(fix) throw if Access JWT does not have a userWorkspaceId (#10225)

After introducing userWorkspaceId into JWTs, we were wrongfully executing ``` const userWorkspace = await this.userWorkspaceRepository.findOne({ where: { id: payload.userWorkspaceId, }, }); ``` which would return a random userWorkpace if `payload.userWorkspaceId` is undefined. All generated JWTs have had a userWorkspaceId for more than a week now, but in tests we had not modified the accessToken in use, which did not have a userWorkspaceId, until [this pr](https://github.com/twentyhq/twenty/pull/10204)
2025-02-14 17:48:06 +01:00
parent 12cc61e096
commit 68db9a7a8c
2 changed files with 9 additions and 1 deletions
--- a/packages/twenty-server/src/engine/core-modules/auth/strategies/jwt.auth.strategy.spec.ts
+++ b/packages/twenty-server/src/engine/core-modules/auth/strategies/jwt.auth.strategy.spec.ts
@ -208,10 +208,11 @@ describe('JwtAuthStrategy', () => {
    }
  });

-  it('should be truthy if type is ACCESS, no jti, and user and userWorkspace exist', async () => {
+  it('should not throw if type is ACCESS, no jti, and user and userWorkspace exist', async () => {
    const payload = {
      sub: 'sub-default',
      type: 'ACCESS',
+      userWorkspaceId: 'userWorkspaceId',
    };

    workspaceRepository = {
--- a/packages/twenty-server/src/engine/core-modules/auth/strategies/jwt.auth.strategy.ts
+++ b/packages/twenty-server/src/engine/core-modules/auth/strategies/jwt.auth.strategy.ts
@ -120,6 +120,13 @@ export class JwtAuthStrategy extends PassportStrategy(Strategy, 'jwt') {
      );
    }

+    if (!payload.userWorkspaceId) {
+      throw new AuthException(
+        'UserWorkspace not found',
+        AuthExceptionCode.USER_WORKSPACE_NOT_FOUND,
+      );
+    }
+
    const userWorkspace = await this.userWorkspaceRepository.findOne({
      where: {
        id: payload.userWorkspaceId,