fix(GRO-564): remove automatic staff-user email linking
Automatic linking during OOBE login is a security risk - staff records should only be linked to auth users via explicit admin action using PATCH /api/staff/:id/link-user. Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Paperclip
@@ -1,7 +1,7 @@
|
|||||||
import { Hono } from "hono";
|
import { Hono } from "hono";
|
||||||
import { zValidator } from "@hono/zod-validator";
|
import { zValidator } from "@hono/zod-validator";
|
||||||
import { z } from "zod/v3";
|
import { z } from "zod/v3";
|
||||||
import { and, eq, getDb, sql, staff, businessSettings, authProviderConfig, encryptSecret } from "@groombook/db";
|
import { eq, getDb, staff, businessSettings, authProviderConfig, encryptSecret } from "@groombook/db";
|
||||||
import type { AppEnv } from "../middleware/rbac.js";
|
import type { AppEnv } from "../middleware/rbac.js";
|
||||||
|
|
||||||
export const setupRouter = new Hono<AppEnv>();
|
export const setupRouter = new Hono<AppEnv>();
|
||||||
@@ -97,21 +97,6 @@ setupRouter.post("/", zValidator("json", setupSchema), async (c) => {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!resolvedStaff && jwt.email) {
|
|
||||||
// Try auto-link by email: staff record exists with matching email but no userId
|
|
||||||
const [byEmail] = await tx
|
|
||||||
.select()
|
|
||||||
.from(staff)
|
|
||||||
.where(and(eq(staff.email, jwt.email), sql`${staff.userId} IS NULL`));
|
|
||||||
if (byEmail) {
|
|
||||||
await tx
|
|
||||||
.update(staff)
|
|
||||||
.set({ userId: jwt.sub })
|
|
||||||
.where(eq(staff.id, byEmail.id));
|
|
||||||
resolvedStaff = { ...byEmail, userId: jwt.sub };
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!resolvedStaff) {
|
if (!resolvedStaff) {
|
||||||
// Brand new user during OOBE — create staff record
|
// Brand new user during OOBE — create staff record
|
||||||
if (!jwt.email) {
|
if (!jwt.email) {
|
||||||
|
|||||||
Reference in New Issue
Block a user