Fix issue with auto provisioning being overriden

2026-02-14 08:56:39 +00:00 · 2026-02-13 14:53:32 -08:00
parent 333625f199
commit be89e5ca55
3 changed files with 21 additions and 14 deletions
--- a/server/private/routers/orgIdp/createOrgOidcIdp.ts
+++ b/server/private/routers/orgIdp/createOrgOidcIdp.ts
@@ -28,6 +28,7 @@ import { CreateOrgIdpResponse } from "@server/routers/orgIdp/types";
 import { isSubscribed } from "#private/lib/isSubscribed";
 import { tierMatrix } from "@server/lib/billing/tierMatrix";
 import privateConfig from "#private/lib/config";
+import { build } from "@server/build";

 const paramsSchema = z.strictObject({ orgId: z.string().nonempty() });

@@ -122,12 +123,14 @@ export async function createOrgOidcIdp(

        let { autoProvision } = parsedBody.data;

-        const subscribed = await isSubscribed(
-            orgId,
-            tierMatrix.deviceApprovals
-        );
-        if (!subscribed) {
-            autoProvision = false;
+        if (build == "saas") { // this is not paywalled with a ee license because this whole endpoint is restricted
+            const subscribed = await isSubscribed(
+                orgId,
+                tierMatrix.deviceApprovals
+            );
+            if (!subscribed) {
+                autoProvision = false;
+            }
        }

        const key = config.getRawConfig().server.secret!;
--- a/server/private/routers/orgIdp/updateOrgOidcIdp.ts
+++ b/server/private/routers/orgIdp/updateOrgOidcIdp.ts
@@ -27,6 +27,7 @@ import config from "@server/lib/config";
 import { isSubscribed } from "#private/lib/isSubscribed";
 import { tierMatrix } from "@server/lib/billing/tierMatrix";
 import privateConfig from "#private/lib/config";
+import { build } from "@server/build";

 const paramsSchema = z
    .object({
@@ -127,12 +128,15 @@ export async function updateOrgOidcIdp(

        let { autoProvision } = parsedBody.data;

-        const subscribed = await isSubscribed(
-            orgId,
-            tierMatrix.deviceApprovals
-        );
-        if (!subscribed) {
-            autoProvision = false;
+        if (build == "saas") {
+            // this is not paywalled with a ee license because this whole endpoint is restricted
+            const subscribed = await isSubscribed(
+                orgId,
+                tierMatrix.deviceApprovals
+            );
+            if (!subscribed) {
+                autoProvision = false;
+            }
        }

        // Check if IDP exists and is of type OIDC
--- a/server/routers/badger/verifySession.ts
+++ b/server/routers/badger/verifySession.ts
@@ -797,7 +797,7 @@ async function notAllowed(
 ) {
    let loginPage: LoginPage | null = null;
    if (orgId) {
-        const subscribed = await isSubscribed(
+        const subscribed = await isSubscribed( // this is fine because the org login page is only a saas feature
            orgId,
            tierMatrix.loginPageDomain
        );
@@ -854,7 +854,7 @@ async function headerAuthChallenged(
 ) {
    let loginPage: LoginPage | null = null;
    if (orgId) {
-        const subscribed = await isSubscribed(orgId, tierMatrix.loginPageDomain);
+        const subscribed = await isSubscribed(orgId, tierMatrix.loginPageDomain); // this is fine because the org login page is only a saas feature
        if (subscribed) {
            loginPage = await getOrgLoginPage(orgId);
        }