From 68e530e5d23dfeac0b96915a75b91b306c037edd Mon Sep 17 00:00:00 2001 From: Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> Date: Thu, 25 Apr 2024 18:12:08 +0200 Subject: [PATCH 1/2] Fix: On complete signup, check for saml auth and present org ID and handle membership status --- .../src/services/auth/auth-signup-service.ts | 27 +++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/backend/src/services/auth/auth-signup-service.ts b/backend/src/services/auth/auth-signup-service.ts index 9bd8db0028..3433a0a98d 100644 --- a/backend/src/services/auth/auth-signup-service.ts +++ b/backend/src/services/auth/auth-signup-service.ts @@ -4,6 +4,7 @@ import { OrgMembershipStatus } from "@app/db/schemas"; import { convertPendingGroupAdditionsToGroupMemberships } from "@app/ee/services/group/group-fns"; import { TUserGroupMembershipDALFactory } from "@app/ee/services/group/user-group-membership-dal"; import { TLicenseServiceFactory } from "@app/ee/services/license/license-service"; +import { isAuthMethodSaml } from "@app/ee/services/permission/permission-fns"; import { getConfig } from "@app/lib/config/env"; import { BadRequestError } from "@app/lib/errors"; import { isDisposableEmail } from "@app/lib/validator"; @@ -139,9 +140,11 @@ export const authSignupServiceFactory = ({ throw new Error("Failed to complete account for complete user"); } - let organizationId; + let organizationId: string | null = null; + let authMethod: AuthMethod | null = null; if (providerAuthToken) { - const { orgId } = validateProviderAuthToken(providerAuthToken, user.username); + const { orgId, authMethod: userAuthMethod } = validateProviderAuthToken(providerAuthToken, user.username); + authMethod = userAuthMethod; organizationId = orgId; } else { validateSignUpAuthorization(authorization, user.id); @@ -165,6 +168,26 @@ export const authSignupServiceFactory = ({ }, tx ); + // If it's SAML Auth and the organization ID is present, we should check if the user has a pending invite for this org, and accept it + if (isAuthMethodSaml(authMethod) && organizationId) { + const [pendingOrgMembership] = await orgDAL.findMembership({ + inviteEmail: email, + userId: user.id, + status: OrgMembershipStatus.Invited, + orgId: organizationId + }); + + if (pendingOrgMembership) { + await orgDAL.updateMembershipById( + pendingOrgMembership.id, + { + status: OrgMembershipStatus.Accepted + }, + tx + ); + } + } + return { info: us, key: userEncKey }; }); From 93761f37ea9878ac6966fc6f9508a5b727e33151 Mon Sep 17 00:00:00 2001 From: Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> Date: Thu, 25 Apr 2024 18:13:42 +0200 Subject: [PATCH 2/2] Update saml-config-service.ts --- backend/src/ee/services/saml-config/saml-config-service.ts | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/backend/src/ee/services/saml-config/saml-config-service.ts b/backend/src/ee/services/saml-config/saml-config-service.ts index f88182e614..ff5f4bc3f7 100644 --- a/backend/src/ee/services/saml-config/saml-config-service.ts +++ b/backend/src/ee/services/saml-config/saml-config-service.ts @@ -340,11 +340,12 @@ export const samlConfigServiceFactory = ({ orgId, inviteEmail: email, role: OrgMembershipRole.Member, - status: OrgMembershipStatus.Accepted + status: user.isAccepted ? OrgMembershipStatus.Accepted : OrgMembershipStatus.Invited // if user is fully completed, then set status to accepted, otherwise set it to invited so we can update it later }, tx ); - } else if (orgMembership.status === OrgMembershipStatus.Invited) { + // Only update the membership to Accepted if the user account is already completed. + } else if (orgMembership.status === OrgMembershipStatus.Invited && user.isAccepted) { await orgDAL.updateMembershipById( orgMembership.id, {