fix #7781 -- ensure all newly created accounts have at least one project

- did this by some refactoring to make sure that account creation via
  SSO also calls the "new" (3 years old?) account creation actions
  implementation instead of the ancient one.

Author: williamstein

src/packages/database/postgres-server-queries.coffee

@@ -619,12 +619,14 @@ exports.extend_PostgreSQL = (ext) -> class PostgreSQL extends ext
                 'account_id = $::UUID' : opts.account_id
             cb     : opts.cb
 
+    # DEPRECATED: use import accountCreationActions from "@cocalc/server/accounts/account-creation-actions"; instead!!!!
     do_account_creation_actions: (opts) =>
         opts = defaults opts,
             email_address : required
             account_id    : required
             cb            : required
         dbg = @_dbg("do_account_creation_actions(email_address='#{opts.email_address}')")
+        dbg("**DEPRECATED!**  This will miss doing important things, e.g., creating initial project.")
         @account_creation_actions
             email_address : opts.email_address
             cb            : (err, actions) =>

src/packages/next/components/auth/sign-up.tsx

@@ -9,7 +9,6 @@ import {
   GoogleReCaptchaProvider,
   useGoogleReCaptcha,
 } from "react-google-recaptcha-v3";
-
 import Markdown from "@cocalc/frontend/editors/slate/static-markdown";
 import {
   CONTACT_TAG,

src/packages/server/accounts/account-creation-actions.ts

@@ -10,25 +10,32 @@ import { getProject } from "@cocalc/server/projects/control";
 
 const log = getLogger("server:accounts:creation-actions");
 
-export default async function accountCreationActions(
-  email_address: string,
-  account_id: string,
-  tags?: string[],
-): Promise<void> {
+export default async function accountCreationActions({
+  email_address,
+  account_id,
+  tags,
+}: {
+  email_address?: string;
+  account_id: string;
+  tags?: string[];
+}): Promise<void> {
   log.debug({ account_id, email_address, tags });
-  const pool = getPool();
-  const { rows } = await pool.query(
-    "SELECT action FROM account_creation_actions WHERE email_address=$1 AND expire > NOW()",
-    [email_address],
-  );
+
   let numProjects = 0;
-  for (const { action } of rows) {
-    if (action.action == "add_to_project") {
-      const { project_id, group } = action;
-      await addUserToProject({ project_id, account_id, group });
-      numProjects += 1;
-    } else {
-      throw Error(`unknown account creation action "${action.action}"`);
+  if (email_address != null) {
+    const pool = getPool();
+    const { rows } = await pool.query(
+      "SELECT action FROM account_creation_actions WHERE email_address=$1 AND expire > NOW()",
+      [email_address],
+    );
+    for (const { action } of rows) {
+      if (action.action == "add_to_project") {
+        const { project_id, group } = action;
+        await addUserToProject({ project_id, account_id, group });
+        numProjects += 1;
+      } else {
+        throw Error(`unknown account creation action "${action.action}"`);
+      }
     }
   }
   log.debug("added user to", numProjects, "projects");

src/packages/server/accounts/create-account.ts

@@ -55,7 +55,7 @@ export default async function createAccount({
       ],
     );
     if (email) {
-      await accountCreationActions(email, account_id, tags);
+      await accountCreationActions({ email_address: email, account_id, tags });
     }
     await creationActionsDone(account_id);
   } catch (error) {

src/packages/server/accounts/set-email-address.ts

@@ -36,7 +36,7 @@ import sendEmailVerification from "./send-email-verification";
 export default async function setEmailAddress(
   account_id: string,
   email_address: string,
-  password: string
+  password: string,
 ): Promise<void> {
   if (!isValidUUID(account_id)) {
     throw Error("account_id is not valid");
@@ -52,7 +52,7 @@ export default async function setEmailAddress(
   const pool = getPool();
   const { rows } = await pool.query(
     "SELECT email_address, password_hash, email_address_verified, stripe_customer_id FROM accounts WHERE account_id=$1",
-    [account_id]
+    [account_id],
   );
   if (rows.length == 0) {
     throw Error("no such account");
@@ -73,7 +73,7 @@ export default async function setEmailAddress(
     if (!password_hash) {
       await pool.query(
         "UPDATE accounts SET password_hash=$1,  WHERE account_id=$2",
-        [passwordHash(password), account_id]
+        [passwordHash(password), account_id],
       );
     }
     throw new Error(`You are not allowed to change your email address`);
@@ -82,15 +82,15 @@ export default async function setEmailAddress(
   // you're also not allowed to change your email address to one that's covered by an exclusive strategy
   if (checkRequiredSSO({ strategies, email: email_address }) != null) {
     throw new Error(
-      `You are not allowed to change your email address to this one`
+      `You are not allowed to change your email address to this one`,
     );
   }
 
   if (!password_hash) {
     // setting both the email_address *and* password at once.
     await pool.query(
       "UPDATE accounts SET password_hash=$1, email_address=$2 WHERE account_id=$3",
-      [passwordHash(password), email_address, account_id]
+      [passwordHash(password), email_address, account_id],
     );
     return;
   }
@@ -104,12 +104,12 @@ export default async function setEmailAddress(
     (
       await pool.query(
         "SELECT COUNT(*)::INT FROM accounts WHERE email_address=$1",
-        [email_address]
+        [email_address],
       )
     ).rows[0].count > 0
   ) {
     throw Error(
-      `email address "${email_address}" is already in use by another account`
+      `email address "${email_address}" is already in use by another account`,
     );
   }
 
@@ -120,7 +120,7 @@ export default async function setEmailAddress(
   ]);
 
   // Do any pending account creation actions for this email.
-  await accountCreationActions(email_address, account_id);
+  await accountCreationActions({ email_address, account_id });
   await creationActionsDone(account_id);
 
   // sync new email address with stripe
@@ -130,7 +130,7 @@ export default async function setEmailAddress(
       await stripe.update_database();
     } catch (err) {
       console.warn(
-        `ERROR syncing new email address with stripe: ${err} – ignoring`
+        `ERROR syncing new email address with stripe: ${err} – ignoring`,
       );
     }
   }

src/packages/server/auth/sso/passport-login.ts

@@ -21,7 +21,6 @@
 import Cookies from "cookies";
 import * as _ from "lodash";
 import { isEmpty } from "lodash";
-
 import base_path from "@cocalc/backend/base-path";
 import getLogger from "@cocalc/backend/logger";
 import { set_email_address_verified } from "@cocalc/database/postgres/account-queries";
@@ -43,6 +42,7 @@ import getEmailAddress from "../../accounts/get-email-address";
 import { emailBelongsToDomain, getEmailDomain } from "./check-required-sso";
 import { SSO_API_KEY_COOKIE_NAME } from "./consts";
 import isBanned from "@cocalc/server/accounts/is-banned";
+import accountCreationActions from "@cocalc/server/accounts/account-creation-actions";
 
 const logger = getLogger("server:auth:sso:passport-login");
 
@@ -423,17 +423,18 @@ export class PassportLogin {
 
     // if we know the email address provided by the SSO strategy,
     // we execute the account creation actions and set the address to be verified
+    await accountCreationActions({
+      email_address: locals.email_address,
+      account_id: locals.account_id,
+      // TODO: tags should be encoded in URL and passed here, but that's
+      // not implemented
+    });
     if (locals.email_address != null) {
-      const actions = cb2(this.database.do_account_creation_actions, {
-        email_address: locals.email_address,
-        account_id: locals.account_id,
-      });
-      const verify = set_email_address_verified({
+      await set_email_address_verified({
         db: this.database,
         account_id: locals.account_id,
         email_address: locals.email_address,
       });
-      await Promise.all([actions, verify]);
     }
 
     // log the newly created account