parabol icon indicating copy to clipboard operation
parabol copied to clipboard

Published 20 hours ago verified publisher icon ParabolInc

Prompt to join org does not work with SSO

Open igorlesnenko opened this issue 1 year ago • 6 comments

  • Now we require email to be verified to use prompt to join org
  • For loginWithSAML we don't create identities array, which we use to determine if email is verified
  • This cause a bug

Solutions:

  • Quick solution is to use this workaround like we used for autojoin https://github.com/ParabolInc/parabol/pull/9189
  • Good solution, add identities array https://github.com/ParabolInc/parabol/issues/9202

igorlesnenko avatar Feb 07 '24 14:02 igorlesnenko

No, quick solution is not very good, we checking identities several times in nested prompt to join functions.

igorlesnenko avatar Feb 08 '24 14:02 igorlesnenko

I propose the quickfix:

  • change https://github.com/ParabolInc/parabol/blob/master/packages/server/utils/isUserVerified.ts to also check the login type
  • use this function instead of manually checking the identities everywhere

Dschoordsch avatar Feb 08 '24 14:02 Dschoordsch

We have many loops where isUserVerified is called. I'm worrying that it is async and it may accidentally cause a lot of queries. Let me check, I feel that the right way to fix it would be not much complex

igorlesnenko avatar Feb 12 '24 11:02 igorlesnenko

I started with identities solution, but it feels more tricky, will link my draft PR and will do a quick one. #9420

igorlesnenko avatar Feb 13 '24 10:02 igorlesnenko

This would be good for us to fix finish fixing up. I'll add it near the top of our queue

jordanh avatar Mar 15 '24 22:03 jordanh

Also see #4125 as an alternative approach.

mattkrick avatar Jul 23 '24 18:07 mattkrick