pangolin_mirror/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-02-28 15:56:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix bug causing auto provision to override manually created users

Browse Source
This commit is contained in:
miloschwartz
2025-11-06 15:46:54 -08:00
parent 296b220bf3
commit fce887436d
1 changed files with 30 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
server/routers/idp/validateOidcCallback.ts
View File

@@ -352,20 +352,38 @@ export async function validateOidcCallback(
if (!userOrgInfo.length) { if (!userOrgInfo.length) {
if (existingUser) { if (existingUser) {
// delete the user // get existing user orgs
// cascade will also delete org users const existingUserOrgs = await db
.select()
.from(userOrgs)
.where(
and(
eq(userOrgs.userId, existingUser.userId),
eq(userOrgs.autoProvisioned, false)
)
);
await db if (!existingUserOrgs.length) {
.delete(users) // delete the user
.where(eq(users.userId, existingUser.userId)); await db
.delete(users)
.where(eq(users.userId, existingUser.userId));
return next(
createHttpError(
HttpCode.UNAUTHORIZED,
`No policies matched for ${userIdentifier}. This user must be added to an organization before logging in.`
)
);
}
} else {
// no orgs to provision and user doesn't exist
return next(
createHttpError(
HttpCode.UNAUTHORIZED,
`No policies matched for ${userIdentifier}. This user must be added to an organization before logging in.`
)
);
} }
return next(
createHttpError(
HttpCode.UNAUTHORIZED,
`No policies matched for ${userIdentifier}. This user must be added to an organization before logging in.`
)
);
} }
const orgUserCounts: { orgId: string; userCount: number }[] = []; const orgUserCounts: { orgId: string; userCount: number }[] = [];