Merge pull request #3005 from fosrl/dev

1.18.2-s.4

server/private/lib/acmeCertSync.ts

@@ -500,7 +500,30 @@ function findAcmeJsonFiles(dirPath: string): string[] {
         const fullPath = path.join(dirPath, entry.name);
         if (entry.isDirectory()) {
             results.push(...findAcmeJsonFiles(fullPath));
-        } else if (entry.isFile() && entry.name === "acme.json") {
+        } else if (entry.isFile()) {
+            // check if it is a json file
+            if (entry.name.endsWith(".json")) {
+                let raw: string;
+                try {
+                    raw = fs.readFileSync(fullPath, "utf8");
+                } catch (err) {
+                    logger.warn(
+                        `acmeCertSync: could not read file "${fullPath}": ${err}`
+                    );
+                    continue;
+                }
+
+                let parsed: any;
+                try {
+                    parsed = JSON.parse(raw);
+                } catch (err) {
+                    logger.warn(
+                        `acmeCertSync: could not parse "${fullPath}" as JSON: ${err}`
+                    );
+                    continue;
+                }
+            }
+
             results.push(fullPath);
         }
     }

server/routers/idp/validateOidcCallback.ts

@@ -333,23 +333,16 @@ export async function validateOidcCallback(
                     .innerJoin(orgs, eq(orgs.orgId, idpOrg.orgId));
                 allOrgs = idpOrgs.map((o) => o.orgs);
 
-                // for (const org of allOrgs) {
-                //     const subscribed = await isSubscribed(
-                //         org.orgId,
-                //         tierMatrix.autoProvisioning
-                //     );
-                //     if (!subscribed) {
-                //         // filter out the org
-                //         allOrgs = allOrgs.filter((o) => o.orgId !== org.orgId);
-
-                //         // return next(
-                //         //     createHttpError(
-                //         //         HttpCode.FORBIDDEN,
-                //         //         "This organization's current plan does not support this feature."
-                //         //     )
-                //         // );
-                //     }
-                // }
+                for (const org of allOrgs) {
+                    const subscribed = await isSubscribed(
+                        org.orgId,
+                        tierMatrix.autoProvisioning
+                    );
+                    if (!subscribed) {
+                        // filter out the org
+                        allOrgs = allOrgs.filter((o) => o.orgId !== org.orgId);
+                    }
+                }
             } else {
                 allOrgs = await db.select().from(orgs);
             }
@@ -490,7 +483,14 @@ export async function validateOidcCallback(
                             }
                         }
 
-                        await calculateUserClientsForOrgs(existingUser.userId);
+                        calculateUserClientsForOrgs(existingUser.userId).catch(
+                            (err) => {
+                                logger.error(
+                                    "Error calculating user clients after removing all orgs for user with no valid IdP mappings",
+                                    { error: err }
+                                );
+                            }
+                        );
 
                         return next(
                             createHttpError(

src/components/SmartLoginOrgSelector.tsx

@@ -147,7 +147,7 @@ export default function SmartLoginOrgSelector({
             const response = await generateOidcUrlProxy(
                 idpId,
                 safeRedirect,
-                orgId,
+                undefined,
                 forceLogin
             );