Merge branch 'main' of https://github.com/shuffle/shuffle-shared

frikky · frikky · commit a558e2c3b018 · 2025-12-18T19:23:41.000+01:00
diff --git a/db-connector.go b/db-connector.go
@@ -5375,32 +5375,32 @@ func FindWorkflowAppByName(ctx context.Context, appName string) ([]WorkflowApp,
 // Also validates that the clientID matches the org's configured SSO
 func FindUserBySSOIdentity(ctx context.Context, sub, clientID, orgID, email string) (User, error) {
 	var emptyUser User
-	
+
 	// Check if Sub is empty - user hasn't connected SSO yet
 	if sub == "" {
 		return emptyUser, errors.New("connect user account with SSO first")
 	}
-	
+
 	if clientID == "" || orgID == "" || email == "" {
 		return emptyUser, errors.New("clientID, orgID, and email are all required")
 	}
-	
+
 	// Verify the clientID actually matches the org's SSO configuration
 	org, err := GetOrg(ctx, orgID)
 	if err != nil {
 		return emptyUser, fmt.Errorf("failed to get org %s: %w", orgID, err)
 	}
-	
+
 	if org.SSOConfig.OpenIdClientId != clientID {
 		return emptyUser, fmt.Errorf("clientID %s does not match org's configured SSO client ID %s", clientID, org.SSOConfig.OpenIdClientId)
 	}
-	
+
 	// Normalize email for comparison
 	normalizedEmail := strings.ToLower(strings.TrimSpace(email))
-	
+
 	nameKey := "Users"
 	var users []User
-	
+
 	if project.DbType == "opensearch" {
 		// OpenSearch query to find users with matching SSO info
 		var buf bytes.Buffer
@@ -5444,11 +5444,11 @@ func FindUserBySSOIdentity(ctx context.Context, sub, clientID, orgID, email stri
 				},
 			},
 		}
-		
+
 		if err := json.NewEncoder(&buf).Encode(query); err != nil {
 			return emptyUser, fmt.Errorf("failed to encode opensearch query: %w", err)
 		}
-		
+
 		resp, err := project.Es.Search(ctx, &opensearchapi.SearchReq{
 			Indices: []string{strings.ToLower(GetESIndexPrefix(nameKey))},
 			Body:    &buf,
@@ -5459,23 +5459,23 @@ func FindUserBySSOIdentity(ctx context.Context, sub, clientID, orgID, email stri
 		if err != nil {
 			return emptyUser, fmt.Errorf("opensearch query failed: %w", err)
 		}
-		
+
 		res := resp.Inspect().Response
 		defer res.Body.Close()
 		if res.StatusCode != 200 && res.StatusCode != 201 {
 			return emptyUser, fmt.Errorf("opensearch error response: %d", res.StatusCode)
 		}
-		
+
 		var r map[string]interface{}
 		if err := json.NewDecoder(res.Body).Decode(&r); err != nil {
 			return emptyUser, fmt.Errorf("failed to parse opensearch response: %w", err)
 		}
-		
+
 		hits, ok := r["hits"].(map[string]interface{})["hits"].([]interface{})
 		if !ok {
 			return emptyUser, errors.New("no matching user found")
 		}
-		
+
 		for _, hit := range hits {
 			if source, ok := hit.(map[string]interface{})["_source"]; ok {
 				data, _ := json.Marshal(source)
@@ -5493,32 +5493,32 @@ func FindUserBySSOIdentity(ctx context.Context, sub, clientID, orgID, email stri
 		if err != nil {
 			return emptyUser, fmt.Errorf("datastore query failed: %w", err)
 		}
-		
+
 		// Filter users to find exact SSO match
 		var matchingUsers []User
 		for _, user := range users {
 			for _, ssoInfo := range user.SSOInfos {
-				if ssoInfo.Sub == sub && 
-				   ssoInfo.ClientID == clientID && 
-				   ssoInfo.OrgID == orgID {
+				if ssoInfo.Sub == sub &&
+					ssoInfo.ClientID == clientID &&
+					ssoInfo.OrgID == orgID {
 					matchingUsers = append(matchingUsers, user)
 					break
 				}
 			}
 		}
 		users = matchingUsers
 	}
-	
+
 	if len(users) == 0 {
 		return emptyUser, fmt.Errorf("no user found with Sub=%s, ClientID=%s, OrgID=%s, Email=%s", sub, clientID, orgID, normalizedEmail)
 	}
-	
+
 	if len(users) > 1 {
-		log.Printf("[CRITICAL] Multiple users found with same SSO identity: Sub=%s, ClientID=%s, OrgID=%s, Email=%s", 
+		log.Printf("[CRITICAL] Multiple users found with same SSO identity: Sub=%s, ClientID=%s, OrgID=%s, Email=%s",
 			sub, clientID, orgID, normalizedEmail)
 		return emptyUser, errors.New("multiple users found with same SSO identity - data integrity issue")
 	}
-	
+
 	return users[0], nil
 }
 
@@ -5816,6 +5816,7 @@ func GetUser(ctx context.Context, username string) (*User, error) {
 }
 
 func (u *User) GetSSOInfo(orgID string) (SSOInfo, bool) {
+	log.Printf("[DEBUG] Getting SSOInfo for user %s and org %s", u.Id, orgID)
 	for _, sso := range u.SSOInfos {
 		if sso.OrgID == orgID {
 			return sso, true
diff --git a/shared.go b/shared.go
@@ -958,6 +958,9 @@ func HandleGetOrg(resp http.ResponseWriter, request *http.Request) {
 		return
 	}
 
+	// clean getOrg invites
+	org.Invites = []string{}
+
 	if org.OrgAuth.Token == "" {
 		org.OrgAuth.Token = uuid.NewV4().String()
 		org.OrgAuth.Expires = time.Now().AddDate(0, 0, 1)

Original file line number	Diff line number	Diff line change
`@@ -958,6 +958,9 @@ func HandleGetOrg(resp http.ResponseWriter, request *http.Request) {`
`958`	`958`	`return`
`959`	`959`	`}`
`960`	`960`
	`961`	`+ // clean getOrg invites`
	`962`	`+ org.Invites = []string{}`
	`963`	`+`
`961`	`964`	`if org.OrgAuth.Token == "" {`
`962`	`965`	`org.OrgAuth.Token = uuid.NewV4().String()`
`963`	`966`	`org.OrgAuth.Expires = time.Now().AddDate(0, 0, 1)`