feat(auth): refactor auth + allow to configure auth methods by workspace #8654
+1,909
−1,218
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…t-auth-methods-by-workspace # Conflicts: # packages/twenty-front/src/modules/auth/sign-in-up/components/SignInUpForm.tsx # packages/twenty-front/src/modules/auth/sign-in-up/hooks/useSignInUpForm.ts
Remove unused imports from SignInUpGlobalScopeForm.tsx to improve code readability and reduce clutter. This change simplifies the module by eliminating unnecessary dependencies.
Suppress eslint warnings for console.error in error handling. This ensures cleaner code and maintains log output for better debugging.
Correct the expected state in useAuth test to reflect the accurate status of authProviders. This includes setting 'google' and 'password' to true, and initializing 'sso' as an empty array.
TODOs/FIXMEs:
|
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
PR Summary
This PR implements workspace-specific authentication configuration, replacing the global auth settings with per-workspace controls for Google, Microsoft, Password, and SSO authentication methods.
- Added
isGoogleAuthEnabled,isMicrosoftAuthEnabled,isPasswordAuthEnabledfields to/packages/twenty-server/src/engine/core-modules/workspace/workspace.entity.tsfor per-workspace auth control - Replaced global
IS_SIGN_UP_DISABLEDwithIS_MULTIWORKSPACE_ENABLEDin server environment variables to support subdomain-based workspace access - Added new
WorkspaceProviderEffectcomponent in/packages/twenty-front/src/modules/workspace/components/WorkspaceProviderEffect.tsxto manage workspace-specific auth state - Added
getPublicWorkspaceDataBySubdomainquery in workspace resolver to fetch workspace-specific auth configuration - Implemented SSO identity provider management with new types and mutations in
/packages/twenty-server/src/engine/core-modules/sso/for OIDC and SAML support
88 file(s) reviewed, 66 comment(s)
Edit PR Review Bot Settings | Greptile
packages/twenty-front/src/modules/auth/graphql/queries/getPublicWorkspaceDataBySubdomain.ts
Show resolved
Hide resolved
packages/twenty-front/src/modules/auth/sign-in-up/components/SignInUpEmailField.tsx
Show resolved
Hide resolved
packages/twenty-front/src/modules/auth/sign-in-up/components/SignInUpGlobalScopeForm.tsx
Show resolved
Hide resolved
packages/twenty-front/src/modules/auth/sign-in-up/components/SignInUpGlobalScopeForm.tsx
Show resolved
Hide resolved
| import { CustomException } from 'src/utils/custom-exception'; | ||
|
|
||
| export class WorkspaceException extends CustomException { | ||
| code: WorkspaceExceptionCode; |
There was a problem hiding this comment.
style: code property is redundant since it's already passed to super and available through inheritance
Comment on lines
+159
to
+164
| if (!workspace) { | ||
| return new WorkspaceException( | ||
| 'Workspace not found', | ||
| WorkspaceExceptionCode.WORKSPACE_NOT_FOUND, | ||
| ); | ||
| } |
There was a problem hiding this comment.
logic: throwing an exception would be more appropriate than returning it as a successful response
| withSearchParams?: Record<string, string | number>; | ||
| } = {}, | ||
| ) => { | ||
| const url = new URL(baseUrl); |
There was a problem hiding this comment.
style: new URL() will throw if baseUrl is invalid. Consider wrapping in try/catch
| ) => { | ||
| const url = new URL(baseUrl); | ||
|
|
||
| url.hostname = subdomain ? `${subdomain}.${url.hostname}` : url.hostname; |
There was a problem hiding this comment.
logic: subdomain should be sanitized to prevent invalid hostname characters
Comment on lines
+21
to
+23
| Object.entries(withSearchParams).forEach(([key, value]) => { | ||
| url.searchParams.set(key, value.toString()); | ||
| }); |
There was a problem hiding this comment.
logic: value.toString() on null/undefined will throw. Add null check
AMoreaux
changed the base branch from
main
to
feat/add-is-multi-workspace-flag
…lect-auth-methods-by-workspace
…lect-auth-methods-by-workspace # Conflicts: # packages/twenty-front/src/generated/graphql.tsx
Updated SSO identity provider type and added types for workspace queries. Removed deprecated mutations and queries related to SSO identity providers and JWT generation. Added new fields and types to support improved workspace querying and switching capabilities.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.