From a65e61bd966bb53f5918758d71c3697d844b4104 Mon Sep 17 00:00:00 2001 From: Quentin BEY Date: Fri, 7 Mar 2025 17:55:42 +0100 Subject: [PATCH] =?UTF-8?q?=F0=9F=94=92=EF=B8=8F(organization)=20the=20fir?= =?UTF-8?q?st=20user=20is=20not=20admin?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The first user of a organization is probably not an admin. This was implemented for first tests but for now it's more a security issue than something helpful. FIXES #775 --- CHANGELOG.md | 1 + src/backend/core/authentication/backends.py | 11 ----------- .../core/tests/authentication/test_backends.py | 2 ++ 3 files changed, 3 insertions(+), 11 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9565d5e..c1a387b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ and this project adheres to ## [Unreleased] +- 🔒️(organization) the first user is not admin #776 - 🐛(admin) fix broken alias import #1021 ## [1.22.0] - 2026-01-19 diff --git a/src/backend/core/authentication/backends.py b/src/backend/core/authentication/backends.py index 8ea0a76..ba3ff90 100644 --- a/src/backend/core/authentication/backends.py +++ b/src/backend/core/authentication/backends.py @@ -17,8 +17,6 @@ from core.models import ( AccountService, Contact, Organization, - OrganizationAccess, - OrganizationRoleChoices, ) logger = logging.getLogger(__name__) @@ -131,15 +129,6 @@ class OIDCAuthenticationBackend(LaSuiteOIDCAuthenticationBackend): user = super().create_user(claims | {"organization": organization}) - if organization_created: - # Warning: we may remove this behavior in the near future when we - # add a feature to claim the organization ownership. - OrganizationAccess.objects.create( - organization=organization, - user=user, - role=OrganizationRoleChoices.ADMIN, - ) - # Initiate the user's profile Contact.objects.create( owner=user, diff --git a/src/backend/core/tests/authentication/test_backends.py b/src/backend/core/tests/authentication/test_backends.py index 524d5b4..85e93d1 100644 --- a/src/backend/core/tests/authentication/test_backends.py +++ b/src/backend/core/tests/authentication/test_backends.py @@ -391,6 +391,8 @@ def test_authentication_getter_new_user_with_registration_id_new_organization( assert user.organization.domain_list == expected_domain_list assert user.organization.registration_id_list == expected_registration_id_list + assert models.OrganizationAccess.objects.filter(user=user).exists() is False + def test_authentication_getter_existing_user_via_email_update_organization( django_assert_num_queries, monkeypatch