Merge pull request #980 from bigcapitalhq/fix-signup-verification

fix: signup confirmation

packages/server/src/modules/Auth/Auth.controller.ts

@@ -65,7 +65,7 @@ export class AuthController {
     return this.authApp.signUp(signupDto);
   }
 
-  @Post('/signup/confirm')
+  @Post('/signup/verify')
   @ApiOperation({ summary: 'Confirm user signup' })
   @ApiBody({
     schema: {

packages/server/src/modules/Auth/Authed.controller.ts

@@ -7,17 +7,13 @@ import {
 import { GetAuthenticatedAccount } from './queries/GetAuthedAccount.service';
 import { Controller, Get, Post } from '@nestjs/common';
 import { Throttle } from '@nestjs/throttler';
-import { IgnoreTenantSeededRoute } from '../Tenancy/EnsureTenantIsSeeded.guards';
-import { IgnoreTenantInitializedRoute } from '../Tenancy/EnsureTenantIsInitialized.guard';
+import { TenantAgnosticRoute } from '../Tenancy/TenancyGlobal.guard';
 import { AuthenticationApplication } from './AuthApplication.sevice';
-import { TenancyContext } from '../Tenancy/TenancyContext.service';
 import { IgnoreUserVerifiedRoute } from './guards/EnsureUserVerified.guard';
 
 @Controller('/auth')
 @ApiTags('Auth')
-@ApiExcludeController()
-@IgnoreTenantSeededRoute()
-@IgnoreTenantInitializedRoute()
+@TenantAgnosticRoute()
 @IgnoreUserVerifiedRoute()
 @Throttle({ auth: {} })
 export class AuthedController {

packages/server/src/modules/Auth/commands/AuthSignup.service.ts

@@ -13,7 +13,6 @@ import {
   IAuthSignedUpEventPayload,
   IAuthSigningUpEventPayload,
 } from '../Auth.interfaces';
-import { defaultTo } from 'ramda';
 import { ERRORS } from '../Auth.constants';
 import { hashPassword } from '../Auth.utils';
 import { ClsService } from 'nestjs-cls';
@@ -51,10 +50,10 @@ export class AuthSignupService {
     const signupConfirmation = this.configService.get('signupConfirmation');
 
     const verifyTokenCrypto = crypto.randomBytes(64).toString('hex');
-    const verifiedEnabed = defaultTo(signupConfirmation.enabled, false);
+    const verifiedEnabed = signupConfirmation.enabled ?? false;
     const verifyToken = verifiedEnabed ? verifyTokenCrypto : '';
     const verified = !verifiedEnabed;
-
+    
     const inviteAcceptedAt = moment().format('YYYY-MM-DD');
 
     // Triggers signin up event.

packages/server/src/modules/Auth/commands/AuthSignupConfirmResend.service.ts

@@ -4,7 +4,6 @@ import { SystemUser } from '@/modules/System/models/SystemUser';
 import { ServiceError } from '@/modules/Items/ServiceError';
 import { ERRORS } from '../Auth.constants';
 import { events } from '@/common/events/events';
-import { ModelObject } from 'objection';
 import { ISignUpConfigmResendedEventPayload } from '../Auth.interfaces';
 import { TenancyContext } from '@/modules/Tenancy/TenancyContext.service';
 

packages/server/src/modules/Organization/Organization.controller.ts

@@ -28,6 +28,7 @@ import { UpdateOrganizationService } from './commands/UpdateOrganization.service
 import { IgnoreTenantInitializedRoute } from '../Tenancy/EnsureTenantIsInitialized.guard';
 import { IgnoreTenantSeededRoute } from '../Tenancy/EnsureTenantIsSeeded.guards';
 import { IgnoreTenantModelsInitialize } from '../Tenancy/TenancyInitializeModels.guard';
+import { IgnoreUserVerifiedRoute } from '../Auth/guards/EnsureUserVerified.guard';
 import { GetBuildOrganizationBuildJob } from './commands/GetBuildOrganizationJob.service';
 import { OrganizationBaseCurrencyLocking } from './Organization/OrganizationBaseCurrencyLocking.service';
 import {
@@ -93,6 +94,7 @@ export class OrganizationController {
 
   @Get('current')
   @HttpCode(200)
+  @IgnoreUserVerifiedRoute()
   @ApiOperation({ summary: 'Get current organization' })
   @ApiResponse({
     status: 200,

packages/server/src/modules/Tenancy/EnsureTenantIsInitialized.guard.ts

@@ -8,6 +8,7 @@ import {
 import { TenancyContext } from './TenancyContext.service';
 import { Reflector } from '@nestjs/core';
 import { IS_PUBLIC_ROUTE } from '../Auth/Auth.constants';
+import { IS_TENANT_AGNOSTIC } from './TenancyGlobal.guard';
 
 export const IS_IGNORE_TENANT_INITIALIZED = 'IS_IGNORE_TENANT_INITIALIZED';
 export const IgnoreTenantInitializedRoute = () =>
@@ -35,8 +36,12 @@ export class EnsureTenantIsInitializedGuard implements CanActivate {
       IS_PUBLIC_ROUTE,
       [context.getHandler(), context.getClass()],
     );
+    const isTenantAgnostic = this.reflector.getAllAndOverride<boolean>(
+      IS_TENANT_AGNOSTIC,
+      [context.getHandler(), context.getClass()],
+    );
     // Skip the guard early if the route marked as public or ignored.
-    if (isPublic || isIgnoreEnsureTenantInitialized) {
+    if (isPublic || isIgnoreEnsureTenantInitialized || isTenantAgnostic) {
       return true;
     }
     const tenant = await this.tenancyContext.getTenant();

packages/server/src/modules/Tenancy/EnsureTenantIsSeeded.guards.ts

@@ -9,6 +9,7 @@ import {
 import { TenancyContext } from './TenancyContext.service';
 import { Reflector } from '@nestjs/core';
 import { IS_PUBLIC_ROUTE } from '../Auth/Auth.constants';
+import { IS_TENANT_AGNOSTIC } from './TenancyGlobal.guard';
 
 export const IS_IGNORE_TENANT_SEEDED = 'IS_IGNORE_TENANT_SEEDED';
 export const IgnoreTenantSeededRoute = () =>
@@ -36,7 +37,12 @@ export class EnsureTenantIsSeededGuard implements CanActivate {
         context.getHandler(),
         context.getClass(),
       ]);
-    if (isPublic || isIgnoreEnsureTenantSeeded) {
+    const isTenantAgnostic = this.reflector.getAllAndOverride<boolean>(
+      IS_TENANT_AGNOSTIC,
+      [context.getHandler(), context.getClass()],
+    );
+    // Skip the guard early if the route marked as public, tenant agnostic or ignored.
+    if (isPublic || isIgnoreEnsureTenantSeeded || isTenantAgnostic) {
       return true;
     }
     const tenant = await this.tenancyContext.getTenant();

packages/webapp/src/hooks/query/authentication.tsx

@@ -128,7 +128,7 @@ export const useAuthMetadata = (props = {}) => {
  * Resend the mail of signup verification.
  */
 export const useAuthSignUpVerifyResendMail = (props) => {
-  const apiRequest = useAuthApiRequest();
+  const apiRequest = useApiRequest();
 
   return useMutation(
     () => apiRequest.post(AuthRoute.SignupVerifyResend),