From ee2732fd51675080985262b88fd063744a8f76ab Mon Sep 17 00:00:00 2001
From: Rory Powell <rory.codes@gmail.com>
Date: Tue, 21 Sep 2021 18:20:26 +0100
Subject: [PATCH] Cloud SSO flow and auto login on verification

---
 .../src/api/controllers/global/users.js       | 28 +++++++++++++------
 .../worker/src/api/routes/global/users.js     |  2 +-
 2 files changed, 20 insertions(+), 10 deletions(-)

diff --git a/packages/worker/src/api/controllers/global/users.js b/packages/worker/src/api/controllers/global/users.js
index 8f754e2922..c8382d4189 100644
--- a/packages/worker/src/api/controllers/global/users.js
+++ b/packages/worker/src/api/controllers/global/users.js
@@ -31,7 +31,12 @@ async function allUsers() {
   return response.rows.map(row => row.doc)
 }
 
-async function saveUser(user, tenantId, hashPassword = true) {
+async function saveUser(
+  user,
+  tenantId,
+  hashPassword = true,
+  requirePassword = true
+) {
   if (!tenantId) {
     throw "No tenancy specified."
   }
@@ -57,7 +62,7 @@ async function saveUser(user, tenantId, hashPassword = true) {
     hashedPassword = hashPassword ? await hash(password) : password
   } else if (dbUser) {
     hashedPassword = dbUser.password
-  } else {
+  } else if (requirePassword) {
     throw "Password must be specified."
   }
 
@@ -106,16 +111,21 @@ exports.save = async ctx => {
   }
 }
 
+const parseBooleanParam = param => {
+  if (param && param == "false") {
+    return false
+  } else {
+    return true
+  }
+}
+
 exports.adminUser = async ctx => {
   const { email, password, tenantId } = ctx.request.body
 
   // account portal sends a pre-hashed password - honour param to prevent double hashing
-  let hashPassword = ctx.request.query.hashPassword
-  if (hashPassword && hashPassword == "false") {
-    hashPassword = false
-  } else {
-    hashPassword = true
-  }
+  const hashPassword = parseBooleanParam(ctx.request.query.hashPassword)
+  // account portal sends no password for SSO users
+  const requirePassword = parseBooleanParam(ctx.request.query.requirePassword)
 
   if (await doesTenantExist(tenantId)) {
     ctx.throw(403, "Organisation already exists.")
@@ -148,7 +158,7 @@ exports.adminUser = async ctx => {
     tenantId,
   }
   try {
-    ctx.body = await saveUser(user, tenantId, hashPassword)
+    ctx.body = await saveUser(user, tenantId, hashPassword, requirePassword)
   } catch (err) {
     ctx.throw(err.status || 400, err)
   }
diff --git a/packages/worker/src/api/routes/global/users.js b/packages/worker/src/api/routes/global/users.js
index 9af249260d..1a04944a30 100644
--- a/packages/worker/src/api/routes/global/users.js
+++ b/packages/worker/src/api/routes/global/users.js
@@ -10,7 +10,7 @@ function buildAdminInitValidation() {
   return joiValidator.body(
     Joi.object({
       email: Joi.string().required(),
-      password: Joi.string().required(),
+      password: Joi.string(),
       tenantId: Joi.string().required(),
     })
       .required()