chore(core): Hide invite URL in users list if not an admin (#17101)

2025-12-20 03:12:15 +00:00 · 2025-07-09 15:58:20 +02:00
parent 336d6707e3
commit 3b46dec616
8 changed files with 73 additions and 41 deletions
--- a/packages/cli/test/integration/shared/db/users.ts
+++ b/packages/cli/test/integration/shared/db/users.ts
@@ -18,12 +18,25 @@ type ApiKeyOptions = {
 // pre-computed bcrypt hash for the string 'password', using `await hash('password', 10)`
 const passwordHash = '$2a$10$njedH7S6V5898mj6p0Jr..IGY9Ms.qNwR7RbSzzX9yubJocKfvGGK';

+// A null password value means that no password will be set in the database
+// rendering the user as pending, an undefined value means we default
+// to 'password' as password.
+// Also we are hashing the plaintext password here if necessary
+async function handlePasswordSetup(password: string | null | undefined): Promise<string | null> {
+	if (password === undefined) {
+		return passwordHash;
+	} else if (password === null) {
+		return null;
+	}
+	return await hash(password, 1);
+}
+
 /** Store a new user object, defaulting to a `member` */
 export async function newUser(attributes: Partial<User> = {}): Promise<User> {
 	const { email, password, firstName, lastName, role, ...rest } = attributes;
 	return Container.get(UserRepository).create({
 		email: email ?? randomEmail(),
-		password: password ? await hash(password, 1) : passwordHash,
+		password: await handlePasswordSetup(password),
 		firstName: firstName ?? randomName(),
 		lastName: lastName ?? randomName(),
 		role: role ?? 'global:member',