refactor

Author: brendan-kellam

…524_add_scim_users_support/migration.sql …548_add_scim_users_support/migration.sqlpackages/db/prisma/migrations/20260612235524_add_scim_users_support/migration.sql renamed to packages/db/prisma/migrations/20260619214548_add_scim_users_support/migration.sql packages/db/prisma/migrations/20260612235524_add_scim_users_support/migration.sql renamed to packages/db/prisma/migrations/20260619214548_add_scim_users_support/migration.sql

@@ -1,3 +1,6 @@
+-- AlterTable
+ALTER TABLE "Org" ADD COLUMN     "isScimEnabled" BOOLEAN NOT NULL DEFAULT false;
+
 -- AlterTable
 ALTER TABLE "UserToOrg" ADD COLUMN     "isActive" BOOLEAN NOT NULL DEFAULT true,
 ADD COLUMN     "scimExternalId" TEXT;

packages/db/prisma/schema.prisma

@@ -276,6 +276,8 @@ model Org {
   isOnboarded Boolean      @default(false)
   imageUrl    String?
 
+  isScimEnabled Boolean    @default(false)
+
   /// @deprecated This property can be controlled by the environment
   /// variable `REQUIRE_APPROVAL_NEW_MEMBERS`. To ensure that we use
   /// the correct setting, use the helper function `isMemberApprovalRequired`

packages/web/src/__mocks__/prisma.ts

@@ -17,7 +17,7 @@ export const MOCK_ORG: Org = {
     updatedAt: new Date(),
     isOnboarded: true,
     imageUrl: null,
-    metadata: null,
+    isScimEnabled: false,
     memberApprovalRequired: false,
     isCredentialsLoginEnabled: true,
     isEmailCodeLoginEnabled: false,

packages/web/src/actions.ts

@@ -1,26 +1,20 @@
 'use server';
 
 import { createAudit } from "@/ee/features/audit/audit";
-import { env, getSMTPConnectionURL } from "@sourcebot/shared";
 import { ErrorCode } from "@/lib/errorCodes";
-import { notAuthenticated, notFound, ServiceError } from "@/lib/serviceError";
-import { __unsafePrisma } from "@/prisma";
-import { render } from "@react-email/components";
-import { generateApiKey, getTokenFromConfig } from "@sourcebot/shared";
+import { notFound, ServiceError } from "@/lib/serviceError";
+import { sew } from "@/middleware/sew";
 import { ConnectionSyncJobStatus, OrgRole, Prisma, RepoIndexingJobStatus, RepoIndexingJobType } from "@sourcebot/db";
-import { createLogger } from "@sourcebot/shared";
 import { GiteaConnectionConfig } from "@sourcebot/schemas/v3/gitea.type";
 import { GithubConnectionConfig } from "@sourcebot/schemas/v3/github.type";
 import { GitlabConnectionConfig } from "@sourcebot/schemas/v3/gitlab.type";
+import { createLogger, env, generateApiKey, getTokenFromConfig } from "@sourcebot/shared";
 import { StatusCodes } from "http-status-codes";
 import { cookies } from "next/headers";
-import { createTransport } from "nodemailer";
-import JoinRequestSubmittedEmail from "./emails/joinRequestSubmittedEmail";
-import { AGENTIC_SEARCH_TUTORIAL_DISMISSED_COOKIE_NAME, MOBILE_UNSUPPORTED_SPLASH_SCREEN_DISMISSED_COOKIE_NAME, SINGLE_TENANT_ORG_ID } from "./lib/constants";
-import { RepositoryQuery } from "./lib/types";
-import { getAuthenticatedUser, withAuth, withOptionalAuth } from "./middleware/withAuth";
 import { getBrowsePath } from "./app/(app)/browse/hooks/utils";
-import { sew } from "@/middleware/sew";
+import { AGENTIC_SEARCH_TUTORIAL_DISMISSED_COOKIE_NAME, MOBILE_UNSUPPORTED_SPLASH_SCREEN_DISMISSED_COOKIE_NAME } from "./lib/constants";
+import { RepositoryQuery } from "./lib/types";
+import { withAuth, withOptionalAuth } from "./middleware/withAuth";
 
 const logger = createLogger('web-actions');
 
@@ -375,110 +369,6 @@ export const getRepoInfoByName = async (repoName: string) => sew(() =>
         }
     }));
 
-// eslint-disable-next-line authz/require-auth-wrapper -- calls getAuthenticatedUser() directly; runs pre-org-membership so cannot use withAuth
-export const createAccountRequest = async () => sew(async () => {
-    const authResult = await getAuthenticatedUser();
-    if (!authResult) {
-        return notAuthenticated();
-    }
-
-    const { user } = authResult;
-
-    const org = await __unsafePrisma.org.findUnique({
-        where: {
-            id: SINGLE_TENANT_ORG_ID,
-        },
-    });
-
-    if (!org) {
-        return notFound("Organization not found");
-    }
-
-    const existingRequest = await __unsafePrisma.accountRequest.findUnique({
-        where: {
-            requestedById_orgId: {
-                requestedById: user.id,
-                orgId: org.id,
-            },
-        },
-    });
-
-    if (existingRequest) {
-        logger.warn(`User ${user.id} already has an account request for org ${org.id}. Skipping account request creation.`);
-        return {
-            success: true,
-            existingRequest: true,
-        }
-    }
-
-    if (!existingRequest) {
-        await __unsafePrisma.accountRequest.create({
-            data: {
-                requestedById: user.id,
-                orgId: org.id,
-            },
-        });
-
-        const smtpConnectionUrl = getSMTPConnectionURL();
-        if (smtpConnectionUrl && env.EMAIL_FROM_ADDRESS) {
-            // TODO: This is needed because we can't fetch the origin from the request headers when this is called
-            // on user creation (the header isn't set when next-auth calls onCreateUser for some reason)
-            const deploymentUrl = env.AUTH_URL;
-
-            const owners = await __unsafePrisma.user.findMany({
-                where: {
-                    orgs: {
-                        some: {
-                            orgId: org.id,
-                            role: "OWNER",
-                        },
-                    },
-                },
-            });
-
-            if (owners.length === 0) {
-                logger.error(`Failed to find any owners for org ${org.id} when drafting email for account request from ${user.id}`);
-            } else {
-                const html = await render(JoinRequestSubmittedEmail({
-                    baseUrl: deploymentUrl,
-                    requestor: {
-                        name: user.name ?? undefined,
-                        email: user.email,
-                        avatarUrl: user.image ?? undefined,
-                    },
-                    orgName: org.name,
-                    orgImageUrl: org.imageUrl ?? undefined,
-                }));
-
-                const ownerEmails = owners
-                    .map((owner) => owner.email)
-                    .filter((email): email is string => email !== null);
-
-                const transport = createTransport(smtpConnectionUrl);
-                const result = await transport.sendMail({
-                    to: ownerEmails,
-                    from: env.EMAIL_FROM_ADDRESS,
-                    subject: `New account request for ${org.name} on Sourcebot`,
-                    html,
-                    text: `New account request for ${org.name} on Sourcebot by ${user.name ?? user.email}`,
-                });
-
-                const failed = result.rejected.concat(result.pending).filter(Boolean);
-                if (failed.length > 0) {
-                    logger.error(`Failed to send account request email to ${ownerEmails.join(', ')}: ${failed}`);
-                }
-            }
-        } else {
-            logger.warn(`SMTP_CONNECTION_URL or EMAIL_FROM_ADDRESS not set. Skipping account request email to owner`);
-        }
-    }
-
-    return {
-        success: true,
-        existingRequest: false,
-    }
-});
-
 export const getSearchContexts = async () => sew(() =>
     withOptionalAuth(async ({ org, prisma }) => {
         const searchContexts = await prisma.searchContext.findMany({

packages/web/src/app/(app)/@sidebar/components/defaultSidebar/index.tsx

@@ -3,7 +3,7 @@ import { auth } from "@/auth";
 import { HOME_VIEW_COOKIE_NAME } from "@/lib/constants";
 import { HomeView } from "@/hooks/useHomeView";
 import { getConnectionStats } from "@/actions";
-import { getOrgAccountRequests } from "@/features/userManagement/actions";
+import { getOrgAccountRequests } from "@/features/membership/actions";
 import { isServiceError } from "@/lib/utils";
 import { ServiceErrorException } from "@/lib/serviceError";
 import { OrgRole } from "@prisma/client";

packages/web/src/app/(app)/components/submitAccountRequestButton.tsx

@@ -10,12 +10,14 @@ import { MOBILE_UNSUPPORTED_SPLASH_SCREEN_DISMISSED_COOKIE_NAME, OPTIONAL_PROVID
 import { SyntaxReferenceGuide } from "./components/syntaxReferenceGuide";
 import { SyntaxGuideProvider } from "./components/syntaxGuideProvider";
 import { notFound, redirect } from "next/navigation";
-import { PendingApprovalCard } from "./components/pendingApproval";
-import { SubmitJoinRequest } from "./components/submitJoinRequest";
+import { PendingApprovalCard } from "../../features/membership/components/pendingApprovalCard";
+import { SubmitJoinRequestCard } from "../../features/membership/components/submitJoinRequestCard";
+import { NotProvisionedCard } from "@/features/membership/components/notProvisionedCard";
+import { isScimEnabled } from "@/features/scim/utils";
 import { env, getOfflineLicenseMetadata, SOURCEBOT_VERSION, isMemberApprovalRequired } from "@sourcebot/shared";
 import { hasEntitlement, isAnonymousAccessEnabled } from "@/lib/entitlements";
 import { GcpIapAuth } from "./components/gcpIapAuth";
-import { JoinOrganizationCard } from "@/app/components/joinOrganizationCard";
+import { JoinOrganizationCard } from "@/features/membership/components/joinOrganizationCard";
 import { LogoutEscapeHatch } from "@/app/components/logoutEscapeHatch";
 import { GitHubStarToast } from "./components/githubStarToast";
 import { getLinkedAccounts } from "@/ee/features/sso/actions";
@@ -76,26 +78,25 @@ export default async function Layout(props: LayoutProps) {
         // the join organization card to allow them to join the org if seat capacity is freed up. This card handles checking if the org has available seats.
         // 2. The org requires member approval, and they haven't been approved yet. In this case, we allow them to submit a request to join the org.
         if (!membership) {
+            if (await isScimEnabled(org)) {
+                return <NotProvisionedCard />;
+            }
+
             if (!isMemberApprovalRequired(org)) {
-                return (
-                    <div className="min-h-screen flex items-center justify-center p-6">
-                        <LogoutEscapeHatch className="absolute top-0 right-0 p-6" />
-                        <JoinOrganizationCard />
-                    </div>
-                )
-            } else {
-                const hasPendingApproval = await __unsafePrisma.accountRequest.findFirst({
-                    where: {
-                        orgId: org.id,
-                        requestedById: session.user.id
-                    }
-                });
-
-                if (hasPendingApproval) {
-                    return <PendingApprovalCard />
-                } else {
-                    return <SubmitJoinRequest />
+                return <JoinOrganizationCard />;
+            }
+
+            const hasPendingApproval = await __unsafePrisma.accountRequest.findFirst({
+                where: {
+                    orgId: org.id,
+                    requestedById: session.user.id
                 }
+            });
+
+            if (hasPendingApproval) {
+                return <PendingApprovalCard />
+            } else {
+                return <SubmitJoinRequestCard />
             }
         }
 

packages/web/src/app/(app)/components/submitJoinRequest.tsx

@@ -30,15 +30,19 @@ interface BasicSettingsCardProps {
     description?: string;
     children: ReactNode;
     footer?: ReactNode;
+    badge?: ReactNode;
     className?: string;
 }
 
-export function BasicSettingsCard({ name, description, children, footer, className }: BasicSettingsCardProps) {
+export function BasicSettingsCard({ name, description, children, footer, badge, className }: BasicSettingsCardProps) {
     return (
         <SettingsCard className={className}>
             <div className="flex items-center justify-between gap-4">
                 <div className="flex-1 min-w-0">
-                    <p className="font-medium text-sm">{name}</p>
+                    <div className="flex items-center gap-2">
+                        <p className="font-medium text-sm">{name}</p>
+                        {badge}
+                    </div>
                     {description && (
                         <p className="text-sm text-muted-foreground mt-1">{description}</p>
                     )}

packages/web/src/app/(app)/layout.tsx

@@ -4,7 +4,7 @@ import { redirect } from "next/navigation";
 import { auth } from "@/auth";
 import { isServiceError } from "@/lib/utils";
 import { getConnectionStats } from "@/actions";
-import { getOrgAccountRequests } from "@/features/userManagement/actions";
+import { getOrgAccountRequests } from "@/features/membership/actions";
 import { ServiceErrorException } from "@/lib/serviceError";
 import { OrgRole } from "@prisma/client";
 import { env } from "@sourcebot/shared";