claim_invite

Author: epompeii

lib/api_auth/src/github.rs

@@ -7,7 +7,7 @@ use bencher_schema::{
     context::ApiContext,
     error::{issue_error, payment_required_error, unauthorized_error},
     model::{
-        organization::plan::LicenseUsage,
+        organization::{plan::LicenseUsage, QueryOrganization},
         user::{InsertUser, QueryUser},
     },
 };
@@ -79,6 +79,11 @@ async fn post_inner(
         query_user.check_is_locked()?;
         if let Some(invite) = &json_oauth.invite {
             query_user.accept_invite(conn_lock!(context), &context.token_key, invite)?;
+        } else if let Some(organization_uuid) = json_oauth.claim {
+            let query_organization =
+                QueryOrganization::from_uuid(conn_lock!(context), organization_uuid)?;
+            let invite = query_organization.claim(context, &query_user).await?;
+            query_user.accept_invite(conn_lock!(context), &context.token_key, &invite)?;
         }
         query_user
     } else {
@@ -88,6 +93,7 @@ async fn post_inner(
             email: email.clone(),
             plan: json_oauth.plan,
             invite: json_oauth.invite.clone(),
+            claim: json_oauth.claim,
             i_agree: true,
         };
 

lib/api_projects/src/claim.rs

@@ -1,5 +1,5 @@
 use bencher_endpoint::{CorsResponse, Endpoint, Post, ResponseCreated};
-use bencher_json::{organization::member::OrganizationRole, JsonNewClaim, JsonProject, ResourceId};
+use bencher_json::{organization::member::OrganizationRole, JsonAccept, JsonNewClaim, ResourceId};
 use bencher_schema::{
     conn_lock,
     context::ApiContext,
@@ -14,6 +14,10 @@ use dropshot::{endpoint, HttpError, Path, RequestContext, TypedBody};
 use schemars::JsonSchema;
 use serde::Deserialize;
 
+// The claim token should be short-lived,
+// as it is meant to be used immediately after creation.
+const CLAIM_TOKEN_TTL: u32 = 60;
+
 #[derive(Deserialize, JsonSchema)]
 pub struct ProjClaimParams {
     /// The slug or UUID for a project.
@@ -47,7 +51,7 @@ pub async fn proj_claim_post(
     bearer_token: BearerToken,
     path_params: Path<ProjClaimParams>,
     body: TypedBody<JsonNewClaim>,
-) -> Result<ResponseCreated<JsonProject>, HttpError> {
+) -> Result<ResponseCreated<JsonAccept>, HttpError> {
     let auth_user = AuthUser::from_token(rqctx.context(), bearer_token).await?;
     let json = post_inner(
         rqctx.context(),
@@ -64,7 +68,7 @@ async fn post_inner(
     path_params: ProjClaimParams,
     _json_claim: JsonNewClaim,
     auth_user: AuthUser,
-) -> Result<JsonProject, HttpError> {
+) -> Result<JsonAccept, HttpError> {
     let query_project = QueryProject::from_resource_id(conn_lock!(context), &path_params.project)?;
     let query_organization =
         QueryOrganization::get(conn_lock!(context), query_project.organization_id)?;
@@ -80,7 +84,7 @@ async fn post_inner(
         .token_key
         .new_invite(
             auth_user.email.clone(),
-            60,
+            CLAIM_TOKEN_TTL,
             query_organization.uuid,
             OrganizationRole::Leader,
         )
@@ -91,9 +95,6 @@ async fn post_inner(
                 e,
             )
         })?;
-    auth_user
-        .user
-        .accept_invite(conn_lock!(context), &context.token_key, &invite)?;
 
-    Ok(query_project.into_json_for_organization(conn_lock!(context), &query_organization))
+    Ok(JsonAccept { invite })
 }

lib/bencher_json/src/system/auth.rs

@@ -5,7 +5,7 @@ use bencher_valid::{PlanLevel, Secret};
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
 
-use crate::JsonUser;
+use crate::{JsonUser, OrganizationUuid};
 
 #[typeshare::typeshare]
 #[derive(Debug, Clone, Serialize, Deserialize)]
@@ -17,6 +17,7 @@ pub struct JsonSignup {
     #[cfg(feature = "plus")]
     pub plan: Option<PlanLevel>,
     pub invite: Option<Jwt>,
+    pub claim: Option<OrganizationUuid>,
     /// I agree to the Bencher Terms of Use (https://bencher.dev/legal/terms-of-use), Privacy Policy (https://bencher.dev/legal/privacy), and License Agreement (https://bencher.dev/legal/license)
     pub i_agree: bool,
 }
@@ -40,6 +41,7 @@ pub struct JsonOAuth {
     #[cfg(feature = "plus")]
     pub plan: Option<PlanLevel>,
     pub invite: Option<Jwt>,
+    pub claim: Option<OrganizationUuid>,
 }
 
 #[typeshare::typeshare]

lib/bencher_schema/src/lib.rs

@@ -20,6 +20,7 @@ const MIGRATIONS: EmbeddedMigrations = embed_migrations!("./migrations");
 
 // TODO Custom max TTL
 pub const INVITE_TOKEN_TTL: u32 = u32::MAX;
+pub const CLAIM_TOKEN_TTL: u32 = 60;
 
 #[derive(Debug, thiserror::Error)]
 pub enum MigrationError {

lib/bencher_schema/src/model/organization/mod.rs

@@ -27,7 +27,7 @@ use crate::{
     model::user::auth::AuthUser,
     resource_conflict_err, resource_not_found_err,
     schema::{self, organization as organization_table},
-    ApiContext,
+    ApiContext, CLAIM_TOKEN_TTL,
 };
 
 use super::user::QueryUser;
@@ -241,6 +241,36 @@ impl QueryOrganization {
         QueryOrganizationRole::claimed_at(conn, self.id)
     }
 
+    pub async fn claim(
+        &self,
+        context: &ApiContext,
+        query_user: &QueryUser,
+    ) -> Result<Jwt, HttpError> {
+        if self.is_claimed(conn_lock!(context))? {
+            return Err(unauthorized_error(format!(
+                "This organization ({}) has already been claimed.",
+                self.uuid
+            )));
+        }
+
+        // Create an invite token to claim the organization
+        context
+            .token_key
+            .new_invite(
+                query_user.email.clone(),
+                CLAIM_TOKEN_TTL,
+                self.uuid,
+                OrganizationRole::Leader,
+            )
+            .map_err(|e| {
+                issue_error(
+                    "Failed to create new claim token",
+                    "Failed to create new claim token.",
+                    e,
+                )
+            })
+    }
+
     pub fn into_json(self, conn: &mut DbConnection) -> JsonOrganization {
         let claimed = self.claimed_at(conn).ok();
         let Self {

lib/bencher_schema/src/model/user/mod.rs

@@ -227,6 +227,16 @@ impl InsertUser {
 
         let insert_org_role = if let Some(invite) = &json_signup.invite {
             InsertOrganizationRole::from_jwt(conn, token_key, invite, query_user.id)?
+        } else if let Some(organization_uuid) = json_signup.claim {
+            let organization_id = QueryOrganization::get_id(conn, organization_uuid)?;
+            let timestamp = DateTime::now();
+            InsertOrganizationRole {
+                user_id: query_user.id,
+                organization_id,
+                role: OrganizationRole::Leader,
+                created: timestamp,
+                modified: timestamp,
+            }
         } else {
             // Create an organization for the user
             let insert_organization = InsertOrganization::from_user(conn, &query_user);

services/api/openapi.json

@@ -3880,7 +3880,7 @@
             "content": {
               "application/json": {
                 "schema": {
-                  "$ref": "#/components/schemas/JsonProject"
+                  "$ref": "#/components/schemas/JsonAccept"
                 }
               }
             }
@@ -9833,6 +9833,14 @@
       "JsonOAuth": {
         "type": "object",
         "properties": {
+          "claim": {
+            "nullable": true,
+            "allOf": [
+              {
+                "$ref": "#/components/schemas/OrganizationUuid"
+              }
+            ]
+          },
           "code": {
             "$ref": "#/components/schemas/Secret"
           },
@@ -11223,6 +11231,14 @@
       "JsonSignup": {
         "type": "object",
         "properties": {
+          "claim": {
+            "nullable": true,
+            "allOf": [
+              {
+                "$ref": "#/components/schemas/OrganizationUuid"
+              }
+            ]
+          },
           "email": {
             "$ref": "#/components/schemas/Email"
           },

services/cli/src/bencher/sub/system/auth/signup.rs

@@ -1,7 +1,7 @@
 use bencher_client::types::JsonSignup;
 #[cfg(feature = "plus")]
 use bencher_client::types::PlanLevel;
-use bencher_json::{Email, Jwt, Slug, UserName};
+use bencher_json::{Email, Jwt, OrganizationUuid, Slug, UserName};
 
 use crate::{
     bencher::{backend::PubBackend, sub::SubCmd},
@@ -17,6 +17,7 @@ pub struct Signup {
     #[cfg(feature = "plus")]
     pub plan: Option<PlanLevel>,
     pub invite: Option<Jwt>,
+    pub claim: Option<OrganizationUuid>,
     pub i_agree: bool,
     pub backend: PubBackend,
 }
@@ -32,6 +33,7 @@ impl TryFrom<CliAuthSignup> for Signup {
             #[cfg(feature = "plus")]
             plan,
             invite,
+            claim,
             i_agree,
             backend,
         } = signup;
@@ -42,6 +44,7 @@ impl TryFrom<CliAuthSignup> for Signup {
             #[cfg(feature = "plus")]
             plan: plan.map(Into::into),
             invite,
+            claim,
             i_agree,
             backend: backend.try_into()?,
         })
@@ -57,6 +60,7 @@ impl From<Signup> for JsonSignup {
             #[cfg(feature = "plus")]
             plan,
             invite,
+            claim,
             i_agree,
             ..
         } = signup;
@@ -69,6 +73,7 @@ impl From<Signup> for JsonSignup {
             #[cfg(not(feature = "plus"))]
             plan: None,
             invite: invite.map(Into::into),
+            claim: claim.map(Into::into),
             i_agree,
         }
     }

services/cli/src/parser/system/auth.rs

@@ -1,4 +1,4 @@
-use bencher_json::{Email, Jwt, Slug, UserName};
+use bencher_json::{Email, Jwt, OrganizationUuid, Slug, UserName};
 use clap::{Parser, Subcommand};
 
 #[cfg(feature = "plus")]
@@ -40,6 +40,10 @@ pub struct CliAuthSignup {
     #[clap(long)]
     pub invite: Option<Jwt>,
 
+    /// Organization UUID
+    #[clap(long, value_name = "UUID")]
+    pub claim: Option<OrganizationUuid>,
+
     /// I agree to the Bencher Terms of Use (https://bencher.dev/legal/terms-of-use), Privacy Policy (https://bencher.dev/legal/privacy), and License Agreement (https://bencher.dev/legal/license)
     #[clap(long, required = true)]
     pub i_agree: bool,

services/console/src/components/auth/AuthForm.tsx

@@ -1,26 +1,32 @@
+import * as Sentry from "@sentry/astro";
 import {
 	Show,
 	createEffect,
 	createMemo,
 	createResource,
 	createSignal,
 } from "solid-js";
-
-import * as Sentry from "@sentry/astro";
 import { createStore } from "solid-js/store";
 import {
 	type JsonLogin,
 	type JsonSignup,
 	type Jwt,
 	PlanLevel,
+	type Uuid,
 } from "../../types/bencher";
 import { httpPost } from "../../util/http";
 import { NotifyKind, navigateNotify, pageNotify } from "../../util/notify";
 import { useSearchParams } from "../../util/url";
 import { init_valid, validJwt, validPlanLevel } from "../../util/valid";
 import Field, { type FieldHandler } from "../field/Field";
 import FieldKind from "../field/kind";
-import { AUTH_FIELDS, EMAIL_PARAM, INVITE_PARAM, PLAN_PARAM } from "./auth";
+import {
+	AUTH_FIELDS,
+	CLAIM_PARAM,
+	EMAIL_PARAM,
+	INVITE_PARAM,
+	PLAN_PARAM,
+} from "./auth";
 
 export interface Props {
 	apiUrl: string;
@@ -37,6 +43,7 @@ const AuthForm = (props: Props) => {
 
 	const plan = () => searchParams[PLAN_PARAM]?.trim() as PlanLevel;
 	const invite = () => searchParams[INVITE_PARAM]?.trim() as Jwt;
+	const claim = () => searchParams[CLAIM_PARAM]?.trim() as Uuid;
 	const [form, setForm] = createStore(initForm());
 	const [submitting, setSubmitting] = createSignal(false);
 	const [valid, setValid] = createSignal(false);
@@ -73,6 +80,7 @@ const AuthForm = (props: Props) => {
 		setSubmitting(true);
 		const plan_level = plan();
 		const invite_token = invite();
+		const claim_uuid = claim();
 
 		let authForm: JsonAuthForm;
 		if (props.newUser) {
@@ -81,6 +89,9 @@ const AuthForm = (props: Props) => {
 				email: form?.email?.value?.trim(),
 				i_agree: form?.consent?.value,
 			};
+			if (claim_uuid) {
+				signup.claim = claim_uuid;
+			}
 			authForm = signup;
 			if (!plan_level) {
 				setSearchParams({ [PLAN_PARAM]: PlanLevel.Free });