fix: handle TempOrgRedirect when NEXT_PUBLIC_SINGLE_ORG_SLUG forces org context (#23009)

* fix: rename getTemporaryOrgRedirect to handleOrgRedirect and prevent duplicate orgRedirection query parameter

* refactor: improve handleOrgRedirect test robustness with scenario-based mocking

- Replace brittle mockResolvedValue with mockImplementation that derives behavior from input
- Create createRedirectScenario function that sets up mocks based on actual query parameters
- Add expectRedirectUsesData helper to verify redirects use the correct data
- Add comprehensive mock verification tests to ensure different inputs return different outputs
- Ensure tests verify the actual usage of Prisma results, not just that Prisma was called

This prevents false positives where tests pass even if the code doesn't use the database results correctly.

* Fix bug with Private links redirecting an exposing users booking page URL

* Narrow the type to what is being used

---------

Co-authored-by: Udit Takkar <[email protected]>

Author: hariombalhara

apps/web/app/(booking-page-wrapper)/team/[slug]/[type]/pageWithCachedData.tsx

@@ -16,7 +16,7 @@ import slugify from "@calcom/lib/slugify";
 import { BookingStatus, RedirectType } from "@calcom/prisma/enums";
 
 import { buildLegacyCtx, buildLegacyRequest } from "@lib/buildLegacyCtx";
-import { getTemporaryOrgRedirect } from "@lib/getTemporaryOrgRedirect";
+import { handleOrgRedirect } from "@lib/handleOrgRedirect";
 
 import CachedClientView, { type TeamBookingPageProps } from "~/team/type-view-cached";
 
@@ -124,19 +124,17 @@ export const generateMetadata = async ({ params, searchParams }: PageProps) => {
 
 const CachedTeamBooker = async ({ params, searchParams }: PageProps) => {
   const { currentOrgDomain, isValidOrgDomain, teamSlug, meetingSlug } = await _getOrgContext(await params);
-  const isOrgContext = currentOrgDomain && isValidOrgDomain;
   const legacyCtx = buildLegacyCtx(await headers(), await cookies(), await params, await searchParams);
 
-  // Handle org redirects for non-org contexts
-  if (!isOrgContext) {
-    const redirectResult = await getTemporaryOrgRedirect({
-      slugs: teamSlug,
-      redirectType: RedirectType.Team,
-      eventTypeSlug: meetingSlug,
-      currentQuery: legacyCtx.query,
-    });
-    if (redirectResult) return redirect(redirectResult.redirect.destination);
-  }
+  // Handle org redirects
+  const redirectResult = await handleOrgRedirect({
+    slugs: [teamSlug],
+    redirectType: RedirectType.Team,
+    eventTypeSlug: meetingSlug,
+    context: legacyCtx,
+    currentOrgDomain: isValidOrgDomain ? currentOrgDomain : null,
+  });
+  if (redirectResult) return redirect(redirectResult.redirect.destination);
 
   const teamData = await getCachedTeamData(teamSlug, currentOrgDomain);
 

apps/web/lib/d/[link]/[slug]/getServerSideProps.tsx

@@ -15,7 +15,7 @@ import slugify from "@calcom/lib/slugify";
 import prisma from "@calcom/prisma";
 import { RedirectType } from "@calcom/prisma/enums";
 
-import { getTemporaryOrgRedirect } from "@lib/getTemporaryOrgRedirect";
+import { getRedirectWithOriginAndSearchString } from "@lib/handleOrgRedirect";
 import type { inferSSRProps } from "@lib/types/inferSSRProps";
 
 export type PageProps = inferSSRProps<typeof getServerSideProps> & EmbedProps;
@@ -64,17 +64,26 @@ async function getUserPageProps(context: GetServerSidePropsContext) {
       return notFound;
     }
 
-    if (!org) {
-      const redirect = await getTemporaryOrgRedirect({
-        slugs: [username],
-        redirectType: RedirectType.User,
-        eventTypeSlug: slug,
-        currentQuery: context.query,
-      });
-
-      if (redirect) {
-        return redirect;
-      }
+    // Get just the origin and searchString from the redirect to ensure that we don't redirect to a URL that exposes the real path to book the user for any other events \
+    // This is important for a private booking link
+    // e.g. http://app.cal.com/d/sgdthj8mu4nsLNTYi3fW2p/demo -> should redirect to -> http://acme.cal.com/d/sgdthj8mu4nsLNTYi3fW2p/demo and not to http://acme.cal.com/john/demo(which exposes the real path to book the user for any other events)
+    const redirectWithOriginAndSearchString = await getRedirectWithOriginAndSearchString({
+      slugs: [username],
+      redirectType: RedirectType.User,
+      context,
+      currentOrgDomain: isValidOrgDomain ? currentOrgDomain : null,
+    });
+
+    if (redirectWithOriginAndSearchString) {
+      return {
+        redirect: {
+          permanent: false,
+          // App Router doesn't have access to the current path directly, so we build it manually
+          destination: `${redirectWithOriginAndSearchString.origin ?? ""}/d/${link}/${slug}${
+            redirectWithOriginAndSearchString.searchString
+          }`,
+        },
+      };
     }
 
     name = profileUsername || username;