add idp auto provision override on user

2026-03-03 17:26:38 +00:00 · 2025-09-05 16:14:01 -07:00
parent 90456339ca
commit b0bd9279fc
24 changed files with 744 additions and 317 deletions
--- a/server/routers/idp/listIdps.ts
+++ b/server/routers/idp/listIdps.ts
@@ -1,11 +1,11 @@
 import { Request, Response, NextFunction } from "express";
 import { z } from "zod";
-import { db } from "@server/db";
+import { db, idpOidcConfig } from "@server/db";
 import { domains, idp, orgDomains, users, idpOrg } from "@server/db";
 import response from "@server/lib/response";
 import HttpCode from "@server/types/HttpCode";
 import createHttpError from "http-errors";
-import { sql } from "drizzle-orm";
+import { eq, sql } from "drizzle-orm";
 import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
@@ -33,10 +33,13 @@ async function query(limit: number, offset: number) {
            idpId: idp.idpId,
            name: idp.name,
            type: idp.type,
-            orgCount: sql<number>`count(${idpOrg.orgId})`
+            variant: idpOidcConfig.variant,
+            orgCount: sql<number>`count(${idpOrg.orgId})`,
+            autoProvision: idp.autoProvision
        })
        .from(idp)
        .leftJoin(idpOrg, sql`${idp.idpId} = ${idpOrg.idpId}`)
+        .leftJoin(idpOidcConfig, eq(idp.idpId, idpOidcConfig.idpId))
        .groupBy(idp.idpId)
        .limit(limit)
        .offset(offset);
@@ -44,12 +47,7 @@ async function query(limit: number, offset: number) {
 }

 export type ListIdpsResponse = {
-    idps: Array<{
-        idpId: number;
-        name: string;
-        type: string;
-        orgCount: number;
-    }>;
+    idps: Awaited<ReturnType<typeof query>>;
    pagination: {
        total: number;
        limit: number;
--- a/server/routers/idp/validateOidcCallback.ts
+++ b/server/routers/idp/validateOidcCallback.ts
@@ -354,8 +354,13 @@ export async function validateOidcCallback(
                    .from(userOrgs)
                    .where(eq(userOrgs.userId, userId!));

-                // Delete orgs that are no longer valid
-                const orgsToDelete = currentUserOrgs.filter(
+                // Filter to only auto-provisioned orgs for CRUD operations
+                const autoProvisionedOrgs = currentUserOrgs.filter(
+                    (org) => org.autoProvisioned === true
+                );
+
+                // Delete auto-provisioned orgs that are no longer valid
+                const orgsToDelete = autoProvisionedOrgs.filter(
                    (currentOrg) =>
                        !userOrgInfo.some(
                            (newOrg) => newOrg.orgId === currentOrg.orgId
@@ -374,8 +379,8 @@ export async function validateOidcCallback(
                    );
                }

-                // Update roles for existing orgs where the role has changed
-                const orgsToUpdate = currentUserOrgs.filter((currentOrg) => {
+                // Update roles for existing auto-provisioned orgs where the role has changed
+                const orgsToUpdate = autoProvisionedOrgs.filter((currentOrg) => {
                    const newOrg = userOrgInfo.find(
                        (newOrg) => newOrg.orgId === currentOrg.orgId
                    );
@@ -401,7 +406,7 @@ export async function validateOidcCallback(
                    }
                }

-                // Add new orgs that don't exist yet
+                // Add new orgs that don't exist yet (these will be auto-provisioned)
                const orgsToAdd = userOrgInfo.filter(
                    (newOrg) =>
                        !currentUserOrgs.some(
@@ -415,12 +420,14 @@ export async function validateOidcCallback(
                            userId: userId!,
                            orgId: org.orgId,
                            roleId: org.roleId,
+                            autoProvisioned: true,
                            dateCreated: new Date().toISOString()
                        }))
                    );
                }

                // Loop through all the orgs and get the total number of users from the userOrgs table
+                // Use all current user orgs (both auto-provisioned and manually added) for counting
                for (const org of currentUserOrgs) {
                    const userCount = await trx
                        .select()