From 4aacbed28b2a4b4074041f771d632791629e4a12 Mon Sep 17 00:00:00 2001
From: Akhil Mohan <akhilmhdh@gmail.com>
Date: Tue, 14 Nov 2023 13:00:57 +0530
Subject: [PATCH] feat(onboarding): added signup disable for sso and post hog
 event on admin initalization

---
 backend/src/controllers/v1/adminController.ts | 13 +++
 .../src/controllers/v1/signupController.ts    | 15 ++-
 backend/src/utils/authn/passport/helpers.ts   | 97 ++++++++++---------
 .../admin/DashboardPage/DashboardPage.tsx     |  4 +-
 4 files changed, 71 insertions(+), 58 deletions(-)

diff --git a/backend/src/controllers/v1/adminController.ts b/backend/src/controllers/v1/adminController.ts
index ded9549e..004a33a6 100644
--- a/backend/src/controllers/v1/adminController.ts
+++ b/backend/src/controllers/v1/adminController.ts
@@ -4,6 +4,7 @@ import { getServerConfig, updateServerConfig as setServerConfig } from "../../co
 import { initializeDefaultOrg, issueAuthTokens } from "../../helpers";
 import { validateRequest } from "../../helpers/validation";
 import { User } from "../../models";
+import { TelemetryService } from "../../services";
 import { BadRequestError, UnauthorizedRequestError } from "../../utils/errors";
 import * as reqValidator from "../../validation/admin";
 
@@ -71,6 +72,18 @@ export const adminSignUp = async (req: Request, res: Response) => {
 
   const token = tokens.token;
 
+  const postHogClient = await TelemetryService.getPostHogClient();
+  if (postHogClient) {
+    postHogClient.capture({
+      event: "admin initialization",
+      properties: {
+        email: user.email,
+        lastName,
+        firstName
+      }
+    });
+  }
+
   // store (refresh) token in httpOnly cookie
   res.cookie("jid", tokens.refreshToken, {
     httpOnly: true,
diff --git a/backend/src/controllers/v1/signupController.ts b/backend/src/controllers/v1/signupController.ts
index 4dceb278..065e0c9c 100644
--- a/backend/src/controllers/v1/signupController.ts
+++ b/backend/src/controllers/v1/signupController.ts
@@ -5,7 +5,6 @@ import { createToken } from "../../helpers/auth";
 import { BadRequestError } from "../../utils/errors";
 import {
   getAuthSecret,
-  getInviteOnlySignup,
   getJwtSignupLifetime,
   getSmtpConfigured
 } from "../../config";
@@ -68,14 +67,12 @@ export const verifyEmailSignup = async (req: Request, res: Response) => {
     });
   }
 
-  if (await getInviteOnlySignup()) {
-    // Only one user can create an account without being invited. The rest need to be invited in order to make an account
-    const userCount = await User.countDocuments({});
-    if (userCount != 0) {
-      throw BadRequestError({
-        message: "New user sign ups are not allowed at this time. You must be invited to sign up."
-      });
-    }
+  // Only one user can create an account without being invited. The rest need to be invited in order to make an account
+  const userCount = await User.countDocuments({});
+  if (userCount != 0) {
+    throw BadRequestError({
+      message: "New user sign ups are not allowed at this time. You must be invited to sign up."
+    });
   }
 
   // verify email
diff --git a/backend/src/utils/authn/passport/helpers.ts b/backend/src/utils/authn/passport/helpers.ts
index e8a21c37..b6e672ca 100644
--- a/backend/src/utils/authn/passport/helpers.ts
+++ b/backend/src/utils/authn/passport/helpers.ts
@@ -1,62 +1,65 @@
-import { 
-    AuthMethod,
-    User
-} from "../../../models";
+import { AuthMethod, User } from "../../../models";
 import { createToken } from "../../../helpers/auth";
 import { AuthTokenType } from "../../../variables";
-import { getAuthSecret, getJwtProviderAuthLifetime} from "../../../config";
+import { getAuthSecret, getJwtProviderAuthLifetime } from "../../../config";
+import { getServerConfig } from "../../../config/serverConfig";
 
 interface SSOUserTokenFlowParams {
-    email: string;
-    firstName: string;
-    lastName: string;
-    authMethod: AuthMethod;
-    callbackPort?: string;
+  email: string;
+  firstName: string;
+  lastName: string;
+  authMethod: AuthMethod;
+  callbackPort?: string;
 }
 
 export const handleSSOUserTokenFlow = async ({
-    email,
-    firstName,
-    lastName,
-    authMethod,
-    callbackPort
+  email,
+  firstName,
+  lastName,
+  authMethod,
+  callbackPort
 }: SSOUserTokenFlowParams) => {
-    let user = await User.findOne({
-        email
-    }).select("+publicKey");
-    
-    if (!user) {
-        user = await new User({
-            email,
-            authMethods: [authMethod],
-            firstName,
-            lastName
-        }).save();
-    }
+  let user = await User.findOne({
+    email
+  }).select("+publicKey");
 
-    let isLinkingRequired = false;
-    if (!user.authMethods.includes(authMethod)) {
+  const serverCfg = getServerConfig();
+  if (!user && !serverCfg.allowSignUp) throw new Error("User signup disabled");
+
+  if (!user) {
+    user = await new User({
+      email,
+      authMethods: [authMethod],
+      firstName,
+      lastName
+    }).save();
+  }
+
+  let isLinkingRequired = false;
+  if (!user.authMethods.includes(authMethod)) {
     isLinkingRequired = true;
-    }
+  }
 
-    const isUserCompleted = !!user.publicKey;
-    const providerAuthToken = createToken({
+  const isUserCompleted = !!user.publicKey;
+  const providerAuthToken = createToken({
     payload: {
-        authTokenType: AuthTokenType.PROVIDER_TOKEN,
-        userId: user._id.toString(),
-        email: user.email,
-        firstName: user.firstName,
-        lastName: user.lastName,
-        authMethod,
-        isUserCompleted,
-        isLinkingRequired,
-        ...(callbackPort ? {
+      authTokenType: AuthTokenType.PROVIDER_TOKEN,
+      userId: user._id.toString(),
+      email: user.email,
+      firstName: user.firstName,
+      lastName: user.lastName,
+      authMethod,
+      isUserCompleted,
+      isLinkingRequired,
+      ...(callbackPort
+        ? {
             callbackPort
-        } : {})
+          }
+        : {})
     },
     expiresIn: await getJwtProviderAuthLifetime(),
-    secret: await getAuthSecret(),
-    });
-    
-    return { isUserCompleted, providerAuthToken };
-}
\ No newline at end of file
+    secret: await getAuthSecret()
+  });
+
+  return { isUserCompleted, providerAuthToken };
+};
diff --git a/frontend/src/views/admin/DashboardPage/DashboardPage.tsx b/frontend/src/views/admin/DashboardPage/DashboardPage.tsx
index 6099a4d9..6c7e1874 100644
--- a/frontend/src/views/admin/DashboardPage/DashboardPage.tsx
+++ b/frontend/src/views/admin/DashboardPage/DashboardPage.tsx
@@ -31,9 +31,9 @@ export const AdminDashboardPage = () => {
   return (
     <div className="container mx-auto max-w-7xl pb-12 text-white dark:[color-scheme:dark]">
       <div className="mb-8">
-        <div className="mx-4 mb-4 mt-6 flex flex-col items-start justify-between px-2 text-xl">
+        <div className="mb-4 mt-6 flex flex-col items-start justify-between text-xl">
           <h1 className="text-3xl font-semibold">Admin Dashboard</h1>
-          <p className="text-base text-bunker-300">Manage your Infisical.</p>
+          <p className="text-base text-bunker-300">Manage your Infisical</p>
         </div>
       </div>
       {isUserLoading || isNotAllowed ? (