From 386bd619676e54e960ca0af3ff47fa3b9c16c813 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Iv=C3=A1n=20Ovejero?= Date: Thu, 7 Dec 2023 10:53:31 +0100 Subject: [PATCH] fix(core): Ensure inviter and invitee are set correctly in invite link (#7943) ## Summary Ensure inviter and invitee are set correctly in invite link ... #### How to test the change: 1. ... ## Issues fixed Include links to Github issue or Community forum post or **Linear ticket**: > Important in order to close automatically and provide context to reviewers https://linear.app/n8n/issue/ADO-1494 ## Review / Merge checklist - [ ] PR title and summary are descriptive. **Remember, the title automatically goes into the changelog. Use `(no-changelog)` otherwise.** ([conventions](https://github.com/n8n-io/n8n/blob/master/.github/pull_request_title_conventions.md)) - [ ] [Docs updated](https://github.com/n8n-io/n8n-docs) or follow-up ticket created. - [ ] Tests included. > A bug is not considered fixed, unless a test is added to prevent it from happening again. A feature is not complete without tests. > > *(internal)* You can use Slack commands to trigger [e2e tests](https://www.notion.so/n8n/How-to-use-Test-Instances-d65f49dfc51f441ea44367fb6f67eb0a?pvs=4#a39f9e5ba64a48b58a71d81c837e8227) or [deploy test instance](https://www.notion.so/n8n/How-to-use-Test-Instances-d65f49dfc51f441ea44367fb6f67eb0a?pvs=4#f6a177d32bde4b57ae2da0b8e454bfce) or [deploy early access version on Cloud](https://www.notion.so/n8n/Cloudbot-3dbe779836004972b7057bc989526998?pvs=4#fef2d36ab02247e1a0f65a74f6fb534e). --- .../cli/src/controllers/users.controller.ts | 4 ++- packages/cli/src/services/user.service.ts | 29 ++++++++++++------- .../test/unit/services/user.service.test.ts | 23 ++++++++++----- 3 files changed, 37 insertions(+), 19 deletions(-) diff --git a/packages/cli/src/controllers/users.controller.ts b/packages/cli/src/controllers/users.controller.ts index 4f7b67934c..410de6d1ae 100644 --- a/packages/cli/src/controllers/users.controller.ts +++ b/packages/cli/src/controllers/users.controller.ts @@ -126,7 +126,9 @@ export class UsersController { const users = await this.userService.findMany(findManyOptions); const publicUsers: Array> = await Promise.all( - users.map(async (u) => this.userService.toPublic(u, { withInviteUrl: true })), + users.map(async (u) => + this.userService.toPublic(u, { withInviteUrl: true, inviterId: req.user.id }), + ), ); return listQueryOptions diff --git a/packages/cli/src/services/user.service.ts b/packages/cli/src/services/user.service.ts index c19e98eb0c..2dd4122f1a 100644 --- a/packages/cli/src/services/user.service.ts +++ b/packages/cli/src/services/user.service.ts @@ -14,7 +14,7 @@ import { createPasswordSha } from '@/auth/jwt'; import { UserManagementMailer } from '@/UserManagement/email'; import { InternalHooks } from '@/InternalHooks'; import { RoleService } from '@/services/role.service'; -import { ErrorReporterProxy as ErrorReporter } from 'n8n-workflow'; +import { ApplicationError, ErrorReporterProxy as ErrorReporter } from 'n8n-workflow'; import type { UserRequest } from '@/requests'; import { InternalServerError } from '@/errors/response-errors/internal-server.error'; @@ -123,7 +123,12 @@ export class UserService { async toPublic( user: User, - options?: { withInviteUrl?: boolean; posthog?: PostHogClient; withScopes?: boolean }, + options?: { + withInviteUrl?: boolean; + inviterId?: string; + posthog?: PostHogClient; + withScopes?: boolean; + }, ) { const { password, updatedAt, apiKey, authIdentities, mfaRecoveryCodes, mfaSecret, ...rest } = user; @@ -136,30 +141,34 @@ export class UserService { hasRecoveryCodesLeft: !!user.mfaRecoveryCodes?.length, }; - if (options?.withScopes) { - publicUser.globalScopes = user.globalScopes; + if (options?.withInviteUrl && !options?.inviterId) { + throw new ApplicationError('Inviter ID is required to generate invite URL'); } - if (options?.withInviteUrl && publicUser.isPending) { - publicUser = this.addInviteUrl(publicUser, user.id); + if (options?.withInviteUrl && options?.inviterId && publicUser.isPending) { + publicUser = this.addInviteUrl(options.inviterId, publicUser); } if (options?.posthog) { publicUser = await this.addFeatureFlags(publicUser, options.posthog); } + if (options?.withScopes) { + publicUser.globalScopes = user.globalScopes; + } + return publicUser; } - private addInviteUrl(user: PublicUser, inviterId: string) { + private addInviteUrl(inviterId: string, invitee: PublicUser) { const url = new URL(getInstanceBaseUrl()); url.pathname = '/signup'; url.searchParams.set('inviterId', inviterId); - url.searchParams.set('inviteeId', user.id); + url.searchParams.set('inviteeId', invitee.id); - user.inviteAcceptUrl = url.toString(); + invitee.inviteAcceptUrl = url.toString(); - return user; + return invitee; } private async addFeatureFlags(publicUser: PublicUser, posthog: PostHogClient) { diff --git a/packages/cli/test/unit/services/user.service.test.ts b/packages/cli/test/unit/services/user.service.test.ts index b61cd244a6..56eb26194b 100644 --- a/packages/cli/test/unit/services/user.service.test.ts +++ b/packages/cli/test/unit/services/user.service.test.ts @@ -50,22 +50,29 @@ describe('UserService', () => { }); it('should add scopes if requested', async () => { - const scopeless = await userService.toPublic(commonMockUser, { withScopes: false }); - const scoped = await userService.toPublic(commonMockUser, { withScopes: true }); + const unscoped = await userService.toPublic(commonMockUser); - expect(Array.isArray(scopeless.globalScopes)).toBe(false); - expect(Array.isArray(scoped.globalScopes)).toBe(true); + expect(scoped.globalScopes).toEqual([]); + expect(unscoped.globalScopes).toBeUndefined(); }); it('should add invite URL if requested', async () => { - const mockUser = Object.assign(new User(), { id: uuid(), isPending: true }); + const firstUser = Object.assign(new User(), { id: uuid() }); + const secondUser = Object.assign(new User(), { id: uuid(), isPending: true }); - const withUrl = await userService.toPublic(mockUser, { withInviteUrl: true }); - const withoutUrl = await userService.toPublic(mockUser, { withInviteUrl: false }); + const withoutUrl = await userService.toPublic(secondUser); + const withUrl = await userService.toPublic(secondUser, { + withInviteUrl: true, + inviterId: firstUser.id, + }); - expect(typeof withUrl.inviteAcceptUrl === 'string').toBe(true); expect(withoutUrl.inviteAcceptUrl).toBeUndefined(); + + const url = new URL(withUrl.inviteAcceptUrl ?? ''); + + expect(url.searchParams.get('inviterId')).toBe(firstUser.id); + expect(url.searchParams.get('inviteeId')).toBe(secondUser.id); }); });