From 92c8eff61d55e435d792ac8fea59acdd19508eb7 Mon Sep 17 00:00:00 2001
From: Tom Moor <tom.moor@gmail.com>
Date: Thu, 29 Jun 2023 21:06:56 -0400
Subject: [PATCH] fix: No need to validate SSO access immediately after sign-in

---
 server/routes/api/auth/auth.ts | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/server/routes/api/auth/auth.ts b/server/routes/api/auth/auth.ts
index 6cdd62428..4a8b1c3c3 100644
--- a/server/routes/api/auth/auth.ts
+++ b/server/routes/api/auth/auth.ts
@@ -1,3 +1,4 @@
+import { subHours } from "date-fns";
 import Router from "koa-router";
 import { uniqBy } from "lodash";
 import { TeamPreference } from "@shared/types";
@@ -126,7 +127,11 @@ router.post("auth.info", auth(), async (ctx: APIContext<T.AuthInfoReq>) => {
     user.availableTeams(),
   ]);
 
-  await ValidateSSOAccessTask.schedule({ userId: user.id });
+  // If the user did not _just_ sign in then we need to check if they continue
+  // to have access to the workspace they are signed into.
+  if (user.lastSignedInAt && user.lastSignedInAt < subHours(new Date(), 1)) {
+    await ValidateSSOAccessTask.schedule({ userId: user.id });
+  }
 
   ctx.body = {
     data: {