twentyhq/twenty
1
1
Fork 0
mirror of https://github.com/twentyhq/twenty.git synced 2024-11-23 05:53:31 +03:00
Code Issues Packages Projects Releases Wiki Activity

Make workspaceMemberId optional in JWT for workspaces that are not ACTIVE (#6714)

Browse Source 
WorkspaceMemberId is mandatory in the jwt token generated for a given
user on a given workspace.
However, when a user signs up, it does not have a workspaceMemberId yet.
This commit is contained in:
Charles Bochet 2024-08-22 00:28:19 +02:00 committed by GitHub
parent da4bd73881
commit eab202f107
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 30 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
packages/twenty-server/src/engine/core-modules/auth/services/token.service.ts
View File

@ -38,7 +38,10 @@ import {
import { AuthContext } from 'src/engine/core-modules/auth/types/auth-context.type';
import { JwtWrapperService } from 'src/engine/core-modules/jwt/services/jwt-wrapper.service';
import { User } from 'src/engine/core-modules/user/user.entity';
import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
import {
Workspace,
WorkspaceActivationStatus,
} from 'src/engine/core-modules/workspace/workspace.entity';
import { EmailService } from 'src/engine/integrations/email/email.service';
import { EnvironmentService } from 'src/engine/integrations/environment/environment.service';
import { TwentyORMGlobalManager } from 'src/engine/twenty-orm/twenty-orm-global.manager';
@ -94,33 +97,39 @@ export class TokenService {
);
}
const workspaceIdNonNullable = workspaceId
? workspaceId
: user.defaultWorkspace.id;
const tokenWorkspaceId = workspaceId ?? user.defaultWorkspace.id;
let tokenWorkspaceMemberId: string | undefined;
const workspaceMemberRepository =
await this.twentyORMGlobalManager.getRepositoryForWorkspace<WorkspaceMemberWorkspaceEntity>(
workspaceIdNonNullable,
'workspaceMember',
);
if (
user.defaultWorkspace.activationStatus ===
WorkspaceActivationStatus.ACTIVE
) {
const workspaceMemberRepository =
await this.twentyORMGlobalManager.getRepositoryForWorkspace<WorkspaceMemberWorkspaceEntity>(
tokenWorkspaceId,
'workspaceMember',
);
const workspaceMember = await workspaceMemberRepository.findOne({
where: {
userId: user.id,
},
});
const workspaceMember = await workspaceMemberRepository.findOne({
where: {
userId: user.id,
},
});
if (!workspaceMember) {
throw new AuthException(
'User is not a member of the workspace',
AuthExceptionCode.FORBIDDEN_EXCEPTION,
);
if (!workspaceMember) {
throw new AuthException(
'User is not a member of the workspace',
AuthExceptionCode.FORBIDDEN_EXCEPTION,
);
}
tokenWorkspaceMemberId = workspaceMember.id;
}
const jwtPayload: JwtPayload = {
sub: user.id,
workspaceId: workspaceId ? workspaceId : user.defaultWorkspace.id,
workspaceMemberId: workspaceMember.id,
workspaceMemberId: tokenWorkspaceMemberId,
};
return {

2
packages/twenty-server/src/engine/core-modules/auth/strategies/jwt.auth.strategy.ts
View File

@ -20,7 +20,7 @@ import { ApiKeyWorkspaceEntity } from 'src/modules/api-key/standard-objects/api-
export type JwtPayload = {
sub: string;
workspaceId: string;
workspaceMemberId: string;
workspaceMemberId?: string;
jti?: string;
};