pangolin_mirror/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-02-25 06:16:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

sync user clients to org on add/remove user org

Browse Source
This commit is contained in:
miloschwartz
2025-11-08 17:51:51 -08:00
parent a70799c8c0
commit 5602d8ee64
6 changed files with 332 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
server/routers/idp/validateOidcCallback.ts
View File

@@ -33,6 +33,7 @@ import { UserType } from "@server/types/UserTypes";
import { FeatureId } from "@server/lib/billing";
import { usageService } from "@server/lib/billing/usageService";
import { build } from "@server/build";
import { calculateUserClientsForOrgs } from "@server/lib/calculateUserClientsForOrgs";
const ensureTrailingSlash = (url: string): string => {
return url;
@@ -364,10 +365,18 @@ export async function validateOidcCallback(
);
if (!existingUserOrgs.length) {
// delete the user
// await db
// .delete(users)
// .where(eq(users.userId, existingUser.userId));
// delete all auto -provisioned user orgs
await db
.delete(userOrgs)
.where(
and(
eq(userOrgs.userId, existingUser.userId),
eq(userOrgs.autoProvisioned, true)
)
);
await calculateUserClientsForOrgs(existingUser.userId);
return next(
createHttpError(
HttpCode.UNAUTHORIZED,
@@ -513,6 +522,8 @@ export async function validateOidcCallback(
userCount: userCount.length
});
}
await calculateUserClientsForOrgs(userId!, trx);
});
for (const orgCount of orgUserCounts) {
@@ -553,6 +564,24 @@ export async function validateOidcCallback(
);
}
// check for existing user orgs
const existingUserOrgs = await db
.select()
.from(userOrgs)
.where(and(eq(userOrgs.userId, existingUser.userId)));
if (!existingUserOrgs.length) {
logger.debug(
"No existing user orgs found for non-auto-provisioned IdP"
);
return next(
createHttpError(
HttpCode.UNAUTHORIZED,
`User with username ${userIdentifier} is unprovisioned. This user must be added to an organization before logging in.`
)
);
}
const token = generateSessionToken();
const sess = await createSession(token, existingUser.userId);
const isSecure = req.protocol === "https";

20
server/routers/olm/createUserOlm.ts
View File

@@ -1,8 +1,7 @@
import { NextFunction, Request, Response } from "express";
import { db } from "@server/db";
import { db, olms } from "@server/db";
import HttpCode from "@server/types/HttpCode";
import { z } from "zod";
import { olms } from "@server/db";
import createHttpError from "http-errors";
import response from "@server/lib/response";
import moment from "moment";
@@ -10,6 +9,7 @@ import { generateId } from "@server/auth/sessions/app";
import { fromError } from "zod-validation-error";
import { hashPassword } from "@server/auth/password";
import { OpenAPITags, registry } from "@server/openApi";
import { calculateUserClientsForOrgs } from "@server/lib/calculateUserClientsForOrgs";
const bodySchema = z
.object({
@@ -81,12 +81,16 @@ export async function createUserOlm(
const secretHash = await hashPassword(secret);
await db.insert(olms).values({
olmId: olmId,
userId,
name,
secretHash,
dateCreated: moment().toISOString()
await db.transaction(async (trx) => {
await trx.insert(olms).values({
olmId: olmId,
userId,
name,
secretHash,
dateCreated: moment().toISOString()
});
await calculateUserClientsForOrgs(userId, trx);
});
return response<CreateOlmResponse>(res, {

3
server/routers/user/acceptInvite.ts
View File

@@ -12,6 +12,7 @@ import { checkValidInvite } from "@server/auth/checkValidInvite";
import { verifySession } from "@server/auth/sessions/verifySession";
import { usageService } from "@server/lib/billing/usageService";
import { FeatureId } from "@server/lib/billing";
import { calculateUserClientsForOrgs } from "@server/lib/calculateUserClientsForOrgs";
const acceptInviteBodySchema = z
.object({
@@ -131,6 +132,8 @@ export async function acceptInvite(
.select()
.from(userOrgs)
.where(eq(userOrgs.orgId, existingInvite.orgId));
await calculateUserClientsForOrgs(existingUser[0].userId, trx);
});
if (totalUsers) {

18
server/routers/user/createOrgUser.ts
View File

@@ -15,6 +15,7 @@ import { FeatureId } from "@server/lib/billing";
import { build } from "@server/build";
import { getOrgTierData } from "#dynamic/lib/billing";
import { TierId } from "@server/lib/billing/tiers";
import { calculateUserClientsForOrgs } from "@server/lib/calculateUserClientsForOrgs";
const paramsSchema = z
.object({
@@ -89,14 +90,7 @@ export async function createOrgUser(
}
const { orgId } = parsedParams.data;
const {
username,
email,
name,
type,
idpId,
roleId
} = parsedBody.data;
const { username, email, name, type, idpId, roleId } = parsedBody.data;
if (build == "saas") {
const usage = await usageService.getUsage(orgId, FeatureId.USERS);
@@ -202,7 +196,9 @@ export async function createOrgUser(
)
);
let userId: string | undefined;
if (existingUser) {
userId = existingUser.userId;
const [existingOrgUser] = await trx
.select()
.from(userOrgs)
@@ -232,7 +228,7 @@ export async function createOrgUser(
})
.returning();
} else {
const userId = generateId(15);
userId = generateId(15);
const [newUser] = await trx
.insert(users)
@@ -244,7 +240,7 @@ export async function createOrgUser(
type: "oidc",
idpId,
dateCreated: new Date().toISOString(),
emailVerified: true,
emailVerified: true
})
.returning();
@@ -264,6 +260,8 @@ export async function createOrgUser(
.select()
.from(userOrgs)
.where(eq(userOrgs.orgId, orgId));
await calculateUserClientsForOrgs(userId, trx);
});
if (orgUsers) {

33
server/routers/user/removeUserOrg.ts
View File

@@ -13,6 +13,7 @@ import { usageService } from "@server/lib/billing/usageService";
import { FeatureId } from "@server/lib/billing";
import { build } from "@server/build";
import { UserType } from "@server/types/UserTypes";
import { calculateUserClientsForOrgs } from "@server/lib/calculateUserClientsForOrgs";
const removeUserSchema = z
.object({
@@ -120,22 +121,24 @@ export async function removeUserOrg(
.from(userOrgs)
.where(eq(userOrgs.orgId, orgId));
if (build === "saas") {
const [rootUser] = await trx
.select()
.from(users)
.where(eq(users.userId, userId));
// if (build === "saas") {
// const [rootUser] = await trx
// .select()
// .from(users)
// .where(eq(users.userId, userId));
//
// const [leftInOrgs] = await trx
// .select({ count: count() })
// .from(userOrgs)
// .where(eq(userOrgs.userId, userId));
//
// // if the user is not an internal user and does not belong to any org, delete the entire user
// if (rootUser?.type !== UserType.Internal && !leftInOrgs.count) {
// await trx.delete(users).where(eq(users.userId, userId));
// }
// }
const [leftInOrgs] = await trx
.select({ count: count() })
.from(userOrgs)
.where(eq(userOrgs.userId, userId));
// if the user is not an internal user and does not belong to any org, delete the entire user
if (rootUser?.type !== UserType.Internal && !leftInOrgs.count) {
await trx.delete(users).where(eq(users.userId, userId));
}
}
await calculateUserClientsForOrgs(userId, trx);
});
if (userCount) {