Make workspaceMemberId optional in JWT for workspaces that are not AC…

…TIVE (twentyhq#6714) WorkspaceMemberId is mandatory in the jwt token generated for a given user on a given workspace. However, when a user signs up, it does not have a workspaceMemberId yet.
jeet1desai · Aug 21, 2024 · eab202f · eab202f
1 parent da4bd73
commit eab202f
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 21 deletions.
diff --git a/packages/twenty-server/src/engine/core-modules/auth/services/token.service.ts b/packages/twenty-server/src/engine/core-modules/auth/services/token.service.ts
@@ -38,7 +38,10 @@ import {
 import { AuthContext } from 'src/engine/core-modules/auth/types/auth-context.type';
 import { JwtWrapperService } from 'src/engine/core-modules/jwt/services/jwt-wrapper.service';
 import { User } from 'src/engine/core-modules/user/user.entity';
-import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
+import {
+  Workspace,
+  WorkspaceActivationStatus,
+} from 'src/engine/core-modules/workspace/workspace.entity';
 import { EmailService } from 'src/engine/integrations/email/email.service';
 import { EnvironmentService } from 'src/engine/integrations/environment/environment.service';
 import { TwentyORMGlobalManager } from 'src/engine/twenty-orm/twenty-orm-global.manager';
@@ -94,33 +97,39 @@ export class TokenService {
       );
     }
 
-    const workspaceIdNonNullable = workspaceId
-      ? workspaceId
-      : user.defaultWorkspace.id;
+    const tokenWorkspaceId = workspaceId ?? user.defaultWorkspace.id;
+    let tokenWorkspaceMemberId: string | undefined;
 
-    const workspaceMemberRepository =
-      await this.twentyORMGlobalManager.getRepositoryForWorkspace<WorkspaceMemberWorkspaceEntity>(
-        workspaceIdNonNullable,
-        'workspaceMember',
-      );
+    if (
+      user.defaultWorkspace.activationStatus ===
+      WorkspaceActivationStatus.ACTIVE
+    ) {
+      const workspaceMemberRepository =
+        await this.twentyORMGlobalManager.getRepositoryForWorkspace<WorkspaceMemberWorkspaceEntity>(
+          tokenWorkspaceId,
+          'workspaceMember',
+        );
 
-    const workspaceMember = await workspaceMemberRepository.findOne({
-      where: {
-        userId: user.id,
-      },
-    });
+      const workspaceMember = await workspaceMemberRepository.findOne({
+        where: {
+          userId: user.id,
+        },
+      });
 
-    if (!workspaceMember) {
-      throw new AuthException(
-        'User is not a member of the workspace',
-        AuthExceptionCode.FORBIDDEN_EXCEPTION,
-      );
+      if (!workspaceMember) {
+        throw new AuthException(
+          'User is not a member of the workspace',
+          AuthExceptionCode.FORBIDDEN_EXCEPTION,
+        );
+      }
+
+      tokenWorkspaceMemberId = workspaceMember.id;
     }
 
     const jwtPayload: JwtPayload = {
       sub: user.id,
       workspaceId: workspaceId ? workspaceId : user.defaultWorkspace.id,
-      workspaceMemberId: workspaceMember.id,
+      workspaceMemberId: tokenWorkspaceMemberId,
     };
 
     return {

diff --git a/packages/twenty-server/src/engine/core-modules/auth/strategies/jwt.auth.strategy.ts b/packages/twenty-server/src/engine/core-modules/auth/strategies/jwt.auth.strategy.ts
@@ -20,7 +20,7 @@ import { ApiKeyWorkspaceEntity } from 'src/modules/api-key/standard-objects/api-
 export type JwtPayload = {
   sub: string;
   workspaceId: string;
-  workspaceMemberId: string;
+  workspaceMemberId?: string;
   jti?: string;
 };