refactor ui

Author: msukkari

docs/snippets/schemas/v3/identityProvider.schema.mdx

@@ -229,8 +229,7 @@
         "provider",
         "purpose",
         "clientId",
-        "clientSecret",
-        "baseUrl"
+        "clientSecret"
       ]
     },
     "GoogleIdentityProviderConfig": {
@@ -887,8 +886,7 @@
         "provider",
         "purpose",
         "clientId",
-        "clientSecret",
-        "baseUrl"
+        "clientSecret"
       ]
     },
     {

docs/snippets/schemas/v3/index.schema.mdx

@@ -4633,8 +4633,7 @@
               "provider",
               "purpose",
               "clientId",
-              "clientSecret",
-              "baseUrl"
+              "clientSecret"
             ]
           },
           "GoogleIdentityProviderConfig": {
@@ -5291,8 +5290,7 @@
               "provider",
               "purpose",
               "clientId",
-              "clientSecret",
-              "baseUrl"
+              "clientSecret"
             ]
           },
           {

packages/schemas/src/v3/identityProvider.schema.ts

@@ -228,8 +228,7 @@ const schema = {
         "provider",
         "purpose",
         "clientId",
-        "clientSecret",
-        "baseUrl"
+        "clientSecret"
       ]
     },
     "GoogleIdentityProviderConfig": {
@@ -886,8 +885,7 @@ const schema = {
         "provider",
         "purpose",
         "clientId",
-        "clientSecret",
-        "baseUrl"
+        "clientSecret"
       ]
     },
     {

packages/schemas/src/v3/identityProvider.type.ts

@@ -83,7 +83,7 @@ export interface GitLabIdentityProviderConfig {
          */
         googleCloudSecret: string;
       };
-  baseUrl:
+  baseUrl?:
     | {
         /**
          * The name of the environment variable that contains the token.

packages/schemas/src/v3/index.schema.ts

@@ -4632,8 +4632,7 @@ const schema = {
               "provider",
               "purpose",
               "clientId",
-              "clientSecret",
-              "baseUrl"
+              "clientSecret"
             ]
           },
           "GoogleIdentityProviderConfig": {
@@ -5290,8 +5289,7 @@ const schema = {
               "provider",
               "purpose",
               "clientId",
-              "clientSecret",
-              "baseUrl"
+              "clientSecret"
             ]
           },
           {

packages/schemas/src/v3/index.type.ts

@@ -1190,7 +1190,7 @@ export interface GitLabIdentityProviderConfig {
          */
         googleCloudSecret: string;
       };
-  baseUrl:
+  baseUrl?:
     | {
         /**
          * The name of the environment variable that contains the token.

packages/web/src/app/[domain]/layout.tsx

@@ -23,7 +23,7 @@ import { JoinOrganizationCard } from "@/app/components/joinOrganizationCard";
 import { LogoutEscapeHatch } from "@/app/components/logoutEscapeHatch";
 import { GitHubStarToast } from "./components/githubStarToast";
 import { UpgradeToast } from "./components/upgradeToast";
-import { getUnlinkedIntegrationProviders, userNeedsToLinkIdentityProvider } from "@/ee/features/permissionSyncing/actions";
+import { getIntegrationProviderStates } from "@/ee/features/permissionSyncing/actions";
 import { LinkAccounts } from "@/ee/features/permissionSyncing/linkAccounts";
 
 interface LayoutProps {
@@ -126,42 +126,35 @@ export default async function Layout(props: LayoutProps) {
     }
 
     if (hasEntitlement("permission-syncing")) {
-        const unlinkedAccounts = await getUnlinkedIntegrationProviders();
-        if (isServiceError(unlinkedAccounts)) {
+        const integrationProviderStates = await getIntegrationProviderStates();
+        if (isServiceError(integrationProviderStates)) {
             return (
                 <div className="min-h-screen flex flex-col items-center justify-center p-6">
                     <LogoutEscapeHatch className="absolute top-0 right-0 p-6" />
                     <div className="bg-red-50 border border-red-200 rounded-md p-6 max-w-md w-full text-center">
                         <h2 className="text-lg font-semibold text-red-800 mb-2">An error occurred</h2>
                         <p className="text-red-700 mb-1">
-                            {typeof unlinkedAccounts.message === 'string'
-                                ? unlinkedAccounts.message
+                            {typeof integrationProviderStates.message === 'string'
+                                ? integrationProviderStates.message
                                 : "A server error occurred while checking your account status. Please try again or contact support."}
                         </p>
                     </div>
                 </div>
             )
         }
 
-        if (unlinkedAccounts.length > 0) {
-            // Separate required and optional providers
-            const requiredProviders = unlinkedAccounts.filter(p => p.required !== false);
-            const hasRequiredProviders = requiredProviders.length > 0;
-
-            // Check if user has skipped optional providers
+        const hasUnlinkedProviders = integrationProviderStates.some(state => state.isLinked === false);
+        if (hasUnlinkedProviders) {
             const cookieStore = await cookies();
             const hasSkippedOptional = cookieStore.has(OPTIONAL_PROVIDERS_LINK_SKIPPED_COOKIE_NAME);
 
-            // Show LinkAccounts if:
-            // 1. There are required providers, OR
-            // 2. There are only optional providers AND user hasn't skipped yet
-            const shouldShowLinkAccounts = hasRequiredProviders || !hasSkippedOptional;
-
+            const hasUnlinkedRequiredProviders = integrationProviderStates.some(state => state.required && !state.isLinked)
+            const shouldShowLinkAccounts = hasUnlinkedRequiredProviders || !hasSkippedOptional;
             if (shouldShowLinkAccounts) {
                 return (
                     <div className="min-h-screen flex items-center justify-center p-6">
                         <LogoutEscapeHatch className="absolute top-0 right-0 p-6" />
-                        <LinkAccounts unlinkedAccounts={unlinkedAccounts} />
+                        <LinkAccounts integrationProviderStates={integrationProviderStates} callbackUrl={`/${domain}`}/>
                     </div>
                 )
             }

packages/web/src/app/[domain]/settings/permission-syncing/linkButton.tsx

@@ -2,19 +2,11 @@ import { hasEntitlement } from "@sourcebot/shared";
 import { notFound } from "@/lib/serviceError";
 import { LinkedAccountsSettings } from "@/ee/features/permissionSyncing/linkedAccountsSettings";
 
-interface PermissionSyncingPageProps {
-    params: Promise<{
-        domain: string;
-    }>
-}
-
-export default async function PermissionSyncingPage(props: PermissionSyncingPageProps) {
-    const params = await props.params;
-
+export default async function PermissionSyncingPage() {
     const hasPermissionSyncingEntitlement = await hasEntitlement("permission-syncing");
     if (!hasPermissionSyncingEntitlement) {
         notFound();
     }
 
-    return <LinkedAccountsSettings domain={params.domain} />;
+    return <LinkedAccountsSettings />;
 }

packages/web/src/app/[domain]/settings/permission-syncing/page.tsx

@@ -8,89 +8,60 @@ import { env } from "@/env.mjs";
 import { OrgRole } from "@sourcebot/db";
 import { cookies } from "next/headers";
 import { OPTIONAL_PROVIDERS_LINK_SKIPPED_COOKIE_NAME } from "@/lib/constants";
+import { IntegrationIdentityProviderState } from "@/ee/features/permissionSyncing/types";
 
 const logger = createLogger('web-ee-permission-syncing-actions');
 
-export const userNeedsToLinkIdentityProvider = async () => sew(() =>
+export const getIntegrationProviderStates = async () => sew(() =>
     withAuthV2(async ({ prisma, role, user }) =>
         withMinimumOrgRole(role, OrgRole.MEMBER, async () => {
             const config = await loadConfig(env.CONFIG_PATH);
-            const identityProviders = config.identityProviders ?? [];
-
-            for (const identityProvider of identityProviders) {
-                if (identityProvider.purpose === "integration") {
-                    // Only check required providers (default to true if not specified)
-                    const isRequired = 'required' in identityProvider ? identityProvider.required : true;
-
-                    if (!isRequired) {
-                        continue;
-                    }
-
-                    const linkedAccount = await prisma.account.findFirst({
-                        where: {
-                            provider: identityProvider.provider,
-                            userId: user.id,
-                        },
-                    });
-
-                    if (!linkedAccount) {
-                        logger.info(`Required integration identity provider ${identityProvider.provider} account info not found for user ${user.id}`);
-                        return true;
+            const integrationProviderConfigs = config.identityProviders ?? [];
+            const linkedAccounts = await prisma.account.findMany({
+                where: {
+                    userId: user.id,
+                    provider: {
+                        in: integrationProviderConfigs.map(p => p.provider)
                     }
+                },
+                select: {
+                    provider: true,
+                    providerAccountId: true
                 }
-            }
-
-            return false;
-        })
-    )
-);
-
-export const getUnlinkedIntegrationProviders = async () => sew(() =>
-    withAuthV2(async ({ prisma, role, user }) =>
-        withMinimumOrgRole(role, OrgRole.MEMBER, async () => {
-            const config = await loadConfig(env.CONFIG_PATH);
-            const identityProviders = config.identityProviders ?? [];
-            const unlinkedProviders = [];
-
-            for (const identityProvider of identityProviders) {
-                if (identityProvider.purpose === "integration") {
-                    const linkedAccount = await prisma.account.findFirst({
-                        where: {
-                            provider: identityProvider.provider,
-                            userId: user.id,
-                        },
-                    });
+            });
 
-                    if (!linkedAccount) {
-                        const isRequired = 'required' in identityProvider ? identityProvider.required as boolean : true;
-                        logger.info(`Integration identity provider ${identityProvider.provider} not linked for user ${user.id}`);
-                        unlinkedProviders.push({
-                            id: identityProvider.provider,
-                            name: identityProvider.provider,
-                            purpose: "integration" as const,
-                            required: isRequired,
-                        });
-                    }
+            const integrationProviderState: IntegrationIdentityProviderState[] = [];
+            for (const integrationProviderConfig of integrationProviderConfigs) {
+                if (integrationProviderConfig.purpose === "integration") {
+                    const linkedAccount = linkedAccounts.find(
+                        account => account.provider === integrationProviderConfig.provider
+                    );
+
+                    const isLinked = !!linkedAccount;
+                    const isRequired = integrationProviderConfig.required ?? true;
+                    integrationProviderState.push({
+                        id: integrationProviderConfig.provider,
+                        required: isRequired,
+                        isLinked,
+                        linkedAccountId: linkedAccount?.providerAccountId
+                    } as IntegrationIdentityProviderState);
                 }
             }
 
-            return unlinkedProviders;
+            return integrationProviderState;
         })
     )
 );
 
+
 export const unlinkIntegrationProvider = async (provider: string) => sew(() =>
     withAuthV2(async ({ prisma, role, user }) =>
         withMinimumOrgRole(role, OrgRole.MEMBER, async () => {
             const config = await loadConfig(env.CONFIG_PATH);
             const identityProviders = config.identityProviders ?? [];
 
-            // Verify this is an integration provider
-            const isIntegrationProvider = identityProviders.some(
-                idp => idp.provider === provider && idp.purpose === "integration"
-            );
-
-            if (!isIntegrationProvider) {
+            const providerConfig = identityProviders.find(idp => idp.provider === provider)
+            if (!providerConfig || !('purpose' in providerConfig) || providerConfig.purpose !== "integration") {
                 throw new Error("Provider is not an integration provider");
             }
 
@@ -104,6 +75,14 @@ export const unlinkIntegrationProvider = async (provider: string) => sew(() =>
 
             logger.info(`Unlinked integration provider ${provider} for user ${user.id}. Deleted ${result.count} account(s).`);
 
+            // If we're unlinking a required identity provider then we want to wipe the optional skip cookie if it exists so that we give the
+            // user the option of linking optional providers in the same link accounts screen
+            const isRequired = providerConfig.required ?? true;
+            if (isRequired) {
+                const cookieStore = await cookies();
+                cookieStore.delete(OPTIONAL_PROVIDERS_LINK_SKIPPED_COOKIE_NAME);
+            }
+
             return { success: true, count: result.count };
         })
     )