fix(server): user can not signup through oauth if ever invited (#6101)

2026-02-27 19:02:23 +08:00 · 2024-03-13 07:50:10 +00:00
parent fd9084ea6a
commit 573528be41
9 changed files with 58 additions and 13 deletions
--- a/packages/backend/server/migrations/20240313033631_user_registered_flag/migration.sql
+++ b/packages/backend/server/migrations/20240313033631_user_registered_flag/migration.sql
@@ -0,0 +1,2 @@
 -- AlterTable
 ALTER TABLE "users" ADD COLUMN     "registered" BOOLEAN NOT NULL DEFAULT true;
--- a/packages/backend/server/schema.prisma
+++ b/packages/backend/server/schema.prisma
@@ -18,6 +18,9 @@ model User {
  createdAt       DateTime  @default(now()) @map("created_at") @db.Timestamptz(6)
  /// Not available if user signed up through OAuth providers
  password        String?   @db.VarChar
  /// Indicate whether the user finished the signup progress.
  /// for example, the value will be false if user never registered and invited into a workspace by others.
  registered      Boolean   @default(true)
  features             UserFeatures[]
  customer             UserStripeCustomer?
--- a/packages/backend/server/src/core/auth/controller.ts
+++ b/packages/backend/server/src/core/auth/controller.ts
@@ -152,8 +152,9 @@ export class AuthController {
      throw new BadRequestException('Invalid Sign-in mail Token');
    }
-    const user = await this.user.findOrCreateUser(email, {
+    const user = await this.user.fulfillUser(email, {
      emailVerifiedAt: new Date(),
      registered: true,
    });
    await this.auth.setCookie(req, res, user);
--- a/packages/backend/server/src/core/auth/current-user.ts
+++ b/packages/backend/server/src/core/auth/current-user.ts
@@ -49,7 +49,7 @@ export const CurrentUser = createParamDecorator(
 );
 export interface CurrentUser
-  extends Omit<User, 'password' | 'createdAt' | 'emailVerifiedAt'> {
+  extends Pick<User, 'id' | 'email' | 'avatarUrl' | 'name'> {
  hasPassword: boolean | null;
  emailVerified: boolean;
 }
--- a/packages/backend/server/src/core/auth/service.ts
+++ b/packages/backend/server/src/core/auth/service.ts
@@ -36,12 +36,18 @@ export function parseAuthUserSeqNum(value: any) {
 }
 export function sessionUser(
-  user: Omit<User, 'password'> & { password?: string | null }
+  user: Pick<
    User,
    'id' | 'email' | 'avatarUrl' | 'name' | 'emailVerifiedAt'
  > & { password?: string | null }
 ): CurrentUser {
-  return assign(omit(user, 'password', 'emailVerifiedAt', 'createdAt'), {
+  return assign(
-    hasPassword: user.password !== null,
+    omit(user, 'password', 'registered', 'emailVerifiedAt', 'createdAt'),
-    emailVerified: user.emailVerifiedAt !== null,
+    {
-  });
+      hasPassword: user.password !== null,
      emailVerified: user.emailVerifiedAt !== null,
    }
  );
 }
@Injectable()
--- a/packages/backend/server/src/core/user/management.ts
+++ b/packages/backend/server/src/core/user/management.ts
@@ -42,7 +42,9 @@ export class UserManagementResolver {
    if (user) {
      return this.feature.addEarlyAccess(user.id);
    } else {
-      const user = await this.users.createAnonymousUser(email);
+      const user = await this.users.createAnonymousUser(email, {
        registered: false,
      });
      return this.feature.addEarlyAccess(user.id);
    }
  }
--- a/packages/backend/server/src/core/user/service.ts
+++ b/packages/backend/server/src/core/user/service.ts
@@ -11,11 +11,12 @@ export class UserService {
    email: true,
    emailVerifiedAt: true,
    avatarUrl: true,
    registered: true,
  } satisfies Prisma.UserSelect;
  constructor(private readonly prisma: PrismaClient) {}
-  get userCreatingData(): Partial<Prisma.UserCreateInput> {
+  get userCreatingData() {
    return {
      name: 'Unnamed',
      features: {
@@ -106,6 +107,26 @@ export class UserService {
    return this.createAnonymousUser(email, data);
  }
  async fulfillUser(
    email: string,
    data: Partial<
      Pick<Prisma.UserCreateInput, 'emailVerifiedAt' | 'registered'>
    >
  ) {
    return this.prisma.user.upsert({
      select: this.defaultUserSelect,
      where: {
        email,
      },
      update: data,
      create: {
        email,
        ...this.userCreatingData,
        ...data,
      },
    });
  }
  async deleteUser(id: string) {
    return this.prisma.user.delete({ where: { id } });
  }
--- a/packages/backend/server/src/core/workspaces/resolvers/workspace.ts
+++ b/packages/backend/server/src/core/workspaces/resolvers/workspace.ts
@@ -358,7 +358,9 @@ export class WorkspaceResolver {
      // only invite if the user is not already in the workspace
      if (originRecord) return originRecord.id;
    } else {
-      target = await this.users.createAnonymousUser(email);
+      target = await this.users.createAnonymousUser(email, {
        registered: false,
      });
    }
    const inviteId = await this.permissions.grant(
--- a/packages/backend/server/src/plugins/oauth/controller.ts
+++ b/packages/backend/server/src/plugins/oauth/controller.ts
@@ -153,9 +153,17 @@ export class OAuthController {
    if (user) {
      // we can't directly connect the external account with given email in sign in scenario for safety concern.
      // let user manually connect in account sessions instead.
-      throw new BadRequestException(
+      if (user.registered) {
-        'The account with provided email is not register in the same way.'
+        throw new BadRequestException(
-      );
+          'The account with provided email is not register in the same way.'
        );
      }
      await this.user.fulfillUser(externalAccount.email, {
        registered: true,
      });
      return user;
    } else {
      user = await this.createUserWithConnectedAccount(
        provider,
		`@@ -0,0 +1,2 @@`
							`-- AlterTable`
							`ALTER TABLE "users" ADD COLUMN "registered" BOOLEAN NOT NULL DEFAULT true;`