refacto(*): remove everything about default workspace (#9157)

## Summary - [x] Remove defaultWorkspace in user - [x] Remove all occurrence of defaultWorkspace and defaultWorkspaceId - [x] Improve activate workspace flow - [x] Improve security on social login - [x] Add `ImpersonateGuard` - [x] Allow to use impersonation with couple `User/Workspace` - [x] Prevent unexpected reload on activate workspace - [x] Scope login token with workspaceId Fix https://github.com/twentyhq/twenty/issues/9033#event-15714863042
2024-12-24 12:47:41 +01:00
parent fe6948ba0b
commit cd2946b670
78 changed files with 1150 additions and 1244 deletions
--- a/packages/twenty-front/src/modules/auth/graphql/mutations/impersonate.ts
+++ b/packages/twenty-front/src/modules/auth/graphql/mutations/impersonate.ts
@ -2,13 +2,14 @@ import { gql } from '@apollo/client';

 // TODO: Fragments should be used instead of duplicating the user fields !
 export const IMPERSONATE = gql`
-  mutation Impersonate($userId: String!) {
-    impersonate(userId: $userId) {
-      user {
-        ...UserQueryFragment
+  mutation Impersonate($userId: String!, $workspaceId: String!) {
+    impersonate(userId: $userId, workspaceId: $workspaceId) {
+      workspace {
+        subdomain
+        id
      }
-      tokens {
-        ...AuthTokensFragment
+      loginToken {
+        ...AuthTokenFragment
      }
    }
  }
--- a/packages/twenty-front/src/modules/auth/graphql/mutations/signUp.ts
+++ b/packages/twenty-front/src/modules/auth/graphql/mutations/signUp.ts
@ -18,6 +18,10 @@ export const SIGN_UP = gql`
      loginToken {
        ...AuthTokenFragment
      }
+      workspace {
+        id
+        subdomain
+      }
    }
  }
 `;
--- a/packages/twenty-front/src/modules/auth/graphql/mutations/verify.ts
+++ b/packages/twenty-front/src/modules/auth/graphql/mutations/verify.ts
@ -3,9 +3,6 @@ import { gql } from '@apollo/client';
 export const VERIFY = gql`
  mutation Verify($loginToken: String!) {
    verify(loginToken: $loginToken) {
-      user {
-        ...UserQueryFragment
-      }
      tokens {
        ...AuthTokensFragment
      }
--- a/packages/twenty-front/src/modules/auth/graphql/queries/checkUserExists.ts
+++ b/packages/twenty-front/src/modules/auth/graphql/queries/checkUserExists.ts
@ -6,7 +6,6 @@ export const CHECK_USER_EXISTS = gql`
      __typename
      ... on UserExists {
        exists
-        defaultWorkspaceId
        availableWorkspaces {
          id
          displayName
--- a/packages/twenty-front/src/modules/auth/hooks/mocks/useAuth.ts
+++ b/packages/twenty-front/src/modules/auth/hooks/mocks/useAuth.ts
@ -1,5 +1,6 @@
 import {
  ChallengeDocument,
+  GetCurrentUserDocument,
  SignUpDocument,
  VerifyDocument,
 } from '~/generated/graphql';
@ -8,6 +9,7 @@ export const queries = {
  challenge: ChallengeDocument,
  verify: VerifyDocument,
  signup: SignUpDocument,
+  getCurrentUser: GetCurrentUserDocument,
 };

 export const email = 'test@test.com';
@ -22,6 +24,7 @@ export const variables = {
  },
  verify: { loginToken: token },
  signup: {},
+  getCurrentUser: {},
 };

 export const results = {
@ -32,7 +35,14 @@ export const results = {
    },
  },
  verify: {
-    user: {
+    tokens: {
+      accessToken: { token, expiresAt: 'expiresAt' },
+      refreshToken: { token, expiresAt: 'expiresAt' },
+    },
+  },
+  signUp: { loginToken: { token, expiresAt: 'expiresAt' } },
+  getCurrentUser: {
+    currentUser: {
      id: 'id',
      firstName: 'firstName',
      lastName: 'lastName',
@ -49,7 +59,7 @@ export const results = {
        avatarUrl: 'avatarUrl',
        locale: 'locale',
      },
-      defaultWorkspace: {
+      currentWorkspace: {
        id: 'id',
        displayName: 'displayName',
        logo: 'logo',
@ -65,13 +75,7 @@ export const results = {
        },
      },
    },
-    tokens: {
-      accessToken: { token, expiresAt: 'expiresAt' },
-      refreshToken: { token, expiresAt: 'expiresAt' },
-    },
-    signup: {},
  },
-  signUp: { loginToken: { token, expiresAt: 'expiresAt' } },
 };

 export const mocks = [
@ -108,4 +112,13 @@ export const mocks = [
      },
    })),
  },
+  {
+    request: {
+      query: queries.getCurrentUser,
+      variables: variables.getCurrentUser,
+    },
+    result: jest.fn(() => ({
+      data: results.getCurrentUser,
+    })),
+  },
 ];
--- a/packages/twenty-front/src/modules/auth/hooks/tests/useAuth.test.tsx
+++ b/packages/twenty-front/src/modules/auth/hooks/tests/useAuth.test.tsx
@ -1,8 +1,7 @@
 import { useApolloClient } from '@apollo/client';
 import { MockedProvider } from '@apollo/client/testing';
 import { expect } from '@storybook/test';
-import { act, renderHook } from '@testing-library/react';
-import { ReactNode } from 'react';
+import { ReactNode, act } from 'react';
 import { RecoilRoot, useRecoilValue } from 'recoil';
 import { iconsState } from 'twenty-ui';

@ -15,6 +14,7 @@ import { workspaceAuthProvidersState } from '@/workspace/states/workspaceAuthPro

 import { isMultiWorkspaceEnabledState } from '@/client-config/states/isMultiWorkspaceEnabledState';
 import { email, mocks, password, results, token } from '../__mocks__/useAuth';
+import { renderHook } from '@testing-library/react';

 const Wrapper = ({ children }: { children: ReactNode }) => (
  <MockedProvider mocks={mocks} addTypename={false}>
@ -59,6 +59,7 @@ describe('useAuth', () => {
    });

    expect(mocks[1].result).toHaveBeenCalled();
+    expect(mocks[3].result).toHaveBeenCalled();
  });

  it('should handle credential sign-in', async () => {
--- a/packages/twenty-front/src/modules/auth/hooks/useAuth.ts
+++ b/packages/twenty-front/src/modules/auth/hooks/useAuth.ts
@ -4,6 +4,7 @@ import {
  snapshot_UNSTABLE,
  useGotoRecoilSnapshot,
  useRecoilCallback,
+  useRecoilValue,
  useSetRecoilState,
 } from 'recoil';
 import { iconsState } from 'twenty-ui';
@ -23,6 +24,7 @@ import { REACT_APP_SERVER_BASE_URL } from '~/config';
 import {
  useChallengeMutation,
  useCheckUserExistsLazyQuery,
+  useGetCurrentUserLazyQuery,
  useSignUpMutation,
  useVerifyMutation,
 } from '~/generated/graphql';
@ -48,6 +50,8 @@ import { useReadWorkspaceSubdomainFromCurrentLocation } from '@/domain-manager/h
 import { domainConfigurationState } from '@/domain-manager/states/domainConfigurationState';
 import { isAppWaitingForFreshObjectMetadataState } from '@/object-metadata/states/isAppWaitingForFreshObjectMetadataState';
 import { workspaceAuthProvidersState } from '@/workspace/states/workspaceAuthProvidersState';
+import { AppPath } from '@/types/AppPath';
+import { useRedirectToWorkspaceDomain } from '@/domain-manager/hooks/useRedirectToWorkspaceDomain';
 import { useRedirect } from '@/domain-manager/hooks/useRedirect';

 export const useAuth = () => {
@ -62,15 +66,19 @@ export const useAuth = () => {
  const setCurrentWorkspaceMembers = useSetRecoilState(
    currentWorkspaceMembersState,
  );
+  const isMultiWorkspaceEnabled = useRecoilValue(isMultiWorkspaceEnabledState);

  const setCurrentWorkspace = useSetRecoilState(currentWorkspaceState);
  const setIsVerifyPendingState = useSetRecoilState(isVerifyPendingState);
  const setWorkspaces = useSetRecoilState(workspacesState);
  const { redirect } = useRedirect();
+  const { redirectToWorkspaceDomain } = useRedirectToWorkspaceDomain();

  const [challenge] = useChallengeMutation();
  const [signUp] = useSignUpMutation();
  const [verify] = useVerifyMutation();
+  const [getCurrentUser] = useGetCurrentUserLazyQuery();
+
  const { isOnAWorkspaceSubdomain } =
    useIsCurrentLocationOnAWorkspaceSubdomain();
  const { workspaceSubdomain } = useReadWorkspaceSubdomainFromCurrentLocation();
@ -165,6 +173,98 @@ export const useAuth = () => {
    [challenge],
  );

+  const loadCurrentUser = useCallback(async () => {
+    const currentUserResult = await getCurrentUser();
+
+    const user = currentUserResult.data?.currentUser;
+
+    if (!user) {
+      throw new Error('No current user result');
+    }
+
+    let workspaceMember = null;
+
+    setCurrentUser(user);
+
+    if (isDefined(user.workspaceMembers)) {
+      const workspaceMembers = user.workspaceMembers.map((workspaceMember) => ({
+        ...workspaceMember,
+        colorScheme: workspaceMember.colorScheme as ColorScheme,
+        locale: workspaceMember.locale ?? 'en',
+      }));
+
+      setCurrentWorkspaceMembers(workspaceMembers);
+    }
+
+    if (isDefined(user.workspaceMember)) {
+      workspaceMember = {
+        ...user.workspaceMember,
+        colorScheme: user.workspaceMember?.colorScheme as ColorScheme,
+        locale: user.workspaceMember?.locale ?? 'en',
+      };
+
+      setCurrentWorkspaceMember(workspaceMember);
+
+      // TODO: factorize with UserProviderEffect
+      setDateTimeFormat({
+        timeZone:
+          workspaceMember.timeZone && workspaceMember.timeZone !== 'system'
+            ? workspaceMember.timeZone
+            : detectTimeZone(),
+        dateFormat: isDefined(user.workspaceMember.dateFormat)
+          ? getDateFormatFromWorkspaceDateFormat(
+              user.workspaceMember.dateFormat,
+            )
+          : DateFormat[detectDateFormat()],
+        timeFormat: isDefined(user.workspaceMember.timeFormat)
+          ? getTimeFormatFromWorkspaceTimeFormat(
+              user.workspaceMember.timeFormat,
+            )
+          : TimeFormat[detectTimeFormat()],
+      });
+    }
+
+    const workspace = user.currentWorkspace ?? null;
+
+    setCurrentWorkspace(workspace);
+
+    if (isDefined(workspace) && isOnAWorkspaceSubdomain) {
+      setLastAuthenticateWorkspaceDomain({
+        workspaceId: workspace.id,
+        subdomain: workspace.subdomain,
+      });
+    }
+
+    if (isDefined(user.workspaces)) {
+      const validWorkspaces = user.workspaces
+        .filter(
+          ({ workspace }) => workspace !== null && workspace !== undefined,
+        )
+        .map((validWorkspace) => validWorkspace.workspace)
+        .filter(isDefined);
+
+      setWorkspaces(validWorkspaces);
+    }
+    setIsAppWaitingForFreshObjectMetadataState(true);
+
+    return {
+      user,
+      workspaceMember,
+      workspace,
+    };
+  }, [
+    getCurrentUser,
+    isOnAWorkspaceSubdomain,
+    setCurrentUser,
+    setCurrentWorkspace,
+    setCurrentWorkspaceMember,
+    setCurrentWorkspaceMembers,
+    setDateTimeFormat,
+    setIsAppWaitingForFreshObjectMetadataState,
+    setLastAuthenticateWorkspaceDomain,
+    setWorkspaces,
+  ]);
+
  const handleVerify = useCallback(
    async (loginToken: string) => {
      const verifyResult = await verify({
@ -181,74 +281,7 @@ export const useAuth = () => {

      setTokenPair(verifyResult.data?.verify.tokens);

-      const user = verifyResult.data?.verify.user;
-
-      let workspaceMember = null;
-
-      setCurrentUser(user);
-
-      if (isDefined(user.workspaceMembers)) {
-        const workspaceMembers = user.workspaceMembers.map(
-          (workspaceMember) => ({
-            ...workspaceMember,
-            colorScheme: workspaceMember.colorScheme as ColorScheme,
-            locale: workspaceMember.locale ?? 'en',
-          }),
-        );
-
-        setCurrentWorkspaceMembers(workspaceMembers);
-      }
-
-      if (isDefined(user.workspaceMember)) {
-        workspaceMember = {
-          ...user.workspaceMember,
-          colorScheme: user.workspaceMember?.colorScheme as ColorScheme,
-          locale: user.workspaceMember?.locale ?? 'en',
-        };
-
-        setCurrentWorkspaceMember(workspaceMember);
-
-        // TODO: factorize with UserProviderEffect
-        setDateTimeFormat({
-          timeZone:
-            workspaceMember.timeZone && workspaceMember.timeZone !== 'system'
-              ? workspaceMember.timeZone
-              : detectTimeZone(),
-          dateFormat: isDefined(user.workspaceMember.dateFormat)
-            ? getDateFormatFromWorkspaceDateFormat(
-                user.workspaceMember.dateFormat,
-              )
-            : DateFormat[detectDateFormat()],
-          timeFormat: isDefined(user.workspaceMember.timeFormat)
-            ? getTimeFormatFromWorkspaceTimeFormat(
-                user.workspaceMember.timeFormat,
-              )
-            : TimeFormat[detectTimeFormat()],
-        });
-      }
-
-      const workspace = user.defaultWorkspace ?? null;
-
-      setCurrentWorkspace(workspace);
-
-      if (isDefined(workspace) && isOnAWorkspaceSubdomain) {
-        setLastAuthenticateWorkspaceDomain({
-          workspaceId: workspace.id,
-          subdomain: workspace.subdomain,
-        });
-      }
-
-      if (isDefined(verifyResult.data?.verify.user.workspaces)) {
-        const validWorkspaces = verifyResult.data?.verify.user.workspaces
-          .filter(
-            ({ workspace }) => workspace !== null && workspace !== undefined,
-          )
-          .map((validWorkspace) => validWorkspace.workspace)
-          .filter(isDefined);
-
-        setWorkspaces(validWorkspaces);
-      }
-      setIsAppWaitingForFreshObjectMetadataState(true);
+      const { user, workspaceMember, workspace } = await loadCurrentUser();

      return {
        user,
@ -257,19 +290,7 @@ export const useAuth = () => {
        tokens: verifyResult.data?.verify.tokens,
      };
    },
-    [
-      verify,
-      setTokenPair,
-      setCurrentUser,
-      setCurrentWorkspace,
-      isOnAWorkspaceSubdomain,
-      setIsAppWaitingForFreshObjectMetadataState,
-      setCurrentWorkspaceMembers,
-      setCurrentWorkspaceMember,
-      setDateTimeFormat,
-      setLastAuthenticateWorkspaceDomain,
-      setWorkspaces,
-    ],
+    [verify, setTokenPair, loadCurrentUser],
  );

  const handleCrendentialsSignIn = useCallback(
@ -328,6 +349,16 @@ export const useAuth = () => {
        throw new Error('No login token');
      }

+      if (isMultiWorkspaceEnabled) {
+        return redirectToWorkspaceDomain(
+          signUpResult.data.signUp.workspace.subdomain,
+          AppPath.Verify,
+          {
+            loginToken: signUpResult.data.signUp.loginToken.token,
+          },
+        );
+      }
+
      const { user, workspace, workspaceMember } = await handleVerify(
        signUpResult.data?.signUp.loginToken.token,
      );
@ -336,7 +367,13 @@ export const useAuth = () => {

      return { user, workspaceMember, workspace };
    },
-    [setIsVerifyPendingState, signUp, handleVerify],
+    [
+      setIsVerifyPendingState,
+      signUp,
+      isMultiWorkspaceEnabled,
+      handleVerify,
+      redirectToWorkspaceDomain,
+    ],
  );

  const buildRedirectUrl = useCallback(
@ -357,6 +394,7 @@ export const useAuth = () => {
          params.workspacePersonalInviteToken,
        );
      }
+
      if (isDefined(workspaceSubdomain)) {
        url.searchParams.set('workspaceSubdomain', workspaceSubdomain);
      }
@ -390,6 +428,8 @@ export const useAuth = () => {
    challenge: handleChallenge,
    verify: handleVerify,

+    loadCurrentUser,
+
    checkUserExists: { checkUserExistsData, checkUserExistsQuery },
    clearSession,
    signOut: handleSignOut,
--- a/packages/twenty-front/src/modules/auth/sign-in-up/components/SignInUpGlobalScopeForm.tsx
+++ b/packages/twenty-front/src/modules/auth/sign-in-up/components/SignInUpGlobalScopeForm.tsx
@ -86,10 +86,7 @@ export const SignInUpGlobalScopeForm = () => {
        const response = data.checkUserExists;
        if (response.__typename === 'UserExists') {
          if (response.availableWorkspaces.length >= 1) {
-            const workspace =
-              response.availableWorkspaces.find(
-                (workspace) => workspace.id === response.defaultWorkspaceId,
-              ) ?? response.availableWorkspaces[0];
+            const workspace = response.availableWorkspaces[0];
            return redirectToWorkspaceDomain(workspace.subdomain, pathname, {
              email: form.getValues('email'),
            });