use add/remove helper functions in auto (de)provision

2026-02-26 14:56:39 +00:00 · 2026-02-17 17:50:23 -08:00
parent e370f8891a
commit a2ed22bfcc
1 changed files with 51 additions and 22 deletions
--- a/server/routers/idp/validateOidcCallback.ts
+++ b/server/routers/idp/validateOidcCallback.ts
@@ -36,6 +36,10 @@ import { build } from "@server/build";
 import { calculateUserClientsForOrgs } from "@server/lib/calculateUserClientsForOrgs";
 import { isSubscribed } from "#dynamic/lib/isSubscribed";
 import { tierMatrix } from "@server/lib/billing/tierMatrix";
 import {
    assignUserToOrg,
    removeUserFromOrg
 } from "@server/lib/userOrg";
 const ensureTrailingSlash = (url: string): string => {
    return url;
@@ -455,15 +459,32 @@ export async function validateOidcCallback(
                        );
                    if (!existingUserOrgs.length) {
-                        // delete all auto -provisioned user orgs
+                        // delete all auto-provisioned user orgs
-                        await db
+                        const autoProvisionedUserOrgs = await db
-                            .delete(userOrgs)
+                            .select()
                            .from(userOrgs)
                            .where(
                                and(
                                    eq(userOrgs.userId, existingUser.userId),
                                    eq(userOrgs.autoProvisioned, true)
                                )
                            );
                        const orgIdsToRemove = autoProvisionedUserOrgs.map(
                            (uo) => uo.orgId
                        );
                        if (orgIdsToRemove.length > 0) {
                            const orgsToRemove = await db
                                .select()
                                .from(orgs)
                                .where(inArray(orgs.orgId, orgIdsToRemove));
                            for (const org of orgsToRemove) {
                                await removeUserFromOrg(
                                    org,
                                    existingUser.userId,
                                    db
                                );
                            }
                        }
                        await calculateUserClientsForOrgs(existingUser.userId);
@@ -485,7 +506,7 @@ export async function validateOidcCallback(
                }
            }
-            const orgUserCounts: { orgId: string; userCount: number }[] = [];
+                const orgUserCounts: { orgId: string; userCount: number }[] = [];
            // sync the user with the orgs and roles
            await db.transaction(async (trx) => {
@@ -539,15 +560,14 @@ export async function validateOidcCallback(
                );
                if (orgsToDelete.length > 0) {
-                    await trx.delete(userOrgs).where(
+                    const orgIdsToRemove = orgsToDelete.map((org) => org.orgId);
-                        and(
+                    const fullOrgsToRemove = await trx
-                            eq(userOrgs.userId, userId!),
+                        .select()
-                            inArray(
+                        .from(orgs)
-                                userOrgs.orgId,
+                        .where(inArray(orgs.orgId, orgIdsToRemove));
-                                orgsToDelete.map((org) => org.orgId)
+                    for (const org of fullOrgsToRemove) {
-                            )
+                        await removeUserFromOrg(org, userId!, trx);
-                        )
+                    }
                    );
                }
                // Update roles for existing auto-provisioned orgs where the role has changed
@@ -588,15 +608,24 @@ export async function validateOidcCallback(
                );
                if (orgsToAdd.length > 0) {
-                    await trx.insert(userOrgs).values(
+                    for (const org of orgsToAdd) {
-                        orgsToAdd.map((org) => ({
+                        const [fullOrg] = await trx
-                            userId: userId!,
+                            .select()
-                            orgId: org.orgId,
+                            .from(orgs)
-                            roleId: org.roleId,
+                            .where(eq(orgs.orgId, org.orgId));
-                            autoProvisioned: true,
+                        if (fullOrg) {
-                            dateCreated: new Date().toISOString()
+                            await assignUserToOrg(
-                        }))
+                                fullOrg,
-                    );
+                                {
                                    orgId: org.orgId,
                                    userId: userId!,
                                    roleId: org.roleId,
                                    autoProvisioned: true,
                                },
                                trx
                            );
                        }
                    }
                }
                // Loop through all the orgs and get the total number of users from the userOrgs table