fix: org guard did not have user org profile + missing db read in sel…

…ectedCalendarRepo (calcom#14303) * fix: user did not contain profile with next-auth-guard * fix: missing dbread instance
revertinc · Apr 3, 2024 · c3b1de4 · c3b1de4
1 parent cdf0593
commit c3b1de4
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 4 deletions.
diff --git a/apps/api/v2/src/lib/passport/strategies/types.ts b/apps/api/v2/src/lib/passport/strategies/types.ts
@@ -1,4 +1,11 @@
+import { UserWithProfile } from "@/modules/users/users.repository";
+
 export class BaseStrategy {
   success!: (user: unknown) => void;
   error!: (error: Error) => void;
 }
+
+export class NextAuthPassportStrategy {
+  success!: (user: UserWithProfile) => void;
+  error!: (error: Error) => void;
+}
diff --git a/apps/api/v2/src/modules/auth/strategies/next-auth/next-auth.strategy.ts b/apps/api/v2/src/modules/auth/strategies/next-auth/next-auth.strategy.ts
@@ -1,4 +1,4 @@
-import { BaseStrategy } from "@/lib/passport/strategies/types";
+import { NextAuthPassportStrategy } from "@/lib/passport/strategies/types";
 import { UsersRepository } from "@/modules/users/users.repository";
 import { Injectable, UnauthorizedException } from "@nestjs/common";
 import { ConfigService } from "@nestjs/config";
@@ -7,7 +7,7 @@ import type { Request } from "express";
 import { getToken } from "next-auth/jwt";
 
 @Injectable()
-export class NextAuthStrategy extends PassportStrategy(BaseStrategy, "next-auth") {
+export class NextAuthStrategy extends PassportStrategy(NextAuthPassportStrategy, "next-auth") {
   constructor(private readonly userRepository: UsersRepository, private readonly config: ConfigService) {
     super();
   }
@@ -25,7 +25,7 @@ export class NextAuthStrategy extends PassportStrategy(BaseStrategy, "next-auth"
         throw new UnauthorizedException("Email not found in the authentication token.");
       }
 
-      const user = await this.userRepository.findByEmail(payload.email);
+      const user = await this.userRepository.findByEmailWithProfile(payload.email);
       if (!user) {
         throw new UnauthorizedException("User associated with the authentication token email not found.");
       }

diff --git a/apps/api/v2/src/modules/selected-calendars/selected-calendars.repository.ts b/apps/api/v2/src/modules/selected-calendars/selected-calendars.repository.ts
@@ -1,9 +1,10 @@
+import { PrismaReadService } from "@/modules/prisma/prisma-read.service";
 import { PrismaWriteService } from "@/modules/prisma/prisma-write.service";
 import { Injectable } from "@nestjs/common";
 
 @Injectable()
 export class SelectedCalendarsRepository {
-  constructor(private readonly dbWrite: PrismaWriteService) {}
+  constructor(private readonly dbRead: PrismaReadService, private readonly dbWrite: PrismaWriteService) {}
 
   createSelectedCalendar(externalId: string, credentialId: number, userId: number, integration: string) {
     return this.dbWrite.prisma.selectedCalendar.create({

diff --git a/apps/api/v2/src/modules/users/users.repository.ts b/apps/api/v2/src/modules/users/users.repository.ts
@@ -83,6 +83,17 @@ export class UsersRepository {
     });
   }
 
+  async findByEmailWithProfile(email: string) {
+    return this.dbRead.prisma.user.findUnique({
+      where: {
+        email,
+      },
+      include: {
+        movedToProfile: true,
+      },
+    });
+  }
+
   async findByUsername(username: string) {
     return this.dbRead.prisma.user.findFirst({
       where: {