use add/remove helper functions in auto (de)provision

2026-03-04 01:36:39 +00:00 · 2026-02-17 17:50:23 -08:00
parent e370f8891a
commit a2ed22bfcc
1 changed files with 51 additions and 22 deletions
--- a/server/routers/idp/validateOidcCallback.ts
+++ b/server/routers/idp/validateOidcCallback.ts
@@ -36,6 +36,10 @@ import { build } from "@server/build";
 import { calculateUserClientsForOrgs } from "@server/lib/calculateUserClientsForOrgs";
 import { isSubscribed } from "#dynamic/lib/isSubscribed";
 import { tierMatrix } from "@server/lib/billing/tierMatrix";
 import {
    assignUserToOrg,
    removeUserFromOrg
 } from "@server/lib/userOrg";
 const ensureTrailingSlash = (url: string): string => {
    return url;
@@ -456,14 +460,31 @@ export async function validateOidcCallback(
                    if (!existingUserOrgs.length) {
                        // delete all auto-provisioned user orgs
-                        await db
+                        const autoProvisionedUserOrgs = await db
-                            .delete(userOrgs)
+                            .select()
                            .from(userOrgs)
                            .where(
                                and(
                                    eq(userOrgs.userId, existingUser.userId),
                                    eq(userOrgs.autoProvisioned, true)
                                )
                            );
                        const orgIdsToRemove = autoProvisionedUserOrgs.map(
                            (uo) => uo.orgId
                        );
                        if (orgIdsToRemove.length > 0) {
                            const orgsToRemove = await db
                                .select()
                                .from(orgs)
                                .where(inArray(orgs.orgId, orgIdsToRemove));
                            for (const org of orgsToRemove) {
                                await removeUserFromOrg(
                                    org,
                                    existingUser.userId,
                                    db
                                );
                            }
                        }
                        await calculateUserClientsForOrgs(existingUser.userId);
@@ -539,15 +560,14 @@ export async function validateOidcCallback(
                );
                if (orgsToDelete.length > 0) {
-                    await trx.delete(userOrgs).where(
+                    const orgIdsToRemove = orgsToDelete.map((org) => org.orgId);
-                        and(
+                    const fullOrgsToRemove = await trx
-                            eq(userOrgs.userId, userId!),
+                        .select()
-                            inArray(
+                        .from(orgs)
-                                userOrgs.orgId,
+                        .where(inArray(orgs.orgId, orgIdsToRemove));
-                                orgsToDelete.map((org) => org.orgId)
+                    for (const org of fullOrgsToRemove) {
-                            )
+                        await removeUserFromOrg(org, userId!, trx);
-                        )
+                    }
                    );
                }
                // Update roles for existing auto-provisioned orgs where the role has changed
@@ -588,16 +608,25 @@ export async function validateOidcCallback(
                );
                if (orgsToAdd.length > 0) {
-                    await trx.insert(userOrgs).values(
+                    for (const org of orgsToAdd) {
-                        orgsToAdd.map((org) => ({
+                        const [fullOrg] = await trx
-                            userId: userId!,
+                            .select()
                            .from(orgs)
                            .where(eq(orgs.orgId, org.orgId));
                        if (fullOrg) {
                            await assignUserToOrg(
                                fullOrg,
                                {
                                    orgId: org.orgId,
                                    userId: userId!,
                                    roleId: org.roleId,
                                    autoProvisioned: true,
-                            dateCreated: new Date().toISOString()
+                                },
-                        }))
+                                trx
                            );
                        }
                    }
                }
                // Loop through all the orgs and get the total number of users from the userOrgs table
                // Use all current user orgs (both auto-provisioned and manually added) for counting