| import { AcceptInvitationRequestDto, InviteUsersRequestDto } from '@n8n/api-types'; |
| import { Logger } from '@n8n/backend-common'; |
| import type { User } from '@n8n/db'; |
| import { UserRepository } from '@n8n/db'; |
| import { Post, GlobalScope, RestController, Body, Param } from '@n8n/decorators'; |
| import { Response } from 'express'; |
|
|
| import { AuthService } from '@/auth/auth.service'; |
| import config from '@/config'; |
| import { RESPONSE_ERROR_MESSAGES } from '@/constants'; |
| import { BadRequestError } from '@/errors/response-errors/bad-request.error'; |
| import { ForbiddenError } from '@/errors/response-errors/forbidden.error'; |
| import { EventService } from '@/events/event.service'; |
| import { ExternalHooks } from '@/external-hooks'; |
| import { License } from '@/license'; |
| import { PostHogClient } from '@/posthog'; |
| import { AuthenticatedRequest, AuthlessRequest } from '@/requests'; |
| import { PasswordUtility } from '@/services/password.utility'; |
| import { UserService } from '@/services/user.service'; |
| import { isSamlLicensedAndEnabled } from '@/sso.ee/saml/saml-helpers'; |
|
|
| @RestController('/invitations') |
| export class InvitationController { |
| constructor( |
| private readonly logger: Logger, |
| private readonly externalHooks: ExternalHooks, |
| private readonly authService: AuthService, |
| private readonly userService: UserService, |
| private readonly license: License, |
| private readonly passwordUtility: PasswordUtility, |
| private readonly userRepository: UserRepository, |
| private readonly postHog: PostHogClient, |
| private readonly eventService: EventService, |
| ) {} |
|
|
| |
| |
| |
|
|
| @Post('/', { rateLimit: { limit: 10 } }) |
| @GlobalScope('user:create') |
| async inviteUser( |
| req: AuthenticatedRequest, |
| _res: Response, |
| @Body invitations: InviteUsersRequestDto, |
| ) { |
| if (invitations.length === 0) return []; |
|
|
| const isWithinUsersLimit = this.license.isWithinUsersLimit(); |
|
|
| if (isSamlLicensedAndEnabled()) { |
| this.logger.debug( |
| 'SAML is enabled, so users are managed by the Identity Provider and cannot be added through invites', |
| ); |
| throw new BadRequestError( |
| 'SAML is enabled, so users are managed by the Identity Provider and cannot be added through invites', |
| ); |
| } |
|
|
| if (!isWithinUsersLimit) { |
| this.logger.debug( |
| 'Request to send email invite(s) to user(s) failed because the user limit quota has been reached', |
| ); |
| throw new ForbiddenError(RESPONSE_ERROR_MESSAGES.USERS_QUOTA_REACHED); |
| } |
|
|
| if (!config.getEnv('userManagement.isInstanceOwnerSetUp')) { |
| this.logger.debug( |
| 'Request to send email invite(s) to user(s) failed because the owner account is not set up', |
| ); |
| throw new BadRequestError('You must set up your own account before inviting others'); |
| } |
|
|
| const attributes = invitations.map(({ email, role }) => { |
| if (role === 'global:admin' && !this.license.isAdvancedPermissionsLicensed()) { |
| throw new ForbiddenError( |
| 'Cannot invite admin user without advanced permissions. Please upgrade to a license that includes this feature.', |
| ); |
| } |
| return { email, role }; |
| }); |
|
|
| const { usersInvited, usersCreated } = await this.userService.inviteUsers(req.user, attributes); |
|
|
| await this.externalHooks.run('user.invited', [usersCreated]); |
|
|
| return usersInvited; |
| } |
|
|
| |
| |
| |
| @Post('/:id/accept', { skipAuth: true }) |
| async acceptInvitation( |
| req: AuthlessRequest, |
| res: Response, |
| @Body payload: AcceptInvitationRequestDto, |
| @Param('id') inviteeId: string, |
| ) { |
| const { inviterId, firstName, lastName, password } = payload; |
|
|
| const users = await this.userRepository.findManyByIds([inviterId, inviteeId]); |
|
|
| if (users.length !== 2) { |
| this.logger.debug( |
| 'Request to fill out a user shell failed because the inviter ID and/or invitee ID were not found in database', |
| { |
| inviterId, |
| inviteeId, |
| }, |
| ); |
| throw new BadRequestError('Invalid payload or URL'); |
| } |
|
|
| const invitee = users.find((user) => user.id === inviteeId) as User; |
|
|
| if (invitee.password) { |
| this.logger.debug( |
| 'Request to fill out a user shell failed because the invite had already been accepted', |
| { inviteeId }, |
| ); |
| throw new BadRequestError('This invite has been accepted already'); |
| } |
|
|
| invitee.firstName = firstName; |
| invitee.lastName = lastName; |
| invitee.password = await this.passwordUtility.hash(password); |
|
|
| const updatedUser = await this.userRepository.save(invitee, { transaction: false }); |
|
|
| this.authService.issueCookie(res, updatedUser, req.browserId); |
|
|
| this.eventService.emit('user-signed-up', { |
| user: updatedUser, |
| userType: 'email', |
| wasDisabledLdapUser: false, |
| }); |
|
|
| const publicInvitee = await this.userService.toPublic(invitee); |
|
|
| await this.externalHooks.run('user.profile.update', [invitee.email, publicInvitee]); |
| await this.externalHooks.run('user.password.update', [invitee.email, invitee.password]); |
|
|
| return await this.userService.toPublic(updatedUser, { |
| posthog: this.postHog, |
| withScopes: true, |
| }); |
| } |
| } |
|
|
