pangolin_mirror/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-03-06 02:36:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix bug causing auto provision to override manually created users

Browse Source
This commit is contained in:
miloschwartz
2025-11-06 15:46:54 -08:00
parent 296b220bf3
commit fce887436d
1 changed files with 30 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
server/routers/idp/validateOidcCallback.ts
View File

@@ -352,14 +352,22 @@ export async function validateOidcCallback(
if (!userOrgInfo.length) { if (!userOrgInfo.length) {
if (existingUser) { if (existingUser) {
// delete the user // get existing user orgs
// cascade will also delete org users const existingUserOrgs = await db
.select()
.from(userOrgs)
.where(
and(
eq(userOrgs.userId, existingUser.userId),
eq(userOrgs.autoProvisioned, false)
)
);
if (!existingUserOrgs.length) {
// delete the user
await db await db
.delete(users) .delete(users)
.where(eq(users.userId, existingUser.userId)); .where(eq(users.userId, existingUser.userId));
}
return next( return next(
createHttpError( createHttpError(
HttpCode.UNAUTHORIZED, HttpCode.UNAUTHORIZED,
@@ -367,6 +375,16 @@ export async function validateOidcCallback(
) )
); );
} }
} else {
// no orgs to provision and user doesn't exist
return next(
createHttpError(
HttpCode.UNAUTHORIZED,
`No policies matched for ${userIdentifier}. This user must be added to an organization before logging in.`
)
);
}
}
const orgUserCounts: { orgId: string; userCount: number }[] = []; const orgUserCounts: { orgId: string; userCount: number }[] = [];