Refactor login (#748)

* wip refactor login * wip refactor login * Fix lint conflicts * Complete Sign In only * Feature complete * Fix test * Fix test
2023-07-21 22:05:45 -07:00
parent 725a46adfa
commit 775b4c353d
49 changed files with 758 additions and 764 deletions
--- a/server/src/core/auth/controllers/google-auth.controller.ts
+++ b/server/src/core/auth/controllers/google-auth.controller.ts
@ -1,12 +1,4 @@
-import {
-  Controller,
-  Get,
-  InternalServerErrorException,
-  Req,
-  Res,
-  UseGuards,
-} from '@nestjs/common';
-import { AuthGuard } from '@nestjs/passport';
+import { Controller, Get, Req, Res, UseGuards } from '@nestjs/common';

 import { Response } from 'express';

@ -14,45 +6,64 @@ import { GoogleRequest } from 'src/core/auth/strategies/google.auth.strategy';
 import { UserService } from 'src/core/user/user.service';
 import { TokenService } from 'src/core/auth/services/token.service';
 import { GoogleProviderEnabledGuard } from 'src/core/auth/guards/google-provider-enabled.guard';
+import { GoogleOauthGuard } from 'src/core/auth/guards/google-oauth.guard';
+import { WorkspaceService } from 'src/core/workspace/services/workspace.service';
+import { EnvironmentService } from 'src/integrations/environment/environment.service';

@Controller('auth/google')
 export class GoogleAuthController {
  constructor(
    private readonly tokenService: TokenService,
    private readonly userService: UserService,
+    private readonly workspaceService: WorkspaceService,
+    private readonly environmentService: EnvironmentService,
  ) {}

  @Get()
-  @UseGuards(GoogleProviderEnabledGuard, AuthGuard('google'))
+  @UseGuards(GoogleProviderEnabledGuard, GoogleOauthGuard)
  async googleAuth() {
    // As this method is protected by Google Auth guard, it will trigger Google SSO flow
    return;
  }

  @Get('redirect')
-  @UseGuards(GoogleProviderEnabledGuard, AuthGuard('google'))
+  @UseGuards(GoogleProviderEnabledGuard, GoogleOauthGuard)
  async googleAuthRedirect(@Req() req: GoogleRequest, @Res() res: Response) {
-    const { firstName, lastName, email } = req.user;
+    const { firstName, lastName, email, workspaceInviteHash } = req.user;

-    const user = await this.userService.createUser({
-      data: {
-        email,
-        firstName: firstName ?? '',
-        lastName: lastName ?? '',
-        locale: 'en',
-        settings: {
-          create: {
-            locale: 'en',
+    let workspaceId: string | undefined = undefined;
+    if (workspaceInviteHash) {
+      const workspace = await this.workspaceService.findFirst({
+        where: {
+          inviteHash: workspaceInviteHash,
+        },
+      });
+
+      if (!workspace) {
+        return res.redirect(
+          `${this.environmentService.getFrontAuthCallbackUrl()}`,
+        );
+      }
+
+      workspaceId = workspace.id;
+    }
+
+    const user = await this.userService.createUser(
+      {
+        data: {
+          email,
+          firstName: firstName ?? '',
+          lastName: lastName ?? '',
+          locale: 'en',
+          settings: {
+            create: {
+              locale: 'en',
+            },
          },
        },
      },
-    });
-
-    if (!user) {
-      throw new InternalServerErrorException(
-        'User email domain does not match an existing workspace',
-      );
-    }
+      workspaceId,
+    );

    const loginToken = await this.tokenService.generateLoginToken(user.email);