From 36d4c38c3d0e5fc0433e078785ca0c7ce617a5ea Mon Sep 17 00:00:00 2001 From: martmull Date: Thu, 18 Apr 2024 17:52:01 +0200 Subject: [PATCH] Check password in signinup only when email/password signInUp (#5042) - disable password check when signInUp from google (sso) - check password when signInUp with email password --- .../src/engine/core-modules/auth/auth.resolver.ts | 5 ++++- .../core-modules/auth/controllers/google-auth.controller.ts | 1 + .../src/engine/core-modules/auth/services/auth.service.ts | 3 +++ .../engine/core-modules/auth/services/sign-in-up.service.ts | 4 +++- 4 files changed, 11 insertions(+), 2 deletions(-) diff --git a/packages/twenty-server/src/engine/core-modules/auth/auth.resolver.ts b/packages/twenty-server/src/engine/core-modules/auth/auth.resolver.ts index 610f45cdc..cd44cd54e 100644 --- a/packages/twenty-server/src/engine/core-modules/auth/auth.resolver.ts +++ b/packages/twenty-server/src/engine/core-modules/auth/auth.resolver.ts @@ -97,7 +97,10 @@ export class AuthResolver { @Mutation(() => LoginToken) async signUp(@Args() signUpInput: SignUpInput): Promise { - const user = await this.authService.signInUp(signUpInput); + const user = await this.authService.signInUp({ + ...signUpInput, + fromSSO: false, + }); const loginToken = await this.tokenService.generateLoginToken(user.email); diff --git a/packages/twenty-server/src/engine/core-modules/auth/controllers/google-auth.controller.ts b/packages/twenty-server/src/engine/core-modules/auth/controllers/google-auth.controller.ts index 447a65af1..28943d2e7 100644 --- a/packages/twenty-server/src/engine/core-modules/auth/controllers/google-auth.controller.ts +++ b/packages/twenty-server/src/engine/core-modules/auth/controllers/google-auth.controller.ts @@ -34,6 +34,7 @@ export class GoogleAuthController { lastName, picture, workspaceInviteHash, + fromSSO: true, }); const loginToken = await this.tokenService.generateLoginToken(user.email); diff --git a/packages/twenty-server/src/engine/core-modules/auth/services/auth.service.ts b/packages/twenty-server/src/engine/core-modules/auth/services/auth.service.ts index f2905a6f8..9b6301e6d 100644 --- a/packages/twenty-server/src/engine/core-modules/auth/services/auth.service.ts +++ b/packages/twenty-server/src/engine/core-modules/auth/services/auth.service.ts @@ -87,6 +87,7 @@ export class AuthService { firstName, lastName, picture, + fromSSO, }: { email: string; password?: string; @@ -94,6 +95,7 @@ export class AuthService { lastName?: string | null; workspaceInviteHash?: string | null; picture?: string | null; + fromSSO: boolean; }) { return await this.signInUpService.signInUp({ email, @@ -102,6 +104,7 @@ export class AuthService { lastName, workspaceInviteHash, picture, + fromSSO, }); } diff --git a/packages/twenty-server/src/engine/core-modules/auth/services/sign-in-up.service.ts b/packages/twenty-server/src/engine/core-modules/auth/services/sign-in-up.service.ts index afcddf2c9..cb3f9cb3d 100644 --- a/packages/twenty-server/src/engine/core-modules/auth/services/sign-in-up.service.ts +++ b/packages/twenty-server/src/engine/core-modules/auth/services/sign-in-up.service.ts @@ -32,6 +32,7 @@ export type SignInUpServiceInput = { lastName?: string | null; workspaceInviteHash?: string | null; picture?: string | null; + fromSSO: boolean; }; @Injectable() @@ -54,6 +55,7 @@ export class SignInUpService { firstName, lastName, picture, + fromSSO, }: SignInUpServiceInput) { if (!firstName) firstName = ''; if (!lastName) lastName = ''; @@ -80,7 +82,7 @@ export class SignInUpService { relations: ['defaultWorkspace'], }); - if (existingUser && existingUser.passwordHash) { + if (existingUser && !fromSSO) { const isValid = await compareHash( password || '', existingUser.passwordHash,