From 77c586db24a4d3e377b6405e293732a7a542132a Mon Sep 17 00:00:00 2001
From: Guillim <guillim@users.noreply.github.com>
Date: Mon, 27 Jan 2025 14:36:01 +0100
Subject: [PATCH] fix the bug "require approval" (#9859)

## The bug :
"Approval required" even though admin consent has been granted for the
whole tenant"

Fix https://github.com/twentyhq/core-team-issues/issues/277

### More details
described here in
[stackoverflow](https://stackoverflow.com/questions/79385342/approval-required-even-though-admin-consent-has-been-granted-for-the-whole-ten?noredirect=1#comment140006092_79385342)
---
 .../auth/controllers/microsoft-apis-auth.controller.ts     | 7 ++++++-
 .../google-apis-oauth-request-code.auth.strategy.ts        | 2 +-
 .../microsoft-apis-oauth-request-code.auth.strategy.ts     | 2 +-
 3 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/packages/twenty-server/src/engine/core-modules/auth/controllers/microsoft-apis-auth.controller.ts b/packages/twenty-server/src/engine/core-modules/auth/controllers/microsoft-apis-auth.controller.ts
index 43e8f4543..99a893de2 100644
--- a/packages/twenty-server/src/engine/core-modules/auth/controllers/microsoft-apis-auth.controller.ts
+++ b/packages/twenty-server/src/engine/core-modules/auth/controllers/microsoft-apis-auth.controller.ts
@@ -77,7 +77,6 @@ export class MicrosoftAPIsAuthController {
         AuthExceptionCode.FORBIDDEN_EXCEPTION,
       );
     }
-
     if (!workspaceId) {
       throw new AuthException(
         'Workspace not found',
@@ -85,6 +84,12 @@ export class MicrosoftAPIsAuthController {
       );
     }
 
+    if (emails.length === 0) {
+      throw new AuthException(
+        'No email - Ask your Azure Entra Admin to add you one on top of your User Principal Name',
+        AuthExceptionCode.USER_NOT_FOUND,
+      );
+    }
     const handle = emails[0].value;
 
     await this.microsoftAPIsService.refreshMicrosoftRefreshToken({
diff --git a/packages/twenty-server/src/engine/core-modules/auth/strategies/google-apis-oauth-request-code.auth.strategy.ts b/packages/twenty-server/src/engine/core-modules/auth/strategies/google-apis-oauth-request-code.auth.strategy.ts
index 6ce3c33c5..627699c53 100644
--- a/packages/twenty-server/src/engine/core-modules/auth/strategies/google-apis-oauth-request-code.auth.strategy.ts
+++ b/packages/twenty-server/src/engine/core-modules/auth/strategies/google-apis-oauth-request-code.auth.strategy.ts
@@ -21,7 +21,7 @@ export class GoogleAPIsOauthRequestCodeStrategy extends GoogleAPIsOauthCommonStr
     options = {
       ...options,
       accessType: 'offline',
-      prompt: 'consent',
+      prompt: 'select_account',
       loginHint: req.params.loginHint,
       state: JSON.stringify({
         transientToken: req.params.transientToken,
diff --git a/packages/twenty-server/src/engine/core-modules/auth/strategies/microsoft-apis-oauth-request-code.auth.strategy.ts b/packages/twenty-server/src/engine/core-modules/auth/strategies/microsoft-apis-oauth-request-code.auth.strategy.ts
index 10ba1aeca..c0ddea4d4 100644
--- a/packages/twenty-server/src/engine/core-modules/auth/strategies/microsoft-apis-oauth-request-code.auth.strategy.ts
+++ b/packages/twenty-server/src/engine/core-modules/auth/strategies/microsoft-apis-oauth-request-code.auth.strategy.ts
@@ -13,7 +13,7 @@ export class MicrosoftAPIsOauthRequestCodeStrategy extends MicrosoftAPIsOauthCom
     options = {
       ...options,
       accessType: 'offline',
-      prompt: 'consent',
+      prompt: 'select_account',
       loginHint: req.params.loginHint,
       state: JSON.stringify({
         transientToken: req.params.transientToken,