feat(onboarding): added signup disable for sso and post hog event on admin initalization

backend/src/controllers/v1/adminController.ts

@@ -4,6 +4,7 @@ import { getServerConfig, updateServerConfig as setServerConfig } from "../../co
 import { initializeDefaultOrg, issueAuthTokens } from "../../helpers";
 import { validateRequest } from "../../helpers/validation";
 import { User } from "../../models";
+import { TelemetryService } from "../../services";
 import { BadRequestError, UnauthorizedRequestError } from "../../utils/errors";
 import * as reqValidator from "../../validation/admin";
 
@@ -71,6 +72,18 @@ export const adminSignUp = async (req: Request, res: Response) => {
 
   const token = tokens.token;
 
+  const postHogClient = await TelemetryService.getPostHogClient();
+  if (postHogClient) {
+    postHogClient.capture({
+      event: "admin initialization",
+      properties: {
+        email: user.email,
+        lastName,
+        firstName
+      }
+    });
+  }
+
   // store (refresh) token in httpOnly cookie
   res.cookie("jid", tokens.refreshToken, {
     httpOnly: true,

backend/src/controllers/v1/signupController.ts

@@ -5,7 +5,6 @@ import { createToken } from "../../helpers/auth";
 import { BadRequestError } from "../../utils/errors";
 import {
   getAuthSecret,
-  getInviteOnlySignup,
   getJwtSignupLifetime,
   getSmtpConfigured
 } from "../../config";
@@ -68,14 +67,12 @@ export const verifyEmailSignup = async (req: Request, res: Response) => {
     });
   }
 
-  if (await getInviteOnlySignup()) {
+  // Only one user can create an account without being invited. The rest need to be invited in order to make an account
-    // Only one user can create an account without being invited. The rest need to be invited in order to make an account
+  const userCount = await User.countDocuments({});
-    const userCount = await User.countDocuments({});
+  if (userCount != 0) {
-    if (userCount != 0) {
+    throw BadRequestError({
-      throw BadRequestError({
+      message: "New user sign ups are not allowed at this time. You must be invited to sign up."
-        message: "New user sign ups are not allowed at this time. You must be invited to sign up."
+    });
-      });
-    }
   }
 
   // verify email

backend/src/utils/authn/passport/helpers.ts

@@ -1,62 +1,65 @@
-import { 
+import { AuthMethod, User } from "../../../models";
-    AuthMethod,
-    User
-} from "../../../models";
 import { createToken } from "../../../helpers/auth";
 import { AuthTokenType } from "../../../variables";
-import { getAuthSecret, getJwtProviderAuthLifetime} from "../../../config";
+import { getAuthSecret, getJwtProviderAuthLifetime } from "../../../config";
+import { getServerConfig } from "../../../config/serverConfig";
 
 interface SSOUserTokenFlowParams {
-    email: string;
+  email: string;
-    firstName: string;
+  firstName: string;
-    lastName: string;
+  lastName: string;
-    authMethod: AuthMethod;
+  authMethod: AuthMethod;
-    callbackPort?: string;
+  callbackPort?: string;
 }
 
 export const handleSSOUserTokenFlow = async ({
-    email,
+  email,
-    firstName,
+  firstName,
-    lastName,
+  lastName,
-    authMethod,
+  authMethod,
-    callbackPort
+  callbackPort
 }: SSOUserTokenFlowParams) => {
-    let user = await User.findOne({
+  let user = await User.findOne({
-        email
+    email
-    }).select("+publicKey");
+  }).select("+publicKey");
-    
-    if (!user) {
-        user = await new User({
-            email,
-            authMethods: [authMethod],
-            firstName,
-            lastName
-        }).save();
-    }
 
-    let isLinkingRequired = false;
+  const serverCfg = getServerConfig();
-    if (!user.authMethods.includes(authMethod)) {
+  if (!user && !serverCfg.allowSignUp) throw new Error("User signup disabled");
+
+  if (!user) {
+    user = await new User({
+      email,
+      authMethods: [authMethod],
+      firstName,
+      lastName
+    }).save();
+  }
+
+  let isLinkingRequired = false;
+  if (!user.authMethods.includes(authMethod)) {
     isLinkingRequired = true;
-    }
+  }
 
-    const isUserCompleted = !!user.publicKey;
+  const isUserCompleted = !!user.publicKey;
-    const providerAuthToken = createToken({
+  const providerAuthToken = createToken({
     payload: {
-        authTokenType: AuthTokenType.PROVIDER_TOKEN,
+      authTokenType: AuthTokenType.PROVIDER_TOKEN,
-        userId: user._id.toString(),
+      userId: user._id.toString(),
-        email: user.email,
+      email: user.email,
-        firstName: user.firstName,
+      firstName: user.firstName,
-        lastName: user.lastName,
+      lastName: user.lastName,
-        authMethod,
+      authMethod,
-        isUserCompleted,
+      isUserCompleted,
-        isLinkingRequired,
+      isLinkingRequired,
-        ...(callbackPort ? {
+      ...(callbackPort
+        ? {
             callbackPort
-        } : {})
+          }
+        : {})
     },
     expiresIn: await getJwtProviderAuthLifetime(),
-    secret: await getAuthSecret(),
+    secret: await getAuthSecret()
-    });
+  });
-    
+
-    return { isUserCompleted, providerAuthToken };
+  return { isUserCompleted, providerAuthToken };
-}
+};

frontend/src/views/admin/DashboardPage/DashboardPage.tsx

@@ -31,9 +31,9 @@ export const AdminDashboardPage = () => {
   return (
     <div className="container mx-auto max-w-7xl pb-12 text-white dark:[color-scheme:dark]">
       <div className="mb-8">
-        <div className="mx-4 mb-4 mt-6 flex flex-col items-start justify-between px-2 text-xl">
+        <div className="mb-4 mt-6 flex flex-col items-start justify-between text-xl">
           <h1 className="text-3xl font-semibold">Admin Dashboard</h1>
-          <p className="text-base text-bunker-300">Manage your Infisical.</p>
+          <p className="text-base text-bunker-300">Manage your Infisical</p>
         </div>
       </div>
       {isUserLoading || isNotAllowed ? (