refactor(auth): clean up and enhance sign-in-up logic

packages/twenty-server/src/database/typeorm/core/migrations/1730298416367-addAuthProvidersColumnsToWorkspace.ts

@@ -0,0 +1,31 @@
+import { MigrationInterface, QueryRunner } from 'typeorm';
+
+export class AddAuthProvidersColumnsToWorkspace1730298416367
+  implements MigrationInterface
+{
+  name = 'AddAuthProvidersColumnsToWorkspace1730298416367';
+
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(
+      `ALTER TABLE "core"."workspace" ADD "isMicrosoftAuthEnabled" BOOLEAN DEFAULT false`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "core"."workspace" ADD "isGoogleAuthEnabled" BOOLEAN DEFAULT true`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "core"."workspace" ADD "isPasswordAuthEnabled" BOOLEAN DEFAULT true`,
+    );
+  }
+
+  public async down(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(
+      `ALTER TABLE "core"."workspace" DROP COLUMN "isMicrosoftAuthEnabled"`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "core"."workspace" DROP COLUMN "isGoogleAuthEnabled"`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "core"."workspace" DROP COLUMN "isPasswordAuthEnabled"`,
+    );
+  }
+}

packages/twenty-server/src/engine/core-modules/auth/dto/available-workspaces.output.ts

@@ -0,0 +1,42 @@
+/* @license Enterprise */
+
+import { Field, ObjectType } from '@nestjs/graphql';
+
+import { SSOConfiguration } from 'src/engine/core-modules/sso/types/SSOConfigurations.type';
+import {
+  IdentityProviderType,
+  SSOIdentityProviderStatus,
+} from 'src/engine/core-modules/sso/workspace-sso-identity-provider.entity';
+
+@ObjectType()
+class SSOConnection {
+  @Field(() => IdentityProviderType)
+  type: SSOConfiguration['type'];
+
+  @Field(() => String)
+  id: string;
+
+  @Field(() => String)
+  issuer: string;
+
+  @Field(() => String)
+  name: string;
+
+  @Field(() => SSOIdentityProviderStatus)
+  status: SSOConfiguration['status'];
+}
+
+@ObjectType()
+export class AvailableWorkspaceOutput {
+  @Field(() => String)
+  id: string;
+
+  @Field(() => String, { nullable: true })
+  displayName?: string | null;
+
+  @Field(() => String, { nullable: true })
+  logo?: string;
+
+  @Field(() => [SSOConnection], { nullable: true })
+  sso: SSOConnection[];
+}

packages/twenty-server/src/engine/core-modules/auth/services/auth.service.spec.ts

@@ -9,6 +9,7 @@ import { EmailService } from 'src/engine/core-modules/email/email.service';
 import { EnvironmentService } from 'src/engine/core-modules/environment/environment.service';
 import { User } from 'src/engine/core-modules/user/user.entity';
 import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
+import { UserService } from 'src/engine/core-modules/user/services/user.service';
 
 import { AuthService } from './auth.service';
 
@@ -35,6 +36,10 @@ describe('AuthService', () => {
           provide: SignInUpService,
           useValue: {},
         },
+        {
+          provide: UserService,
+          useValue: {},
+        },
         {
           provide: EnvironmentService,
           useValue: {},

packages/twenty-server/src/engine/core-modules/auth/services/auth.service.ts

@@ -38,12 +38,15 @@ import { EmailService } from 'src/engine/core-modules/email/email.service';
 import { EnvironmentService } from 'src/engine/core-modules/environment/environment.service';
 import { User } from 'src/engine/core-modules/user/user.entity';
 import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
+import { AvailableWorkspaceOutput } from 'src/engine/core-modules/auth/dto/available-workspaces.output';
+import { UserService } from 'src/engine/core-modules/user/services/user.service';
 
 @Injectable()
 export class AuthService {
   constructor(
     private readonly accessTokenService: AccessTokenService,
     private readonly refreshTokenService: RefreshTokenService,
+    private readonly userService: UserService,
     private readonly signInUpService: SignInUpService,
     @InjectRepository(Workspace, 'core')
     private readonly workspaceRepository: Repository<Workspace>,
@@ -56,8 +59,11 @@ export class AuthService {
   ) {}
 
   async challenge(challengeInput: ChallengeInput) {
-    const user = await this.userRepository.findOneBy({
-      email: challengeInput.email,
+    const user = await this.userRepository.findOne({
+      where: {
+        email: challengeInput.email,
+      },
+      relations: ['workspaces'],
     });
 
     if (!user) {
@@ -103,8 +109,8 @@ export class AuthService {
     password?: string;
     firstName?: string | null;
     lastName?: string | null;
-    workspaceInviteHash?: string | null;
-    workspacePersonalInviteToken?: string | null;
+    workspaceInviteHash?: string;
+    workspacePersonalInviteToken?: string;
     picture?: string | null;
     fromSSO: boolean;
   }) {
@@ -120,20 +126,29 @@ export class AuthService {
     });
   }
 
-  async verify(email: string): Promise<Verify> {
+  private async findOneWithWorkspacesByEmail(email: string) {
+    return this.userRepository.findOne({
+      where: {
+        email,
+      },
+      relations: ['defaultWorkspace', 'workspaces', 'workspaces.workspace'],
+    });
+  }
+
+  async verify(email: string, workspaceId?: string): Promise<Verify> {
     if (!email) {
       throw new AuthException(
         'Email is required',
         AuthExceptionCode.INVALID_INPUT,
       );
     }
 
-    const user = await this.userRepository.findOne({
-      where: {
-        email,
-      },
-      relations: ['defaultWorkspace', 'workspaces', 'workspaces.workspace'],
-    });
+    let user = await this.findOneWithWorkspacesByEmail(email);
+
+    if (user && workspaceId && user.defaultWorkspaceId !== workspaceId) {
+      await this.userService.saveDefaultWorkspace(user, workspaceId);
+      user = await this.findOneWithWorkspacesByEmail(email);
+    }
 
     if (!user) {
       throw new AuthException(
@@ -404,4 +419,47 @@ export class AuthService {
       'FRONT_BASE_URL',
     )}/verify?loginToken=${loginToken}`;
   }
+
+  async findAvailableWorkspacesByEmail(email: string) {
+    const user = await this.userRepository.findOne({
+      where: {
+        email,
+      },
+      relations: [
+        'workspaces',
+        'workspaces.workspace',
+        'workspaces.workspace.workspaceSSOIdentityProviders',
+      ],
+    });
+
+    if (!user) {
+      throw new AuthException(
+        'User not found',
+        AuthExceptionCode.USER_NOT_FOUND,
+      );
+    }
+
+    return user.workspaces.map<AvailableWorkspaceOutput>((userWorkspace) => ({
+      id: userWorkspace.workspaceId,
+      displayName: userWorkspace.workspace.displayName,
+      logo: userWorkspace.workspace.logo,
+      sso: userWorkspace.workspace.workspaceSSOIdentityProviders.reduce(
+        (acc, identityProvider) =>
+          acc.concat(
+            identityProvider.status === 'Inactive'
+              ? []
+              : [
+                  {
+                    id: identityProvider.id,
+                    name: identityProvider.name ?? 'Unknown',
+                    issuer: identityProvider.issuer,
+                    type: identityProvider.type,
+                    status: identityProvider.status,
+                  },
+                ],
+          ),
+        [] as AvailableWorkspaceOutput['sso'],
+      ),
+    }));
+  }
 }