diff --git a/server/private/lib/acmeCertSync.ts b/server/private/lib/acmeCertSync.ts index adf87eed8..03051b11d 100644 --- a/server/private/lib/acmeCertSync.ts +++ b/server/private/lib/acmeCertSync.ts @@ -500,7 +500,30 @@ function findAcmeJsonFiles(dirPath: string): string[] { const fullPath = path.join(dirPath, entry.name); if (entry.isDirectory()) { results.push(...findAcmeJsonFiles(fullPath)); - } else if (entry.isFile() && entry.name === "acme.json") { + } else if (entry.isFile()) { + // check if it is a json file + if (entry.name.endsWith(".json")) { + let raw: string; + try { + raw = fs.readFileSync(fullPath, "utf8"); + } catch (err) { + logger.warn( + `acmeCertSync: could not read file "${fullPath}": ${err}` + ); + continue; + } + + let parsed: any; + try { + parsed = JSON.parse(raw); + } catch (err) { + logger.warn( + `acmeCertSync: could not parse "${fullPath}" as JSON: ${err}` + ); + continue; + } + } + results.push(fullPath); } } diff --git a/server/routers/idp/validateOidcCallback.ts b/server/routers/idp/validateOidcCallback.ts index fc8e9b3da..71a681e51 100644 --- a/server/routers/idp/validateOidcCallback.ts +++ b/server/routers/idp/validateOidcCallback.ts @@ -333,23 +333,16 @@ export async function validateOidcCallback( .innerJoin(orgs, eq(orgs.orgId, idpOrg.orgId)); allOrgs = idpOrgs.map((o) => o.orgs); - // for (const org of allOrgs) { - // const subscribed = await isSubscribed( - // org.orgId, - // tierMatrix.autoProvisioning - // ); - // if (!subscribed) { - // // filter out the org - // allOrgs = allOrgs.filter((o) => o.orgId !== org.orgId); - - // // return next( - // // createHttpError( - // // HttpCode.FORBIDDEN, - // // "This organization's current plan does not support this feature." - // // ) - // // ); - // } - // } + for (const org of allOrgs) { + const subscribed = await isSubscribed( + org.orgId, + tierMatrix.autoProvisioning + ); + if (!subscribed) { + // filter out the org + allOrgs = allOrgs.filter((o) => o.orgId !== org.orgId); + } + } } else { allOrgs = await db.select().from(orgs); } @@ -490,7 +483,14 @@ export async function validateOidcCallback( } } - await calculateUserClientsForOrgs(existingUser.userId); + calculateUserClientsForOrgs(existingUser.userId).catch( + (err) => { + logger.error( + "Error calculating user clients after removing all orgs for user with no valid IdP mappings", + { error: err } + ); + } + ); return next( createHttpError( diff --git a/src/components/SmartLoginOrgSelector.tsx b/src/components/SmartLoginOrgSelector.tsx index 656cb1ca6..79a43782e 100644 --- a/src/components/SmartLoginOrgSelector.tsx +++ b/src/components/SmartLoginOrgSelector.tsx @@ -147,7 +147,7 @@ export default function SmartLoginOrgSelector({ const response = await generateOidcUrlProxy( idpId, safeRedirect, - orgId, + undefined, forceLogin );