yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: Self-hosted logic for allowed domains (#4412)

Browse Source 
* fix: Self-hosted logic for allowed domains

* test
This commit is contained in:
Tom Moor
2022-11-11 19:19:46 -08:00
committed by GitHub
parent 6788005115
commit cff67f4ca7
3 changed files with 390 additions and 378 deletions
Download Patch File Download Diff File Expand all files Collapse all files

535
server/commands/accountProvisioner.test.ts
View File

@@ -12,159 +12,72 @@ setupTestDatabase();
describe("accountProvisioner", () => {
const ip = "127.0.0.1";
it("should create a new user and team", async () => {
env.DEPLOYMENT = "hosted";
const spy = jest.spyOn(WelcomeEmail, "schedule");
const { user, team, isNewTeam, isNewUser } = await accountProvisioner({
ip,
user: {
name: "Jenny Tester",
email: "jenny@example-company.com",
avatarUrl: "https://example.com/avatar.png",
username: "jtester",
},
team: {
name: "New workspace",
avatarUrl: "https://example.com/avatar.png",
subdomain: "example",
},
authenticationProvider: {
name: "google",
providerId: "example-company.com",
},
authentication: {
providerId: "123456789",
accessToken: "123",
scopes: ["read"],
},
});
const authentications = await user.$get("authentications");
const auth = authentications[0];
expect(auth.accessToken).toEqual("123");
expect(auth.scopes.length).toEqual(1);
expect(auth.scopes[0]).toEqual("read");
expect(team.name).toEqual("New workspace");
expect(user.email).toEqual("jenny@example-company.com");
expect(user.username).toEqual("jtester");
expect(isNewUser).toEqual(true);
expect(isNewTeam).toEqual(true);
expect(spy).toHaveBeenCalled();
const collectionCount = await Collection.count();
expect(collectionCount).toEqual(1);
spy.mockRestore();
});
it("should update exising user and authentication", async () => {
const spy = jest.spyOn(WelcomeEmail, "schedule");
const existingTeam = await buildTeam();
const providers = await existingTeam.$get("authenticationProviders");
const authenticationProvider = providers[0];
const existing = await buildUser({
teamId: existingTeam.id,
});
const authentications = await existing.$get("authentications");
const authentication = authentications[0];
const newEmail = "test@example-company.com";
const newUsername = "tname";
const { user, isNewUser, isNewTeam } = await accountProvisioner({
ip,
user: {
name: existing.name,
email: newEmail,
avatarUrl: existing.avatarUrl,
username: newUsername,
},
team: {
name: existingTeam.name,
avatarUrl: existingTeam.avatarUrl,
subdomain: "example",
},
authenticationProvider: {
name: authenticationProvider.name,
providerId: authenticationProvider.providerId,
},
authentication: {
providerId: authentication.providerId,
accessToken: "123",
scopes: ["read"],
},
});
const auth = await UserAuthentication.findByPk(authentication.id);
expect(auth?.accessToken).toEqual("123");
expect(auth?.scopes.length).toEqual(1);
expect(auth?.scopes[0]).toEqual("read");
expect(user.email).toEqual(newEmail);
expect(user.username).toEqual(newUsername);
expect(isNewTeam).toEqual(false);
expect(isNewUser).toEqual(false);
expect(spy).not.toHaveBeenCalled();
const collectionCount = await Collection.count();
expect(collectionCount).toEqual(0);
spy.mockRestore();
});
it("should allow authentication by email matching", async () => {
const existingTeam = await buildTeam();
const providers = await existingTeam.$get("authenticationProviders");
const authenticationProvider = providers[0];
const userWithoutAuth = await buildUser({
email: "email@example.com",
teamId: existingTeam.id,
authentications: [],
describe("hosted", () => {
beforeEach(() => {
env.DEPLOYMENT = "hosted";
});
const { user, isNewUser, isNewTeam } = await accountProvisioner({
ip,
user: {
name: userWithoutAuth.name,
email: "email@example.com",
avatarUrl: userWithoutAuth.avatarUrl,
},
team: {
name: existingTeam.name,
avatarUrl: existingTeam.avatarUrl,
subdomain: "example",
},
authenticationProvider: {
name: authenticationProvider.name,
providerId: authenticationProvider.providerId,
},
authentication: {
providerId: "anything",
accessToken: "123",
scopes: ["read"],
},
});
expect(user.id).toEqual(userWithoutAuth.id);
expect(isNewTeam).toEqual(false);
expect(isNewUser).toEqual(false);
expect(user.authentications.length).toEqual(0);
});
it("should create a new user and team", async () => {
const spy = jest.spyOn(WelcomeEmail, "schedule");
const { user, team, isNewTeam, isNewUser } = await accountProvisioner({
ip,
user: {
name: "Jenny Tester",
email: "jenny@example-company.com",
avatarUrl: "https://example.com/avatar.png",
username: "jtester",
},
team: {
name: "New workspace",
avatarUrl: "https://example.com/avatar.png",
subdomain: "example",
},
authenticationProvider: {
name: "google",
providerId: "example-company.com",
},
authentication: {
providerId: "123456789",
accessToken: "123",
scopes: ["read"],
},
});
const authentications = await user.$get("authentications");
const auth = authentications[0];
expect(auth.accessToken).toEqual("123");
expect(auth.scopes.length).toEqual(1);
expect(auth.scopes[0]).toEqual("read");
expect(team.name).toEqual("New workspace");
expect(user.email).toEqual("jenny@example-company.com");
expect(user.username).toEqual("jtester");
expect(isNewUser).toEqual(true);
expect(isNewTeam).toEqual(true);
expect(spy).toHaveBeenCalled();
const collectionCount = await Collection.count();
expect(collectionCount).toEqual(1);
it("should throw an error when authentication provider is disabled", async () => {
const existingTeam = await buildTeam();
const providers = await existingTeam.$get("authenticationProviders");
const authenticationProvider = providers[0];
await authenticationProvider.update({
enabled: false,
spy.mockRestore();
});
const existing = await buildUser({
teamId: existingTeam.id,
});
const authentications = await existing.$get("authentications");
const authentication = authentications[0];
let error;
try {
await accountProvisioner({
it("should update exising user and authentication", async () => {
const spy = jest.spyOn(WelcomeEmail, "schedule");
const existingTeam = await buildTeam();
const providers = await existingTeam.$get("authenticationProviders");
const authenticationProvider = providers[0];
const existing = await buildUser({
teamId: existingTeam.id,
});
const authentications = await existing.$get("authentications");
const authentication = authentications[0];
const newEmail = "test@example-company.com";
const newUsername = "tname";
const { user, isNewUser, isNewTeam } = await accountProvisioner({
ip,
user: {
name: existing.name,
email: existing.email!,
email: newEmail,
avatarUrl: existing.avatarUrl,
username: newUsername,
},
team: {
name: existingTeam.name,
@@ -181,28 +94,161 @@ describe("accountProvisioner", () => {
scopes: ["read"],
},
});
} catch (err) {
error = err;
}
const auth = await UserAuthentication.findByPk(authentication.id);
expect(auth?.accessToken).toEqual("123");
expect(auth?.scopes.length).toEqual(1);
expect(auth?.scopes[0]).toEqual("read");
expect(user.email).toEqual(newEmail);
expect(user.username).toEqual(newUsername);
expect(isNewTeam).toEqual(false);
expect(isNewUser).toEqual(false);
expect(spy).not.toHaveBeenCalled();
const collectionCount = await Collection.count();
expect(collectionCount).toEqual(0);
expect(error).toBeTruthy();
});
it("should throw an error when the domain is not allowed", async () => {
const { admin, team: existingTeam } = await seed();
const providers = await existingTeam.$get("authenticationProviders");
const authenticationProvider = providers[0];
await TeamDomain.create({
teamId: existingTeam.id,
name: "other.com",
createdById: admin.id,
spy.mockRestore();
});
let error;
it("should allow authentication by email matching", async () => {
const existingTeam = await buildTeam();
const providers = await existingTeam.$get("authenticationProviders");
const authenticationProvider = providers[0];
const userWithoutAuth = await buildUser({
email: "email@example.com",
teamId: existingTeam.id,
authentications: [],
});
try {
await accountProvisioner({
const { user, isNewUser, isNewTeam } = await accountProvisioner({
ip,
user: {
name: userWithoutAuth.name,
email: "email@example.com",
avatarUrl: userWithoutAuth.avatarUrl,
},
team: {
name: existingTeam.name,
avatarUrl: existingTeam.avatarUrl,
subdomain: "example",
},
authenticationProvider: {
name: authenticationProvider.name,
providerId: authenticationProvider.providerId,
},
authentication: {
providerId: "anything",
accessToken: "123",
scopes: ["read"],
},
});
expect(user.id).toEqual(userWithoutAuth.id);
expect(isNewTeam).toEqual(false);
expect(isNewUser).toEqual(false);
expect(user.authentications.length).toEqual(0);
});
it("should throw an error when authentication provider is disabled", async () => {
const existingTeam = await buildTeam();
const providers = await existingTeam.$get("authenticationProviders");
const authenticationProvider = providers[0];
await authenticationProvider.update({
enabled: false,
});
const existing = await buildUser({
teamId: existingTeam.id,
});
const authentications = await existing.$get("authentications");
const authentication = authentications[0];
let error;
try {
await accountProvisioner({
ip,
user: {
name: existing.name,
email: existing.email!,
avatarUrl: existing.avatarUrl,
},
team: {
name: existingTeam.name,
avatarUrl: existingTeam.avatarUrl,
subdomain: "example",
},
authenticationProvider: {
name: authenticationProvider.name,
providerId: authenticationProvider.providerId,
},
authentication: {
providerId: authentication.providerId,
accessToken: "123",
scopes: ["read"],
},
});
} catch (err) {
error = err;
}
expect(error).toBeTruthy();
});
it("should throw an error when the domain is not allowed", async () => {
const { admin, team: existingTeam } = await seed();
const providers = await existingTeam.$get("authenticationProviders");
const authenticationProvider = providers[0];
await TeamDomain.create({
teamId: existingTeam.id,
name: "other.com",
createdById: admin.id,
});
let error;
try {
await accountProvisioner({
ip,
user: {
name: "Jenny Tester",
email: "jenny@example-company.com",
avatarUrl: "https://example.com/avatar.png",
username: "jtester",
},
team: {
name: existingTeam.name,
avatarUrl: existingTeam.avatarUrl,
subdomain: "example",
},
authenticationProvider: {
name: authenticationProvider.name,
providerId: authenticationProvider.providerId,
},
authentication: {
providerId: "123456789",
accessToken: "123",
scopes: ["read"],
},
});
} catch (err) {
error = err;
}
expect(error).toBeTruthy();
});
it("should create a new user in an existing team when the domain is allowed", async () => {
const spy = jest.spyOn(WelcomeEmail, "schedule");
const { admin, team } = await seed();
const authenticationProviders = await team.$get(
"authenticationProviders"
);
const authenticationProvider = authenticationProviders[0];
await TeamDomain.create({
teamId: team.id,
name: "example-company.com",
createdById: admin.id,
});
const { user, isNewUser } = await accountProvisioner({
ip,
user: {
name: "Jenny Tester",
@@ -211,8 +257,8 @@ describe("accountProvisioner", () => {
username: "jtester",
},
team: {
name: existingTeam.name,
avatarUrl: existingTeam.avatarUrl,
name: team.name,
avatarUrl: team.avatarUrl,
subdomain: "example",
},
authenticationProvider: {
@@ -225,110 +271,75 @@ describe("accountProvisioner", () => {
scopes: ["read"],
},
});
} catch (err) {
error = err;
}
const authentications = await user.$get("authentications");
const auth = authentications[0];
expect(auth.accessToken).toEqual("123");
expect(auth.scopes.length).toEqual(1);
expect(auth.scopes[0]).toEqual("read");
expect(user.email).toEqual("jenny@example-company.com");
expect(user.username).toEqual("jtester");
expect(isNewUser).toEqual(true);
expect(spy).toHaveBeenCalled();
// should provision welcome collection
const collectionCount = await Collection.count();
expect(collectionCount).toEqual(1);
expect(error).toBeTruthy();
});
it("should create a new user in an existing team when the domain is allowed", async () => {
const spy = jest.spyOn(WelcomeEmail, "schedule");
const { admin, team } = await seed();
const authenticationProviders = await team.$get("authenticationProviders");
const authenticationProvider = authenticationProviders[0];
await TeamDomain.create({
teamId: team.id,
name: "example-company.com",
createdById: admin.id,
spy.mockRestore();
});
const { user, isNewUser } = await accountProvisioner({
ip,
user: {
name: "Jenny Tester",
email: "jenny@example-company.com",
avatarUrl: "https://example.com/avatar.png",
username: "jtester",
},
team: {
name: team.name,
avatarUrl: team.avatarUrl,
subdomain: "example",
},
authenticationProvider: {
name: authenticationProvider.name,
providerId: authenticationProvider.providerId,
},
authentication: {
providerId: "123456789",
accessToken: "123",
scopes: ["read"],
},
it("should create a new user in an existing team", async () => {
const spy = jest.spyOn(WelcomeEmail, "schedule");
const team = await buildTeam();
const authenticationProviders = await team.$get(
"authenticationProviders"
);
const authenticationProvider = authenticationProviders[0];
const { user, isNewUser } = await accountProvisioner({
ip,
user: {
name: "Jenny Tester",
email: "jenny@example-company.com",
avatarUrl: "https://example.com/avatar.png",
username: "jtester",
},
team: {
name: team.name,
avatarUrl: team.avatarUrl,
subdomain: "example",
},
authenticationProvider: {
name: authenticationProvider.name,
providerId: authenticationProvider.providerId,
},
authentication: {
providerId: "123456789",
accessToken: "123",
scopes: ["read"],
},
});
const authentications = await user.$get("authentications");
const auth = authentications[0];
expect(auth.accessToken).toEqual("123");
expect(auth.scopes.length).toEqual(1);
expect(auth.scopes[0]).toEqual("read");
expect(user.email).toEqual("jenny@example-company.com");
expect(user.username).toEqual("jtester");
expect(isNewUser).toEqual(true);
expect(spy).toHaveBeenCalled();
// should provision welcome collection
const collectionCount = await Collection.count();
expect(collectionCount).toEqual(1);
spy.mockRestore();
});
const authentications = await user.$get("authentications");
const auth = authentications[0];
expect(auth.accessToken).toEqual("123");
expect(auth.scopes.length).toEqual(1);
expect(auth.scopes[0]).toEqual("read");
expect(user.email).toEqual("jenny@example-company.com");
expect(user.username).toEqual("jtester");
expect(isNewUser).toEqual(true);
expect(spy).toHaveBeenCalled();
// should provision welcome collection
const collectionCount = await Collection.count();
expect(collectionCount).toEqual(1);
spy.mockRestore();
});
it("should create a new user in an existing team", async () => {
const spy = jest.spyOn(WelcomeEmail, "schedule");
const team = await buildTeam();
const authenticationProviders = await team.$get("authenticationProviders");
const authenticationProvider = authenticationProviders[0];
const { user, isNewUser } = await accountProvisioner({
ip,
user: {
name: "Jenny Tester",
email: "jenny@example-company.com",
avatarUrl: "https://example.com/avatar.png",
username: "jtester",
},
team: {
name: team.name,
avatarUrl: team.avatarUrl,
subdomain: "example",
},
authenticationProvider: {
name: authenticationProvider.name,
providerId: authenticationProvider.providerId,
},
authentication: {
providerId: "123456789",
accessToken: "123",
scopes: ["read"],
},
});
const authentications = await user.$get("authentications");
const auth = authentications[0];
expect(auth.accessToken).toEqual("123");
expect(auth.scopes.length).toEqual(1);
expect(auth.scopes[0]).toEqual("read");
expect(user.email).toEqual("jenny@example-company.com");
expect(user.username).toEqual("jtester");
expect(isNewUser).toEqual(true);
expect(spy).toHaveBeenCalled();
// should provision welcome collection
const collectionCount = await Collection.count();
expect(collectionCount).toEqual(1);
spy.mockRestore();
});
describe("self hosted", () => {
it("should fail if existing team and domain not in allowed list", async () => {
beforeEach(() => {
env.DEPLOYMENT = undefined;
});
it("should fail if existing team and domain not in allowed list", async () => {
let error;
const team = await buildTeam();
@@ -342,6 +353,7 @@ describe("accountProvisioner", () => {
username: "jtester",
},
team: {
teamId: team.id,
name: team.name,
avatarUrl: team.avatarUrl,
subdomain: "example",
@@ -366,8 +378,6 @@ describe("accountProvisioner", () => {
});
it("should always use existing team if self-hosted", async () => {
env.DEPLOYMENT = undefined;
const team = await buildTeam();
const { user, isNewUser } = await accountProvisioner({
ip,
@@ -378,6 +388,7 @@ describe("accountProvisioner", () => {
username: "jtester",
},
team: {
teamId: team.id,
name: team.name,
avatarUrl: team.avatarUrl,
subdomain: "example",

221
server/commands/teamProvisioner.test.ts
View File

@@ -9,127 +9,129 @@ setupTestDatabase();
describe("teamProvisioner", () => {
const ip = "127.0.0.1";
it("should create team and authentication provider", async () => {
env.DEPLOYMENT = "hosted";
const result = await teamProvisioner({
name: "Test team",
subdomain: "example",
avatarUrl: "http://example.com/logo.png",
authenticationProvider: {
name: "google",
providerId: "example.com",
},
ip,
});
const { team, authenticationProvider, isNewTeam } = result;
expect(authenticationProvider.name).toEqual("google");
expect(authenticationProvider.providerId).toEqual("example.com");
expect(team.name).toEqual("Test team");
expect(team.subdomain).toEqual("example");
expect(isNewTeam).toEqual(true);
});
it("should set subdomain append if unavailable", async () => {
env.DEPLOYMENT = "hosted";
await buildTeam({
subdomain: "myteam",
describe("hosted", () => {
beforeEach(() => {
env.DEPLOYMENT = "hosted";
});
const result = await teamProvisioner({
name: "Test team",
subdomain: "myteam",
avatarUrl: "http://example.com/logo.png",
authenticationProvider: {
name: "google",
providerId: "example.com",
},
ip,
});
expect(result.isNewTeam).toEqual(true);
expect(result.team.subdomain).toEqual("myteam1");
});
it("should increment subdomain append if unavailable", async () => {
env.DEPLOYMENT = "hosted";
await buildTeam({
subdomain: "myteam",
});
await buildTeam({
subdomain: "myteam1",
});
const result = await teamProvisioner({
name: "Test team",
subdomain: "myteam",
avatarUrl: "http://example.com/logo.png",
authenticationProvider: {
name: "google",
providerId: "example.com",
},
ip,
});
expect(result.team.subdomain).toEqual("myteam2");
});
it("should return existing team", async () => {
env.DEPLOYMENT = "hosted";
const authenticationProvider = {
name: "google",
providerId: "example.com",
};
const existing = await buildTeam({
subdomain: "example",
authenticationProviders: [authenticationProvider],
});
const result = await teamProvisioner({
name: "Updated name",
subdomain: "example",
authenticationProvider,
ip,
});
const { team, isNewTeam } = result;
expect(team.id).toEqual(existing.id);
expect(team.name).toEqual(existing.name);
expect(team.subdomain).toEqual("example");
expect(isNewTeam).toEqual(false);
});
it("should error on mismatched team and authentication provider", async () => {
env.DEPLOYMENT = "hosted";
const exampleTeam = await buildTeam({
subdomain: "example",
authenticationProviders: [
{
it("should create team and authentication provider", async () => {
const result = await teamProvisioner({
name: "Test team",
subdomain: "example",
avatarUrl: "http://example.com/logo.png",
authenticationProvider: {
name: "google",
providerId: "example.com",
},
],
ip,
});
const { team, authenticationProvider, isNewTeam } = result;
expect(authenticationProvider.name).toEqual("google");
expect(authenticationProvider.providerId).toEqual("example.com");
expect(team.name).toEqual("Test team");
expect(team.subdomain).toEqual("example");
expect(isNewTeam).toEqual(true);
});
let error;
try {
await teamProvisioner({
teamId: exampleTeam.id,
name: "name",
subdomain: "other",
it("should set subdomain append if unavailable", async () => {
await buildTeam({
subdomain: "myteam",
});
const result = await teamProvisioner({
name: "Test team",
subdomain: "myteam",
avatarUrl: "http://example.com/logo.png",
authenticationProvider: {
name: "google",
providerId: "other.com",
providerId: "example.com",
},
ip,
});
} catch (e) {
error = e;
}
expect(error.id).toEqual("invalid_authentication");
expect(result.isNewTeam).toEqual(true);
expect(result.team.subdomain).toEqual("myteam1");
});
it("should increment subdomain append if unavailable", async () => {
await buildTeam({
subdomain: "myteam",
});
await buildTeam({
subdomain: "myteam1",
});
const result = await teamProvisioner({
name: "Test team",
subdomain: "myteam",
avatarUrl: "http://example.com/logo.png",
authenticationProvider: {
name: "google",
providerId: "example.com",
},
ip,
});
expect(result.team.subdomain).toEqual("myteam2");
});
it("should return existing team", async () => {
const authenticationProvider = {
name: "google",
providerId: "example.com",
};
const existing = await buildTeam({
subdomain: "example",
authenticationProviders: [authenticationProvider],
});
const result = await teamProvisioner({
name: "Updated name",
subdomain: "example",
authenticationProvider,
ip,
});
const { team, isNewTeam } = result;
expect(team.id).toEqual(existing.id);
expect(team.name).toEqual(existing.name);
expect(team.subdomain).toEqual("example");
expect(isNewTeam).toEqual(false);
});
it("should error on mismatched team and authentication provider", async () => {
const exampleTeam = await buildTeam({
subdomain: "example",
authenticationProviders: [
{
name: "google",
providerId: "example.com",
},
],
});
let error;
try {
await teamProvisioner({
teamId: exampleTeam.id,
name: "name",
subdomain: "other",
authenticationProvider: {
name: "google",
providerId: "other.com",
},
ip,
});
} catch (e) {
error = e;
}
expect(error.id).toEqual("invalid_authentication");
});
});
describe("self hosted", () => {
it("should allow creating first team", async () => {
beforeEach(() => {
env.DEPLOYMENT = undefined;
});
it("should allow creating first team", async () => {
const { team, isNewTeam } = await teamProvisioner({
name: "Test team",
subdomain: "example",
@@ -146,8 +148,7 @@ describe("teamProvisioner", () => {
});
it("should not allow creating multiple teams in installation", async () => {
env.DEPLOYMENT = undefined;
await buildTeam();
const team = await buildTeam();
let error;
try {
@@ -155,6 +156,7 @@ describe("teamProvisioner", () => {
name: "Test team",
subdomain: "example",
avatarUrl: "http://example.com/logo.png",
teamId: team.id,
authenticationProvider: {
name: "google",
providerId: "example.com",
@@ -169,7 +171,6 @@ describe("teamProvisioner", () => {
});
it("should return existing team when within allowed domains", async () => {
env.DEPLOYMENT = undefined;
const existing = await buildTeam();
const user = await buildUser({
teamId: existing.id,
@@ -183,6 +184,7 @@ describe("teamProvisioner", () => {
name: "Updated name",
subdomain: "example",
domain: "allowed-domain.com",
teamId: existing.id,
authenticationProvider: {
name: "google",
providerId: "allowed-domain.com",
@@ -200,7 +202,6 @@ describe("teamProvisioner", () => {
});
it("should error when NOT within allowed domains", async () => {
env.DEPLOYMENT = undefined;
const existing = await buildTeam();
const user = await buildUser({
teamId: existing.id,
@@ -217,6 +218,7 @@ describe("teamProvisioner", () => {
name: "Updated name",
subdomain: "example",
domain: "other-domain.com",
teamId: existing.id,
authenticationProvider: {
name: "google",
providerId: "other-domain.com",
@@ -231,7 +233,6 @@ describe("teamProvisioner", () => {
});
it("should return existing team", async () => {
env.DEPLOYMENT = undefined;
const authenticationProvider = {
name: "google",
providerId: "example.com",

12
server/commands/teamProvisioner.ts
View File

@@ -72,13 +72,13 @@ async function teamProvisioner({
};
} else if (teamId) {
// The user is attempting to log into a team with an unfamiliar SSO provider
throw InvalidAuthenticationError();
}
if (env.DEPLOYMENT === "hosted") {
throw InvalidAuthenticationError();
}
// This team has never been seen before, if self hosted the logic is different
// to the multi-tenant version, we want to restrict to a single team that MAY
// have multiple authentication providers
if (env.DEPLOYMENT !== "hosted") {
// This team has never been seen before, if self hosted the logic is different
// to the multi-tenant version, we want to restrict to a single team that MAY
// have multiple authentication providers
const team = await Team.findOne();
// If the self-hosted installation has a single team and the domain for the