fix: Users should not be redirected to disabled authentication providers (#5055

* fix: Users should not be redirected to disabled authentication providers
Re-enabled tests in plugin directory

* Fix plugin http tests

.jestconfig.json

@@ -3,7 +3,7 @@
   "projects": [
     {
       "displayName": "server",
-      "roots": ["<rootDir>/server"],
+      "roots": ["<rootDir>/server", "<rootDir>/plugins"],
       "moduleNameMapper": {
         "^@server/(.*)$": "<rootDir>/server/$1",
         "^@shared/(.*)$": "<rootDir>/shared/$1"

plugins/email/server/auth/email.test.ts

@@ -2,6 +2,7 @@ import sharedEnv from "@shared/env";
 import SigninEmail from "@server/emails/templates/SigninEmail";
 import WelcomeEmail from "@server/emails/templates/WelcomeEmail";
 import env from "@server/env";
+import { AuthenticationProvider } from "@server/models";
 import { buildUser, buildGuestUser, buildTeam } from "@server/test/factories";
 import { getTestServer } from "@server/test/support";
 
@@ -33,6 +34,42 @@ describe("email", () => {
     spy.mockRestore();
   });
 
+  it("should respond with success and email to be sent when user has SSO but disabled", async () => {
+    const spy = jest.spyOn(SigninEmail, "schedule");
+    const team = await buildTeam({
+      subdomain: "example",
+    });
+    const user = await buildUser({
+      teamId: team.id,
+    });
+
+    // Disable all the auth providers
+    await AuthenticationProvider.update(
+      {
+        enabled: false,
+      },
+      {
+        where: {
+          enabled: true,
+        },
+      }
+    );
+
+    const res = await server.post("/auth/email", {
+      body: {
+        email: user.email,
+      },
+      headers: {
+        host: "example.localoutline.com",
+      },
+    });
+    const body = await res.json();
+    expect(res.status).toEqual(200);
+    expect(body.success).toEqual(true);
+    expect(spy).toHaveBeenCalled();
+    spy.mockRestore();
+  });
+
   it("should not send email when user is on another subdomain but respond with success", async () => {
     env.URL = sharedEnv.URL = "http://localoutline.com";
     env.SUBDOMAINS_ENABLED = sharedEnv.SUBDOMAINS_ENABLED = true;

plugins/email/server/auth/email.ts

@@ -1,5 +1,4 @@
 import Router from "koa-router";
-import { find } from "lodash";
 import { Client } from "@shared/types";
 import { parseDomain } from "@shared/utils/domains";
 import InviteAcceptedEmail from "@server/emails/templates/InviteAcceptedEmail";
@@ -59,18 +58,15 @@ router.post(
     // If the user matches an email address associated with an SSO
     // provider then just forward them directly to that sign-in page
     if (user.authentications.length) {
-      const authProvider = find(team.authenticationProviders, {
+      const authenticationProvider =
-        id: user.authentications[0].authenticationProviderId,
+        user.authentications[0].authenticationProvider;
-      });
-      if (authProvider?.enabled) {
       ctx.body = {
-          redirect: `${team.url}/auth/${authProvider?.name}`,
+        redirect: `${team.url}/auth/${authenticationProvider?.name}`,
       };
       return;
     }
-    }
 
-    // send email to users registered address with a short-lived token
+    // send email to users email address with a short-lived token
     await SigninEmail.schedule({
       to: user.email,
       token: user.getEmailSigninToken(),

plugins/slack/server/api/hooks.test.ts

@@ -5,7 +5,7 @@ import { buildDocument, buildIntegration } from "@server/test/factories";
 import { seed, getTestServer } from "@server/test/support";
 import * as Slack from "../slack";
 
-jest.mock("@server/utils/slack", () => ({
+jest.mock("../slack", () => ({
   post: jest.fn(),
 }));
 

plugins/webhooks/server/processors/WebhookProcessor.test.ts

@@ -4,7 +4,7 @@ import { UserEvent } from "@server/types";
 import DeliverWebhookTask from "../tasks/DeliverWebhookTask";
 import WebhookProcessor from "./WebhookProcessor";
 
-jest.mock("@server/queues/tasks/DeliverWebhookTask");
+jest.mock("../tasks/DeliverWebhookTask");
 const ip = "127.0.0.1";
 
 setupTestDatabase();

server/models/User.ts

@@ -36,6 +36,7 @@ import parseAttachmentIds from "@server/utils/parseAttachmentIds";
 import { ValidationError } from "../errors";
 import ApiKey from "./ApiKey";
 import Attachment from "./Attachment";
+import AuthenticationProvider from "./AuthenticationProvider";
 import Collection from "./Collection";
 import CollectionUser from "./CollectionUser";
 import NotificationSetting from "./NotificationSetting";
@@ -71,8 +72,18 @@ export enum UserRole {
   withAuthentications: {
     include: [
       {
+        separate: true,
         model: UserAuthentication,
         as: "authentications",
+        include: [
+          {
+            model: AuthenticationProvider,
+            as: "authenticationProvider",
+            where: {
+              enabled: true,
+            },
+          },
+        ],
       },
     ],
   },

server/routes/api/index.ts

@@ -53,8 +53,9 @@ api.use(apiWrapper());
 api.use(editor());
 
 // register package API routes before others to allow for overrides
+const rootDir = env.ENVIRONMENT === "test" ? "" : "build";
 glob
-  .sync("build/plugins/*/server/api/!(*.test).js")
+  .sync(path.join(rootDir, "plugins/*/server/api/!(*.test).[jt]s"))
   .forEach((filePath: string) => {
     // eslint-disable-next-line @typescript-eslint/no-var-requires
     const pkg: Router = require(path.join(process.cwd(), filePath)).default;