe('dummy-invoices');
-      expect(getInvoicesSpy).toHaveBeenCalledWith(
-        Number(subscription.paddleSubscriptionId)
-      );
-    });
-
-    it('should return empty array without any subscriptions', async () => {
-      const user = await createUser();
-
-      expect(await user.getInvoices()).toStrictEqual([]);
-    });
-  });
-
-  it.todo('getApps');
-
-  it('createAdmin should create admin with given data and mark the installation completed', async () => {
-    const adminRole = await createRole({ name: 'Admin' });
-
-    const markInstallationCompletedSpy = vi
-      .spyOn(Config, 'markInstallationCompleted')
-      .mockResolvedValue();
-
-    const adminUser = await User.createAdmin({
-      fullName: 'Sample admin',
-      email: 'admin@automatisch.io',
-      password: 'sample',
-    });
-
-    expect(adminUser).toMatchObject({
-      fullName: 'Sample admin',
-      email: 'admin@automatisch.io',
-      roleId: adminRole.id,
-    });
-
-    expect(markInstallationCompletedSpy).toHaveBeenCalledOnce();
-    expect(await adminUser.login('sample')).toBe(true);
-  });
-
-  describe('registerUser', () => {
-    it('should register user with user role and given data', async () => {
-      const userRole = await createRole({ name: 'User' });
-
-      const user = await User.registerUser({
-        fullName: 'Sample user',
-        email: 'user@automatisch.io',
-        password: 'sample-password',
-      });
-
-      expect(user).toMatchObject({
-        fullName: 'Sample user',
-        email: 'user@automatisch.io',
-        roleId: userRole.id,
-      });
-
-      expect(await user.login('sample-password')).toBe(true);
-    });
-
-    it('should throw not found error when user role does not exist', async () => {
-      await expect(() =>
-        User.registerUser({
-          fullName: 'Sample user',
-          email: 'user@automatisch.io',
-          password: 'sample-password',
-        })
-      ).rejects.toThrowError('NotFoundError');
-    });
-  });
-
-  describe('can', () => {
-    it('should return conditions for the given action and subject of the user', async () => {
-      const userRole = await createRole({ name: 'User' });
-
-      await createPermission({
-        roleId: userRole.id,
-        subject: 'Flow',
-        action: 'read',
-        conditions: ['isCreator'],
-      });
-
-      await createPermission({
-        roleId: userRole.id,
-        subject: 'Connection',
-        action: 'read',
-        conditions: [],
-      });
-
-      const user = await createUser({ roleId: userRole.id });
-
-      const userWithRoleAndPermissions = await user
-        .$query()
-        .withGraphFetched({ role: true, permissions: true });
-
-      expect(userWithRoleAndPermissions.can('read', 'Flow')).toStrictEqual({
-        isCreator: true,
-      });
-
-      expect(
-        userWithRoleAndPermissions.can('read', 'Connection')
-      ).toStrictEqual({});
-    });
-
-    it('should return not authorized error when the user is not permitted for the given action and subject', async () => {
-      const userRole = await createRole({ name: 'User' });
-      const user = await createUser({ roleId: userRole.id });
-
-      const userWithRoleAndPermissions = await user
-        .$query()
-        .withGraphFetched({ role: true, permissions: true });
-
-      expect(() => userWithRoleAndPermissions.can('read', 'Flow')).toThrowError(
-        'The user is not authorized!'
-      );
-    });
-  });
-
-  it('lowercaseEmail should lowercase the user email', () => {
-    const user = new User();
-    user.email = 'USER@AUTOMATISCH.IO';
-
-    user.lowercaseEmail();
-
-    expect(user.email).toBe('user@automatisch.io');
-  });
-
-  describe('createUsageData', () => {
-    it('should create usage data if Automatisch is a cloud installation', async () => {
-      vi.useFakeTimers();
-
-      vi.spyOn(appConfig, 'isCloud', 'get').mockReturnValue(true);
-
-      const user = await createUser({
-        fullName: 'Sample user',
-        email: 'user@automatisch.io',
-      });
-
-      vi.setSystemTime(DateTime.now().plus({ month: 1 }));
-
-      const usageData = await user.createUsageData();
-      const currentUsageData = await user.$relatedQuery('currentUsageData');
-
-      expect(usageData).toStrictEqual(currentUsageData);
-
-      vi.useRealTimers();
-    });
-
-    it('should not create usage data if Automatisch is not a cloud installation', async () => {
-      vi.spyOn(appConfig, 'isCloud', 'get').mockReturnValue(false);
-
-      const user = await createUser({
-        fullName: 'Sample user',
-        email: 'user@automatisch.io',
-      });
-
-      const usageData = await user.createUsageData();
-
-      expect(usageData).toBe(undefined);
-    });
-  });
-
-  describe('omitEnterprisePermissionsWithoutValidLicense', () => {
-    it('should return user as-is with valid license', async () => {
-      const userRole = await createRole({ name: 'User' });
-      const user = await createUser({
-        fullName: 'Sample user',
-        email: 'user@automatisch.io',
-        roleId: userRole.id,
-      });
-
-      const readFlowPermission = await createPermission({
-        roleId: userRole.id,
-        subject: 'Flow',
-        action: 'read',
-        conditions: [],
-      });
-
-      await createPermission({
-        roleId: userRole.id,
-        subject: 'App',
-        action: 'read',
-        conditions: [],
-      });
-
-      await createPermission({
-        roleId: userRole.id,
-        subject: 'Role',
-        action: 'read',
-        conditions: [],
-      });
-
-      await createPermission({
-        roleId: userRole.id,
-        subject: 'Config',
-        action: 'read',
-        conditions: [],
-      });
-
-      await createPermission({
-        roleId: userRole.id,
-        subject: 'SamlAuthProvider',
-        action: 'read',
-        conditions: [],
-      });
-
-      const userWithRoleAndPermissions = await user
-        .$query()
-        .withGraphFetched({ role: true, permissions: true });
-
-      expect(userWithRoleAndPermissions.permissions).toStrictEqual([
-        readFlowPermission,
-      ]);
-    });
-
-    it('should omit enterprise permissions without valid license', async () => {
-      vi.spyOn(licenseModule, 'hasValidLicense').mockResolvedValue(false);
-
-      const userRole = await createRole({ name: 'User' });
-      const user = await createUser({
-        fullName: 'Sample user',
-        email: 'user@automatisch.io',
-        roleId: userRole.id,
-      });
-
-      const readFlowPermission = await createPermission({
-        roleId: userRole.id,
-        subject: 'Flow',
-        action: 'read',
-        conditions: [],
-      });
-
-      await createPermission({
-        roleId: userRole.id,
-        subject: 'App',
-        action: 'read',
-        conditions: [],
-      });
-
-      await createPermission({
-        roleId: userRole.id,
-        subject: 'Role',
-        action: 'read',
-        conditions: [],
-      });
-
-      await createPermission({
-        roleId: userRole.id,
-        subject: 'Config',
-        action: 'read',
-        conditions: [],
-      });
-
-      await createPermission({
-        roleId: userRole.id,
-        subject: 'SamlAuthProvider',
-        action: 'read',
-        conditions: [],
-      });
-
-      const userWithRoleAndPermissions = await user
-        .$query()
-        .withGraphFetched({ role: true, permissions: true });
-
-      expect(userWithRoleAndPermissions.permissions).toStrictEqual([
-        readFlowPermission,
-      ]);
-    });
-  });
-
-  describe('$beforeInsert', () => {
-    it('should call super.$beforeInsert', async () => {
-      const superBeforeInsertSpy = vi
-        .spyOn(User.prototype, '$beforeInsert')
-        .mockResolvedValue();
-
-      await createUser();
-
-      expect(superBeforeInsertSpy).toHaveBeenCalledOnce();
-    });
-
-    it('should lowercase the user email', async () => {
-      const user = await createUser({
-        fullName: 'Sample user',
-        email: 'USER@AUTOMATISCH.IO',
-      });
-
-      expect(user.email).toBe('user@automatisch.io');
-    });
-
-    it('should generate password hash', async () => {
-      const user = await createUser({
-        fullName: 'Sample user',
-        email: 'user@automatisch.io',
-        password: 'sample-password',
-      });
-
-      expect(user.password).not.toBe('sample-password');
-      expect(await user.login('sample-password')).toBe(true);
-    });
-
-    it('should start trial period if Automatisch is a cloud installation', async () => {
-      vi.spyOn(appConfig, 'isCloud', 'get').mockReturnValue(true);
-
-      const startTrialPeriodSpy = vi.spyOn(User.prototype, 'startTrialPeriod');
-
-      await createUser({
-        fullName: 'Sample user',
-        email: 'user@automatisch.io',
-      });
-
-      expect(startTrialPeriodSpy).toHaveBeenCalledOnce();
-    });
-
-    it('should not start trial period if Automatisch is not a cloud installation', async () => {
-      vi.spyOn(appConfig, 'isCloud', 'get').mockReturnValue(false);
-
-      const startTrialPeriodSpy = vi.spyOn(User.prototype, 'startTrialPeriod');
-
-      await createUser({
-        fullName: 'Sample user',
-        email: 'user@automatisch.io',
-      });
-
-      expect(startTrialPeriodSpy).not.toHaveBeenCalled();
-    });
-  });
-
-  describe('$beforeUpdate', () => {
-    it('should call super.$beforeUpdate', async () => {
-      const superBeforeUpdateSpy = vi
-        .spyOn(User.prototype, '$beforeUpdate')
-        .mockResolvedValue();
-
-      const user = await createUser({
-        fullName: 'Sample user',
-        email: 'user@automatisch.io',
-      });
-
-      await user.$query().patch({ fullName: 'Updated user name' });
-
-      expect(superBeforeUpdateSpy).toHaveBeenCalledOnce();
-    });
-
-    it('should lowercase the user email if given', async () => {
-      const user = await createUser({
-        fullName: 'Sample user',
-        email: 'user@automatisch.io',
-      });
-
-      await user.$query().patchAndFetch({ email: 'NEW_EMAIL@AUTOMATISCH.IO' });
-
-      expect(user.email).toBe('new_email@automatisch.io');
-    });
-
-    it('should generate password hash', async () => {
-      const user = await createUser({
-        fullName: 'Sample user',
-        email: 'user@automatisch.io',
-        password: 'sample-password',
-      });
-
-      await user.$query().patchAndFetch({ password: 'new-password' });
-
-      expect(user.password).not.toBe('new-password');
-      expect(await user.login('new-password')).toBe(true);
-    });
-  });
-
-  describe('$afterInsert', () => {
-    it('should call super.$afterInsert', async () => {
-      const superAfterInsertSpy = vi.spyOn(User.prototype, '$afterInsert');
-
-      await createUser({
-        fullName: 'Sample user',
-        email: 'user@automatisch.io',
-      });
-
-      expect(superAfterInsertSpy).toHaveBeenCalledOnce();
-    });
-
-    it('should call createUsageData', async () => {
-      const createUsageDataSpy = vi.spyOn(User.prototype, 'createUsageData');
-
-      await createUser({
-        fullName: 'Sample user',
-        email: 'user@automatisch.io',
-      });
-
-      expect(createUsageDataSpy).toHaveBeenCalledOnce();
-    });
-  });
-
-  it('$afterFind should invoke omitEnterprisePermissionsWithoutValidLicense method', async () => {
-    const omitEnterprisePermissionsWithoutValidLicenseSpy = vi.spyOn(
-      User.prototype,
-      'omitEnterprisePermissionsWithoutValidLicense'
-    );
-
-    await createUser({
-      fullName: 'Sample user',
-      email: 'user@automatisch.io',
-    });
-
-    expect(
-      omitEnterprisePermissionsWithoutValidLicenseSpy
-    ).toHaveBeenCalledOnce();
-  });
 });
--- a/packages/backend/src/queues/action.js
+++ b/packages/backend/src/queues/action.js
@@ -11,6 +11,10 @@ const redisConnection = {

 const actionQueue = new Queue('action', redisConnection);

+process.on('SIGTERM', async () => {
+  await actionQueue.close();
+});
+
 actionQueue.on('error', (error) => {
  if (error.code === CONNECTION_REFUSED) {
    logger.error(
--- a/packages/backend/src/queues/delete-user.ee.js
+++ b/packages/backend/src/queues/delete-user.ee.js
@@ -11,6 +11,10 @@ const redisConnection = {

 const deleteUserQueue = new Queue('delete-user', redisConnection);

+process.on('SIGTERM', async () => {
+  await deleteUserQueue.close();
+});
+
 deleteUserQueue.on('error', (error) => {
  if (error.code === CONNECTION_REFUSED) {
    logger.error(
--- a/packages/backend/src/queues/email.js
+++ b/packages/backend/src/queues/email.js
@@ -11,6 +11,10 @@ const redisConnection = {

 const emailQueue = new Queue('email', redisConnection);

+process.on('SIGTERM', async () => {
+  await emailQueue.close();
+});
+
 emailQueue.on('error', (error) => {
  if (error.code === CONNECTION_REFUSED) {
    logger.error(
--- a/packages/backend/src/queues/flow.js
+++ b/packages/backend/src/queues/flow.js
@@ -11,6 +11,10 @@ const redisConnection = {

 const flowQueue = new Queue('flow', redisConnection);

+process.on('SIGTERM', async () => {
+  await flowQueue.close();
+});
+
 flowQueue.on('error', (error) => {
  if (error.code === CONNECTION_REFUSED) {
    logger.error(
--- a/packages/backend/src/queues/index.js
+++ b/packages/backend/src/queues/index.js
@@ -1,21 +0,0 @@
-import appConfig from '../config/app.js';
-import actionQueue from './action.js';
-import emailQueue from './email.js';
-import flowQueue from './flow.js';
-import triggerQueue from './trigger.js';
-import deleteUserQueue from './delete-user.ee.js';
-import removeCancelledSubscriptionsQueue from './remove-cancelled-subscriptions.ee.js';
-
-const queues = [
-  actionQueue,
-  emailQueue,
-  flowQueue,
-  triggerQueue,
-  deleteUserQueue,
-];
-
-if (appConfig.isCloud) {
-  queues.push(removeCancelledSubscriptionsQueue);
-}
-
-export default queues;
--- a/packages/backend/src/queues/remove-cancelled-subscriptions.ee.js
+++ b/packages/backend/src/queues/remove-cancelled-subscriptions.ee.js
@@ -14,6 +14,10 @@ const removeCancelledSubscriptionsQueue = new Queue(
  redisConnection
 );

+process.on('SIGTERM', async () => {
+  await removeCancelledSubscriptionsQueue.close();
+});
+
 removeCancelledSubscriptionsQueue.on('error', (error) => {
  if (error.code === CONNECTION_REFUSED) {
    logger.error(
--- a/packages/backend/src/queues/trigger.js
+++ b/packages/backend/src/queues/trigger.js
@@ -11,6 +11,10 @@ const redisConnection = {

 const triggerQueue = new Queue('trigger', redisConnection);

+process.on('SIGTERM', async () => {
+  await triggerQueue.close();
+});
+
 triggerQueue.on('error', (error) => {
  if (error.code === CONNECTION_REFUSED) {
    logger.error(
--- a/packages/backend/src/serializers/index.js
+++ b/packages/backend/src/serializers/index.js
@@ -26,7 +26,7 @@ const serializers = {
  Permission: permissionSerializer,
  AdminSamlAuthProvider: adminSamlAuthProviderSerializer,
  SamlAuthProvider: samlAuthProviderSerializer,
-  RoleMapping: samlAuthProviderRoleMappingSerializer,
+  SamlAuthProvidersRoleMapping: samlAuthProviderRoleMappingSerializer,
  AppAuthClient: appAuthClientSerializer,
  AppConfig: appConfigSerializer,
  Flow: flowSerializer,
--- a/packages/backend/src/worker.js
+++ b/packages/backend/src/worker.js
@@ -1,22 +1,20 @@
 import * as Sentry from './helpers/sentry.ee.js';
-import process from 'node:process';
+import appConfig from './config/app.js';

 Sentry.init();

 import './config/orm.js';
 import './helpers/check-worker-readiness.js';
-import queues from './queues/index.js';
-import workers from './workers/index.js';
+import './workers/flow.js';
+import './workers/trigger.js';
+import './workers/action.js';
+import './workers/email.js';
+import './workers/delete-user.ee.js';

-process.on('SIGTERM', async () => {
-  for (const queue of queues) {
-    await queue.close();
-  }
-
-  for (const worker of workers) {
-    await worker.close();
-  }
-});
+if (appConfig.isCloud) {
+  import('./workers/remove-cancelled-subscriptions.ee.js');
+  import('./queues/remove-cancelled-subscriptions.ee.js');
+}

 import telemetry from './helpers/telemetry/index.js';

--- a/packages/backend/src/workers/action.js
+++ b/packages/backend/src/workers/action.js
@@ -1,4 +1,5 @@
 import { Worker } from 'bullmq';
+import process from 'node:process';

 import * as Sentry from '../helpers/sentry.ee.js';
 import redisConfig from '../config/redis.js';
@@ -14,7 +15,7 @@ import delayAsMilliseconds from '../helpers/delay-as-milliseconds.js';

 const DEFAULT_DELAY_DURATION = 0;

-const actionWorker = new Worker(
+export const worker = new Worker(
  'action',
  async (job) => {
    const { stepId, flowId, executionId, computedParameters, executionStep } =
@@ -54,11 +55,11 @@ const actionWorker = new Worker(
  { connection: redisConfig }
 );

-actionWorker.on('completed', (job) => {
+worker.on('completed', (job) => {
  logger.info(`JOB ID: ${job.id} - FLOW ID: ${job.data.flowId} has started!`);
 });

-actionWorker.on('failed', (job, err) => {
+worker.on('failed', (job, err) => {
  const errorMessage = `
    JOB ID: ${job.id} - FLOW ID: ${job.data.flowId} has failed to start with ${err.message}
    \n ${err.stack}
@@ -73,4 +74,6 @@ actionWorker.on('failed', (job, err) => {
  });
 });

-export default actionWorker;
+process.on('SIGTERM', async () => {
+  await worker.close();
+});
--- a/packages/backend/src/workers/delete-user.ee.js
+++ b/packages/backend/src/workers/delete-user.ee.js
@@ -1,4 +1,5 @@
 import { Worker } from 'bullmq';
+import process from 'node:process';

 import * as Sentry from '../helpers/sentry.ee.js';
 import redisConfig from '../config/redis.js';
@@ -7,7 +8,7 @@ import appConfig from '../config/app.js';
 import User from '../models/user.js';
 import ExecutionStep from '../models/execution-step.js';

-const deleteUserWorker = new Worker(
+export const worker = new Worker(
  'delete-user',
  async (job) => {
    const { id } = job.data;
@@ -45,13 +46,13 @@ const deleteUserWorker = new Worker(
  { connection: redisConfig }
 );

-deleteUserWorker.on('completed', (job) => {
+worker.on('completed', (job) => {
  logger.info(
    `JOB ID: ${job.id} - The user with the ID of '${job.data.id}' has been deleted!`
  );
 });

-deleteUserWorker.on('failed', (job, err) => {
+worker.on('failed', (job, err) => {
  const errorMessage = `
    JOB ID: ${job.id} - The user with the ID of '${job.data.id}' has failed to be deleted! ${err.message}
    \n ${err.stack}
@@ -66,4 +67,6 @@ deleteUserWorker.on('failed', (job, err) => {
  });
 });

-export default deleteUserWorker;
+process.on('SIGTERM', async () => {
+  await worker.close();
+});
--- a/packages/backend/src/workers/email.js
+++ b/packages/backend/src/workers/email.js
@@ -1,4 +1,5 @@
 import { Worker } from 'bullmq';
+import process from 'node:process';

 import * as Sentry from '../helpers/sentry.ee.js';
 import redisConfig from '../config/redis.js';
@@ -15,7 +16,7 @@ const isAutomatischEmail = (email) => {
  return email.endsWith('@automatisch.io');
 };

-const emailWorker = new Worker(
+export const worker = new Worker(
  'email',
  async (job) => {
    const { email, subject, template, params } = job.data;
@@ -38,13 +39,13 @@ const emailWorker = new Worker(
  { connection: redisConfig }
 );

-emailWorker.on('completed', (job) => {
+worker.on('completed', (job) => {
  logger.info(
    `JOB ID: ${job.id} - ${job.data.subject} email sent to ${job.data.email}!`
  );
 });

-emailWorker.on('failed', (job, err) => {
+worker.on('failed', (job, err) => {
  const errorMessage = `
    JOB ID: ${job.id} - ${job.data.subject} email to ${job.data.email} has failed to send with ${err.message}
    \n ${err.stack}
@@ -59,4 +60,6 @@ emailWorker.on('failed', (job, err) => {
  });
 });

-export default emailWorker;
+process.on('SIGTERM', async () => {
+  await worker.close();
+});
--- a/packages/backend/src/workers/flow.js
+++ b/packages/backend/src/workers/flow.js
@@ -1,4 +1,5 @@
 import { Worker } from 'bullmq';
+import process from 'node:process';

 import * as Sentry from '../helpers/sentry.ee.js';
 import redisConfig from '../config/redis.js';
@@ -12,7 +13,7 @@ import {
  REMOVE_AFTER_7_DAYS_OR_50_JOBS,
 } from '../helpers/remove-job-configuration.js';

-const flowWorker = new Worker(
+export const worker = new Worker(
  'flow',
  async (job) => {
    const { flowId } = job.data;
@@ -63,11 +64,11 @@ const flowWorker = new Worker(
  { connection: redisConfig }
 );

-flowWorker.on('completed', (job) => {
+worker.on('completed', (job) => {
  logger.info(`JOB ID: ${job.id} - FLOW ID: ${job.data.flowId} has started!`);
 });

-flowWorker.on('failed', async (job, err) => {
+worker.on('failed', async (job, err) => {
  const errorMessage = `
    JOB ID: ${job.id} - FLOW ID: ${job.data.flowId} has failed to start with ${err.message}
    \n ${err.stack}
@@ -94,4 +95,6 @@ flowWorker.on('failed', async (job, err) => {
  });
 });

-export default flowWorker;
+process.on('SIGTERM', async () => {
+  await worker.close();
+});
--- a/packages/backend/src/workers/index.js
+++ b/packages/backend/src/workers/index.js
@@ -1,21 +0,0 @@
-import appConfig from '../config/app.js';
-import actionWorker from './action.js';
-import emailWorker from './email.js';
-import flowWorker from './flow.js';
-import triggerWorker from './trigger.js';
-import deleteUserWorker from './delete-user.ee.js';
-import removeCancelledSubscriptionsWorker from './remove-cancelled-subscriptions.ee.js';
-
-const workers = [
-  actionWorker,
-  emailWorker,
-  flowWorker,
-  triggerWorker,
-  deleteUserWorker,
-];
-
-if (appConfig.isCloud) {
-  workers.push(removeCancelledSubscriptionsWorker);
-}
-
-export default workers;
--- a/packages/backend/src/workers/remove-cancelled-subscriptions.ee.js
+++ b/packages/backend/src/workers/remove-cancelled-subscriptions.ee.js
@@ -1,11 +1,12 @@
 import { Worker } from 'bullmq';
+import process from 'node:process';
 import { DateTime } from 'luxon';
 import * as Sentry from '../helpers/sentry.ee.js';
 import redisConfig from '../config/redis.js';
 import logger from '../helpers/logger.js';
 import Subscription from '../models/subscription.ee.js';

-const removeCancelledSubscriptionsWorker = new Worker(
+export const worker = new Worker(
  'remove-cancelled-subscriptions',
  async () => {
    await Subscription.query()
@@ -22,13 +23,13 @@ const removeCancelledSubscriptionsWorker = new Worker(
  { connection: redisConfig }
 );

-removeCancelledSubscriptionsWorker.on('completed', (job) => {
+worker.on('completed', (job) => {
  logger.info(
    `JOB ID: ${job.id} - The cancelled subscriptions have been removed!`
  );
 });

-removeCancelledSubscriptionsWorker.on('failed', (job, err) => {
+worker.on('failed', (job, err) => {
  const errorMessage = `
    JOB ID: ${job.id} - ERROR: The cancelled subscriptions can not be removed! ${err.message}
    \n ${err.stack}
@@ -41,4 +42,6 @@ removeCancelledSubscriptionsWorker.on('failed', (job, err) => {
  });
 });

-export default removeCancelledSubscriptionsWorker;
+process.on('SIGTERM', async () => {
+  await worker.close();
+});
--- a/packages/backend/src/workers/trigger.js
+++ b/packages/backend/src/workers/trigger.js
@@ -1,4 +1,5 @@
 import { Worker } from 'bullmq';
+import process from 'node:process';

 import * as Sentry from '../helpers/sentry.ee.js';
 import redisConfig from '../config/redis.js';
@@ -11,7 +12,7 @@ import {
  REMOVE_AFTER_7_DAYS_OR_50_JOBS,
 } from '../helpers/remove-job-configuration.js';

-const triggerWorker = new Worker(
+export const worker = new Worker(
  'trigger',
  async (job) => {
    const { flowId, executionId, stepId, executionStep } = await processTrigger(
@@ -40,11 +41,11 @@ const triggerWorker = new Worker(
  { connection: redisConfig }
 );

-triggerWorker.on('completed', (job) => {
+worker.on('completed', (job) => {
  logger.info(`JOB ID: ${job.id} - FLOW ID: ${job.data.flowId} has started!`);
 });

-triggerWorker.on('failed', (job, err) => {
+worker.on('failed', (job, err) => {
  const errorMessage = `
    JOB ID: ${job.id} - FLOW ID: ${job.data.flowId} has failed to start with ${err.message}
    \n ${err.stack}
@@ -59,4 +60,6 @@ triggerWorker.on('failed', (job, err) => {
  });
 });

-export default triggerWorker;
+process.on('SIGTERM', async () => {
+  await worker.close();
+});
--- a/packages/backend/test/factories/role-mapping.js
+++ b/packages/backend/test/factories/role-mapping.js
@@ -1,15 +1,16 @@
-import { faker } from '@faker-js/faker';
 import { createRole } from './role.js';
-import RoleMapping from '../../src/models/role-mapping.ee.js';
 import { createSamlAuthProvider } from './saml-auth-provider.ee.js';
+import SamlAuthProviderRoleMapping from '../../src/models/saml-auth-providers-role-mapping.ee.js';

 export const createRoleMapping = async (params = {}) => {
-  params.roleId = params.roleId || (await createRole()).id;
+  params.roleId = params?.roleId || (await createRole()).id;
  params.samlAuthProviderId =
-    params.samlAuthProviderId || (await createSamlAuthProvider()).id;
-  params.remoteRoleName = params.remoteRoleName || faker.person.jobType();
+    params?.samlAuthProviderId || (await createSamlAuthProvider()).id;

-  const roleMapping = await RoleMapping.query().insertAndFetch(params);
+  params.remoteRoleName = params?.remoteRoleName || 'User';

-  return roleMapping;
+  const samlAuthProviderRoleMapping =
+    await SamlAuthProviderRoleMapping.query().insertAndFetch(params);
+
+  return samlAuthProviderRoleMapping;
 };
--- a/packages/backend/test/factories/saml-auth-providers-role-mapping.js
+++ b/packages/backend/test/factories/saml-auth-providers-role-mapping.js
@@ -0,0 +1,16 @@
+import { faker } from '@faker-js/faker';
+import { createRole } from './role.js';
+import SamlAuthProvidersRoleMapping from '../../src/models/saml-auth-providers-role-mapping.ee.js';
+import { createSamlAuthProvider } from './saml-auth-provider.ee.js';
+
+export const createSamlAuthProvidersRoleMapping = async (params = {}) => {
+  params.roleId = params.roleId || (await createRole()).id;
+  params.samlAuthProviderId =
+    params.samlAuthProviderId || (await createSamlAuthProvider()).id;
+  params.remoteRoleName = params.remoteRoleName || faker.person.jobType();
+
+  const samlAuthProvider =
+    await SamlAuthProvidersRoleMapping.query().insertAndFetch(params);
+
+  return samlAuthProvider;
+};
--- a/packages/backend/test/mocks/rest/api/v1/admin/saml-auth-providers/get-role-mappings.ee.js
+++ b/packages/backend/test/mocks/rest/api/v1/admin/saml-auth-providers/get-role-mappings.ee.js
@@ -15,7 +15,7 @@ const getRoleMappingsMock = async (roleMappings) => {
      currentPage: null,
      isArray: true,
      totalPages: null,
-      type: 'RoleMapping',
+      type: 'SamlAuthProvidersRoleMapping',
    },
  };
 };
--- a/packages/backend/test/mocks/rest/api/v1/admin/saml-auth-providers/update-role-mappings.ee.js
+++ b/packages/backend/test/mocks/rest/api/v1/admin/saml-auth-providers/update-role-mappings.ee.js
@@ -15,7 +15,7 @@ const createRoleMappingsMock = async (roleMappings) => {
      currentPage: null,
      isArray: true,
      totalPages: null,
-      type: 'RoleMapping',
+      type: 'SamlAuthProvidersRoleMapping',
    },
  };
 };
--- a/packages/e2e-tests/fixtures/admin/delete-role-modal.js
+++ b/packages/e2e-tests/fixtures/admin/delete-role-modal.js
@@ -9,7 +9,6 @@ export class DeleteRoleModal {
    this.modal = page.getByTestId('delete-role-modal');
    this.cancelButton = this.modal.getByTestId('confirmation-cancel-button');
    this.deleteButton = this.modal.getByTestId('confirmation-confirm-button');
-    this.deleteAlert = this.modal.getByTestId('confirmation-dialog-error-alert');
  }

  async close () {
--- a/packages/e2e-tests/tests/admin/manage-roles.spec.js
+++ b/packages/e2e-tests/tests/admin/manage-roles.spec.js
@@ -218,7 +218,12 @@ test.describe('Role management page', () => {
        const row = await adminRolesPage.getRoleRowByName('Delete Role');
        const modal = await adminRolesPage.clickDeleteRole(row);
        await modal.deleteButton.click();
-        await expect(modal.deleteAlert).toHaveCount(1);
+        await adminRolesPage.snackbar.waitFor({
+          state: 'attached',
+        });
+        const snackbar = await adminRolesPage.getSnackbarData('snackbar-delete-role-error');
+        await expect(snackbar.variant).toBe('error');
+        await adminRolesPage.closeSnackbar();
        await modal.close();
      }
    );
@@ -313,6 +318,7 @@ test.describe('Role management page', () => {
      const row = await adminUsersPage.findUserPageWithEmail(
        'user-delete-role-test@automatisch.io'
      );
+      // await test.waitForTimeout(10000);
      const modal = await adminUsersPage.clickDeleteUser(row);
      await modal.deleteButton.click();
      await adminUsersPage.snackbar.waitFor({
@@ -329,7 +335,15 @@ test.describe('Role management page', () => {
      const row = await adminRolesPage.getRoleRowByName('Cannot Delete Role');
      const modal = await adminRolesPage.clickDeleteRole(row);
      await modal.deleteButton.click();
-      await expect(modal.deleteAlert).toHaveCount(1);
+      await adminRolesPage.snackbar.waitFor({
+        state: 'attached',
+      });
+      /*
+        * TODO: await snackbar - make assertions based on product
+        * decisions
+        const snackbar = await adminRolesPage.getSnackbarData();
+        await expect(snackbar.variant).toBe('...');
+        */
      await adminRolesPage.closeSnackbar();
    });
  });
--- a/packages/web/src/components/ConfirmationDialog/index.jsx
+++ b/packages/web/src/components/ConfirmationDialog/index.jsx
@@ -6,7 +6,6 @@ import DialogActions from '@mui/material/DialogActions';
 import DialogContent from '@mui/material/DialogContent';
 import DialogContentText from '@mui/material/DialogContentText';
 import DialogTitle from '@mui/material/DialogTitle';
-import Alert from '@mui/material/Alert';

 function ConfirmationDialog(props) {
  const {
@@ -17,7 +16,6 @@ function ConfirmationDialog(props) {
    cancelButtonChildren,
    confirmButtonChildren,
    open = true,
-    errorMessage,
  } = props;
  const dataTest = props['data-test'];
  return (
@@ -46,11 +44,6 @@ function ConfirmationDialog(props) {
          </Button>
        )}
      </DialogActions>
-      {errorMessage && (
-        <Alert data-test="confirmation-dialog-error-alert" severity="error">
-          {errorMessage}
-        </Alert>
-      )}
    </Dialog>
  );
 }
@@ -64,7 +57,6 @@ ConfirmationDialog.propTypes = {
  confirmButtonChildren: PropTypes.node.isRequired,
  open: PropTypes.bool,
  'data-test': PropTypes.string,
-  errorMessage: PropTypes.string,
 };

 export default ConfirmationDialog;
--- a/packages/web/src/components/DeleteRoleButton/index.ee.jsx
+++ b/packages/web/src/components/DeleteRoleButton/index.ee.jsx
@@ -4,7 +4,6 @@ import IconButton from '@mui/material/IconButton';
 import useEnqueueSnackbar from 'hooks/useEnqueueSnackbar';
 import * as React from 'react';

-import { getGeneralErrorMessage, getFieldErrorMessage } from 'helpers/errors';
 import Can from 'components/Can';
 import ConfirmationDialog from 'components/ConfirmationDialog';
 import useFormatMessage from 'hooks/useFormatMessage';
@@ -16,21 +15,7 @@ function DeleteRoleButton(props) {
  const formatMessage = useFormatMessage();
  const enqueueSnackbar = useEnqueueSnackbar();

-  const {
-    mutateAsync: deleteRole,
-    error: deleteRoleError,
-    reset: resetDeleteRole,
-  } = useAdminDeleteRole(roleId);
-
-  const roleErrorMessage = getFieldErrorMessage({
-    fieldName: 'role',
-    error: deleteRoleError,
-  });
-
-  const generalErrorMessage = getGeneralErrorMessage({
-    error: deleteRoleError,
-    fallbackMessage: formatMessage('deleteRoleButton.generalError'),
-  });
+  const { mutateAsync: deleteRole } = useAdminDeleteRole(roleId);

  const handleConfirm = React.useCallback(async () => {
    try {
@@ -43,13 +28,23 @@ function DeleteRoleButton(props) {
          'data-test': 'snackbar-delete-role-success',
        },
      });
-    } catch {}
-  }, [deleteRole, enqueueSnackbar, formatMessage]);
+    } catch (error) {
+      const errors = Object.values(
+        error.response.data.errors || [['Failed while deleting!']],
+      );

-  const handleClose = () => {
-    setShowConfirmation(false);
-    resetDeleteRole();
-  };
+      for (const [error] of errors) {
+        enqueueSnackbar(error, {
+          variant: 'error',
+          SnackbarProps: {
+            'data-test': 'snackbar-delete-role-error',
+          },
+        });
+      }
+
+      throw new Error('Failed while deleting!');
+    }
+  }, [deleteRole, enqueueSnackbar, formatMessage]);

  return (
    <>
@@ -70,12 +65,11 @@ function DeleteRoleButton(props) {
        open={showConfirmation}
        title={formatMessage('deleteRoleButton.title')}
        description={formatMessage('deleteRoleButton.description')}
-        onClose={handleClose}
+        onClose={() => setShowConfirmation(false)}
        onConfirm={handleConfirm}
        cancelButtonChildren={formatMessage('deleteRoleButton.cancel')}
        confirmButtonChildren={formatMessage('deleteRoleButton.confirm')}
        data-test="delete-role-modal"
-        errorMessage={roleErrorMessage || generalErrorMessage}
      />
    </>
  );
--- a/packages/web/src/components/DeleteUserButton/index.ee.jsx
+++ b/packages/web/src/components/DeleteUserButton/index.ee.jsx
@@ -3,7 +3,6 @@ import DeleteIcon from '@mui/icons-material/Delete';
 import IconButton from '@mui/material/IconButton';
 import { useQueryClient } from '@tanstack/react-query';

-import { getGeneralErrorMessage } from 'helpers/errors';
 import useEnqueueSnackbar from 'hooks/useEnqueueSnackbar';
 import * as React from 'react';
 import ConfirmationDialog from 'components/ConfirmationDialog';
@@ -13,21 +12,12 @@ import useAdminUserDelete from 'hooks/useAdminUserDelete';
 function DeleteUserButton(props) {
  const { userId } = props;
  const [showConfirmation, setShowConfirmation] = React.useState(false);
-  const {
-    mutateAsync: deleteUser,
-    error: deleteUserError,
-    reset: resetDeleteUser,
-  } = useAdminUserDelete(userId);
+  const { mutateAsync: deleteUser } = useAdminUserDelete(userId);

  const formatMessage = useFormatMessage();
  const enqueueSnackbar = useEnqueueSnackbar();
  const queryClient = useQueryClient();

-  const generalErrorMessage = getGeneralErrorMessage({
-    error: deleteUserError,
-    fallbackMessage: formatMessage('deleteUserButton.deleteError'),
-  });
-
  const handleConfirm = React.useCallback(async () => {
    try {
      await deleteUser();
@@ -39,14 +29,16 @@ function DeleteUserButton(props) {
          'data-test': 'snackbar-delete-user-success',
        },
      });
-    } catch {}
+    } catch (error) {
+      enqueueSnackbar(
+        error?.message || formatMessage('deleteUserButton.deleteError'),
+        {
+          variant: 'error',
+        },
+      );
+    }
  }, [deleteUser]);

-  const handleClose = () => {
-    setShowConfirmation(false);
-    resetDeleteUser();
-  };
-
  return (
    <>
      <IconButton
@@ -61,12 +53,11 @@ function DeleteUserButton(props) {
        open={showConfirmation}
        title={formatMessage('deleteUserButton.title')}
        description={formatMessage('deleteUserButton.description')}
-        onClose={handleClose}
+        onClose={() => setShowConfirmation(false)}
        onConfirm={handleConfirm}
        cancelButtonChildren={formatMessage('deleteUserButton.cancel')}
        confirmButtonChildren={formatMessage('deleteUserButton.confirm')}
        data-test="delete-user-modal"
-        errorMessage={generalErrorMessage}
      />
    </>
  );
--- a/packages/web/src/components/ForgotPasswordForm/index.ee.jsx
+++ b/packages/web/src/components/ForgotPasswordForm/index.ee.jsx
@@ -1,8 +1,8 @@
 import * as React from 'react';
 import Paper from '@mui/material/Paper';
 import Typography from '@mui/material/Typography';
-import Alert from '@mui/material/Alert';
 import LoadingButton from '@mui/lab/LoadingButton';
+import { enqueueSnackbar } from 'notistack';

 import useForgotPassword from 'hooks/useForgotPassword';
 import Form from 'components/Form';
@@ -12,17 +12,25 @@ import useFormatMessage from 'hooks/useFormatMessage';
 export default function ForgotPasswordForm() {
  const formatMessage = useFormatMessage();
  const {
-    mutate: forgotPassword,
+    mutateAsync: forgotPassword,
    isPending: loading,
    isSuccess,
-    isError,
-    error,
  } = useForgotPassword();

-  const handleSubmit = ({ email }) => {
-    forgotPassword({
-      email,
-    });
+  const handleSubmit = async (values) => {
+    const { email } = values;
+    try {
+      await forgotPassword({
+        email,
+      });
+    } catch (error) {
+      enqueueSnackbar(
+        error?.message || formatMessage('forgotPasswordForm.error'),
+        {
+          variant: 'error',
+        },
+      );
+    }
  };

  return (
@@ -49,16 +57,6 @@ export default function ForgotPasswordForm() {
          margin="dense"
          autoComplete="username"
        />
-        {isError && (
-          <Alert severity="error" sx={{ mt: 2 }}>
-            {error?.message || formatMessage('forgotPasswordForm.error')}
-          </Alert>
-        )}
-        {isSuccess && (
-          <Alert severity="success" sx={{ mt: 2 }}>
-            {formatMessage('forgotPasswordForm.instructionsSent')}
-          </Alert>
-        )}
        <LoadingButton
          type="submit"
          variant="contained"
@@ -70,6 +68,14 @@ export default function ForgotPasswordForm() {
        >
          {formatMessage('forgotPasswordForm.submit')}
        </LoadingButton>
+        {isSuccess && (
+          <Typography
+            variant="body1"
+            sx={{ color: (theme) => theme.palette.success.main }}
+          >
+            {formatMessage('forgotPasswordForm.instructionsSent')}
+          </Typography>
+        )}
      </Form>
    </Paper>
  );
--- a/packages/web/src/components/LoginForm/index.jsx
+++ b/packages/web/src/components/LoginForm/index.jsx
@@ -2,7 +2,6 @@ import * as React from 'react';
 import { useNavigate, Link as RouterLink } from 'react-router-dom';
 import Paper from '@mui/material/Paper';
 import Link from '@mui/material/Link';
-import Alert from '@mui/material/Alert';
 import Typography from '@mui/material/Typography';
 import LoadingButton from '@mui/lab/LoadingButton';
 import useAuthentication from 'hooks/useAuthentication';
@@ -12,6 +11,7 @@ import Form from 'components/Form';
 import TextField from 'components/TextField';
 import useFormatMessage from 'hooks/useFormatMessage';
 import useCreateAccessToken from 'hooks/useCreateAccessToken';
+import { Alert } from '@mui/material';

 function LoginForm() {
  const isCloud = useCloud();
@@ -45,7 +45,7 @@ function LoginForm() {

  const renderError = () => {
    const errors = error?.response?.data?.errors?.general || [
-      error?.message || formatMessage('loginForm.error'),
+      formatMessage('loginForm.error'),
    ];

    return errors.map((error) => (
--- a/packages/web/src/components/ResetPasswordForm/index.ee.jsx
+++ b/packages/web/src/components/ResetPasswordForm/index.ee.jsx
@@ -2,7 +2,6 @@ import { yupResolver } from '@hookform/resolvers/yup';
 import LoadingButton from '@mui/lab/LoadingButton';
 import Paper from '@mui/material/Paper';
 import Typography from '@mui/material/Typography';
-import Alert from '@mui/material/Alert';
 import useEnqueueSnackbar from 'hooks/useEnqueueSnackbar';
 import * as React from 'react';
 import { useNavigate, useSearchParams } from 'react-router-dom';
@@ -31,8 +30,6 @@ export default function ResetPasswordForm() {
    mutateAsync: resetPassword,
    isPending,
    isSuccess,
-    error,
-    isError,
  } = useResetPassword();
  const token = searchParams.get('token');

@@ -50,23 +47,14 @@ export default function ResetPasswordForm() {
        },
      });
      navigate(URLS.LOGIN);
-    } catch {}
-  };
-
-  const renderError = () => {
-    if (!isError) {
-      return null;
+    } catch (error) {
+      enqueueSnackbar(
+        error?.message || formatMessage('resetPasswordForm.error'),
+        {
+          variant: 'error',
+        },
+      );
    }
-
-    const errors = error?.response?.data?.errors?.general || [
-      error?.message || formatMessage('resetPasswordForm.error'),
-    ];
-
-    return errors.map((error) => (
-      <Alert severity="error" sx={{ mt: 2 }}>
-        {error}
-      </Alert>
-    ));
  };

  return (
@@ -108,6 +96,7 @@ export default function ResetPasswordForm() {
                  : ''
              }
            />
+
            <TextField
              label={formatMessage(
                'resetPasswordForm.confirmPasswordFieldLabel',
@@ -128,7 +117,7 @@ export default function ResetPasswordForm() {
                  : ''
              }
            />
-            {renderError()}
+
            <LoadingButton
              type="submit"
              variant="contained"
--- a/packages/web/src/helpers/errors.js
+++ b/packages/web/src/helpers/errors.js
@@ -1,29 +0,0 @@
-// Helpers to extract errors received from the API
-
-export const getGeneralErrorMessage = ({ error, fallbackMessage }) => {
-  if (!error) {
-    return;
-  }
-
-  const errors = error?.response?.data?.errors;
-  const generalError = errors?.general;
-
-  if (generalError && Array.isArray(generalError)) {
-    return generalError.join(' ');
-  }
-
-  if (!errors) {
-    return error?.message || fallbackMessage;
-  }
-};
-
-export const getFieldErrorMessage = ({ fieldName, error }) => {
-  const errors = error?.response?.data?.errors;
-  const fieldErrors = errors?.[fieldName];
-
-  if (fieldErrors && Array.isArray(fieldErrors)) {
-    return fieldErrors.join(', ');
-  }
-
-  return '';
-};
--- a/packages/web/src/locales/en.json
+++ b/packages/web/src/locales/en.json
@@ -245,7 +245,6 @@
  "deleteRoleButton.cancel": "Cancel",
  "deleteRoleButton.confirm": "Delete",
  "deleteRoleButton.successfullyDeleted": "The role has been deleted.",
-  "deleteRoleButton.generalError": "Failed while deleting!",
  "editRolePage.title": "Edit role",
  "createRolePage.title": "Create role",
  "roleForm.name": "Name",
--- a/packages/web/src/pages/Authentication/RoleMappings.jsx
+++ b/packages/web/src/pages/Authentication/RoleMappings.jsx
@@ -66,8 +66,8 @@ function RoleMappings({ provider, providerLoading }) {
  const enqueueSnackbar = useEnqueueSnackbar();

  const {
-    mutateAsync: updateRoleMappings,
-    isPending: isUpdateRoleMappingsPending,
+    mutateAsync: updateSamlAuthProvidersRoleMappings,
+    isPending: isUpdateSamlAuthProvidersRoleMappingsPending,
  } = useAdminUpdateSamlAuthProviderRoleMappings(provider?.id);

  const { data, isLoading: isAdminSamlAuthProviderRoleMappingsLoading } =
@@ -79,7 +79,7 @@ function RoleMappings({ provider, providerLoading }) {
  const handleRoleMappingsUpdate = async (values) => {
    try {
      if (provider?.id) {
-        await updateRoleMappings(
+        await updateSamlAuthProvidersRoleMappings(
          values.roleMappings.map(({ roleId, remoteRoleName }) => ({
            roleId,
            remoteRoleName,
@@ -148,7 +148,7 @@ function RoleMappings({ provider, providerLoading }) {
            variant="contained"
            color="primary"
            sx={{ boxShadow: 2 }}
-            loading={isUpdateRoleMappingsPending}
+            loading={isUpdateSamlAuthProvidersRoleMappingsPending}
          >
            {formatMessage('roleMappingsForm.save')}
          </LoadingButton>