Make progress on restyling

.github/workflows/build-staging-and-deploy.yml

@@ -8,15 +8,6 @@ jobs:
     steps:
       - name: ☁️ Checkout source
         uses: actions/checkout@v3
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v1
-        with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_FOR_ECR }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_FOR_ECR }}
-          aws-region: us-east-1
-      - name: Login to Amazon ECR
-        id: login-ecr
-        uses: aws-actions/amazon-ecr-login@v1
       - name: 📦 Install dependencies to test all dependencies
         run: npm ci --only-production
         working-directory: backend
@@ -44,7 +35,16 @@ jobs:
           context: .
           file: Dockerfile.standalone-infisical
           tags: infisical/infisical:test
-      - name: 🏗️ Build backend and push to docker hub
+      # - name: ⏻ Spawn backend container and dependencies
+      #   run: |
+      #     docker compose -f .github/resources/docker-compose.be-test.yml up --wait --quiet-pull
+      # - name: 🧪 Test backend image
+      #   run: |
+      #     ./.github/resources/healthcheck.sh infisical-backend-test
+      # - name: ⏻ Shut down backend container and dependencies
+      #   run: |
+      #     docker compose -f .github/resources/docker-compose.be-test.yml down
+      - name: 🏗️ Build backend and push
         uses: depot/build-push-action@v1
         with:
           project: 64mmf0n610
@@ -59,8 +59,6 @@ jobs:
           build-args: |
             POSTHOG_API_KEY=${{ secrets.PUBLIC_POSTHOG_API_KEY }}
             INFISICAL_PLATFORM_VERSION=${{ steps.extract_version.outputs.version }}
-    
-    
   postgres-migration:
     name: Run latest migration files
     runs-on: ubuntu-latest

Dockerfile.standalone-infisical

@@ -118,6 +118,9 @@ WORKDIR /backend
 
 ENV TELEMETRY_ENABLED true
 
+HEALTHCHECK --interval=10s --timeout=3s --start-period=10s \  
+  CMD node healthcheck.js
+
 EXPOSE 8080
 EXPOSE 443
 

README.md

@@ -10,8 +10,7 @@
   <a href="https://infisical.com/">Infisical Cloud</a> |
   <a href="https://infisical.com/docs/self-hosting/overview">Self-Hosting</a> |
   <a href="https://infisical.com/docs/documentation/getting-started/introduction">Docs</a> |
-  <a href="https://www.infisical.com">Website</a> |
-  <a href="https://infisical.com/careers">Hiring (Remote/SF)</a>
+  <a href="https://www.infisical.com">Website</a>
 </h4>
 
 <p align="center">

backend/e2e-test/vitest-environment-knex.ts

@@ -10,7 +10,7 @@ import { seedData1 } from "@app/db/seed-data";
 import { initEnvConfig } from "@app/lib/config/env";
 import { initLogger } from "@app/lib/logger";
 import { main } from "@app/server/app";
-import { AuthMethod, AuthTokenType } from "@app/services/auth/auth-type";
+import { AuthTokenType } from "@app/services/auth/auth-type";
 
 import { mockQueue } from "./mocks/queue";
 import { mockSmtpServer } from "./mocks/smtp";
@@ -52,8 +52,6 @@ export default {
           authTokenType: AuthTokenType.ACCESS_TOKEN,
           userId: seedData1.id,
           tokenVersionId: seedData1.token.id,
-          authMethod: AuthMethod.EMAIL,
-          organizationId: seedData1.organization.id,
           accessVersion: 1
         },
         cfg.AUTH_SECRET,

backend/src/@types/fastify.d.ts

@@ -19,7 +19,7 @@ import { TApiKeyServiceFactory } from "@app/services/api-key/api-key-service";
 import { TAuthLoginFactory } from "@app/services/auth/auth-login-service";
 import { TAuthPasswordFactory } from "@app/services/auth/auth-password-service";
 import { TAuthSignupFactory } from "@app/services/auth/auth-signup-service";
-import { ActorAuthMethod, ActorType } from "@app/services/auth/auth-type";
+import { ActorType } from "@app/services/auth/auth-type";
 import { TAuthTokenServiceFactory } from "@app/services/auth-token/auth-token-service";
 import { TIdentityServiceFactory } from "@app/services/identity/identity-service";
 import { TIdentityAccessTokenServiceFactory } from "@app/services/identity-access-token/identity-access-token-service";
@@ -59,7 +59,6 @@ declare module "fastify" {
     // identity injection. depending on which kinda of token the information is filled in auth
     auth: TAuthMode;
     permission: {
-      authMethod: ActorAuthMethod;
       type: ActorType;
       id: string;
       orgId?: string;

backend/src/ee/routes/v1/ldap-router.ts

@@ -122,7 +122,6 @@ export const registerLdapRouter = async (server: FastifyZodProvider) => {
         actor: req.permission.type,
         actorId: req.permission.id,
         orgId: req.query.organizationId,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId
       });
       return ldap;
@@ -152,7 +151,6 @@ export const registerLdapRouter = async (server: FastifyZodProvider) => {
         actor: req.permission.type,
         actorId: req.permission.id,
         orgId: req.body.organizationId,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         ...req.body
       });
@@ -186,7 +184,6 @@ export const registerLdapRouter = async (server: FastifyZodProvider) => {
         actor: req.permission.type,
         actorId: req.permission.id,
         orgId: req.body.organizationId,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         ...req.body
       });

backend/src/ee/routes/v1/license-router.ts

@@ -24,7 +24,6 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
         actor: req.permission.type,
         actorOrgId: req.permission.orgId,
         orgId: req.params.organizationId,
-        actorAuthMethod: req.permission.authMethod,
         billingCycle: req.query.billingCycle
       });
       return data;
@@ -46,7 +45,6 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
         actorId: req.permission.id,
         actor: req.permission.type,
         actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
         orgId: req.params.organizationId
       });
       return { plan };
@@ -68,8 +66,6 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
       const data = await server.services.license.getOrgPlan({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
         orgId: req.params.organizationId
       });
       return data;
@@ -93,7 +89,6 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
         actor: req.permission.type,
         actorOrgId: req.permission.orgId,
         orgId: req.params.organizationId,
-        actorAuthMethod: req.permission.authMethod,
         success_url: req.body.success_url
       });
       return data;
@@ -115,7 +110,6 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
         actorId: req.permission.id,
         actor: req.permission.type,
         actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
         orgId: req.params.organizationId
       });
       return data;
@@ -137,7 +131,6 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
         actorId: req.permission.id,
         actor: req.permission.type,
         actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
         orgId: req.params.organizationId
       });
       return data;
@@ -159,7 +152,6 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
         actorId: req.permission.id,
         actor: req.permission.type,
         actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
         orgId: req.params.organizationId
       });
       return data;
@@ -181,7 +173,6 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
         actorId: req.permission.id,
         actor: req.permission.type,
         actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
         orgId: req.params.organizationId
       });
       return data;
@@ -207,7 +198,6 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
         actorId: req.permission.id,
         actor: req.permission.type,
         actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
         orgId: req.params.organizationId,
         name: req.body.name,
         email: req.body.email
@@ -231,7 +221,6 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
         actorId: req.permission.id,
         actor: req.permission.type,
         actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
         orgId: req.params.organizationId
       });
       return data;
@@ -257,7 +246,6 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
         actorId: req.permission.id,
         actor: req.permission.type,
         actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
         orgId: req.params.organizationId,
         success_url: req.body.success_url,
         cancel_url: req.body.cancel_url
@@ -283,7 +271,6 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
       const data = await server.services.license.delOrgPmtMethods({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         orgId: req.params.organizationId,
         pmtMethodId: req.params.pmtMethodId
@@ -308,7 +295,6 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
       const data = await server.services.license.getOrgTaxIds({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         orgId: req.params.organizationId
       });
@@ -336,7 +322,6 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
       const data = await server.services.license.addOrgTaxId({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         orgId: req.params.organizationId,
         type: req.body.type,
@@ -363,7 +348,6 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
       const data = await server.services.license.delOrgTaxId({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         orgId: req.params.organizationId,
         taxId: req.params.taxId
@@ -389,8 +373,7 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
         actorId: req.permission.id,
         actor: req.permission.type,
         actorOrgId: req.permission.orgId,
-        orgId: req.params.organizationId,
-        actorAuthMethod: req.permission.authMethod
+        orgId: req.params.organizationId
       });
       return data;
     }
@@ -413,7 +396,6 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
         actorId: req.permission.id,
         actor: req.permission.type,
         actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
         orgId: req.params.organizationId
       });
       return data;

backend/src/ee/routes/v1/org-role-router.ts

@@ -19,7 +19,7 @@ export const registerOrgRoleRouter = async (server: FastifyZodProvider) => {
           .min(1)
           .trim()
           .refine(
-            (val) => !Object.keys(OrgMembershipRole).includes(val),
+            (val) => Object.keys(OrgMembershipRole).includes(val),
             "Please choose a different slug, the slug you have entered is reserved"
           )
           .refine((v) => slugify(v) === v, {
@@ -41,7 +41,6 @@ export const registerOrgRoleRouter = async (server: FastifyZodProvider) => {
         req.permission.id,
         req.params.organizationId,
         req.body,
-        req.permission.authMethod,
         req.permission.orgId
       );
       return { role };
@@ -85,7 +84,6 @@ export const registerOrgRoleRouter = async (server: FastifyZodProvider) => {
         req.params.organizationId,
         req.params.roleId,
         req.body,
-        req.permission.authMethod,
         req.permission.orgId
       );
       return { role };
@@ -112,7 +110,6 @@ export const registerOrgRoleRouter = async (server: FastifyZodProvider) => {
         req.permission.id,
         req.params.organizationId,
         req.params.roleId,
-        req.permission.authMethod,
         req.permission.orgId
       );
       return { role };
@@ -141,7 +138,6 @@ export const registerOrgRoleRouter = async (server: FastifyZodProvider) => {
       const roles = await server.services.orgRole.listRoles(
         req.permission.id,
         req.params.organizationId,
-        req.permission.authMethod,
         req.permission.orgId
       );
       return { data: { roles } };
@@ -167,7 +163,6 @@ export const registerOrgRoleRouter = async (server: FastifyZodProvider) => {
       const { permissions, membership } = await server.services.orgRole.getUserPermission(
         req.permission.id,
         req.params.organizationId,
-        req.permission.authMethod,
         req.permission.orgId
       );
       return { permissions, membership };

backend/src/ee/routes/v1/project-role-router.ts

@@ -31,7 +31,6 @@ export const registerProjectRoleRouter = async (server: FastifyZodProvider) => {
         req.permission.id,
         req.params.projectId,
         req.body,
-        req.permission.authMethod,
         req.permission.orgId
       );
       return { role };
@@ -66,7 +65,6 @@ export const registerProjectRoleRouter = async (server: FastifyZodProvider) => {
         req.params.projectId,
         req.params.roleId,
         req.body,
-        req.permission.authMethod,
         req.permission.orgId
       );
       return { role };
@@ -94,7 +92,6 @@ export const registerProjectRoleRouter = async (server: FastifyZodProvider) => {
         req.permission.id,
         req.params.projectId,
         req.params.roleId,
-        req.permission.authMethod,
         req.permission.orgId
       );
       return { role };
@@ -124,7 +121,6 @@ export const registerProjectRoleRouter = async (server: FastifyZodProvider) => {
         req.permission.type,
         req.permission.id,
         req.params.projectId,
-        req.permission.authMethod,
         req.permission.orgId
       );
       return { data: { roles } };
@@ -152,7 +148,6 @@ export const registerProjectRoleRouter = async (server: FastifyZodProvider) => {
       const { permissions, membership } = await server.services.projectRole.getUserPermission(
         req.permission.id,
         req.params.projectId,
-        req.permission.authMethod,
         req.permission.orgId
       );
       return { data: { permissions, membership } };

backend/src/ee/routes/v1/project-router.ts

@@ -38,7 +38,6 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
     handler: async (req) => {
       const secretSnapshots = await server.services.snapshot.listSnapshots({
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorId: req.permission.id,
         actorOrgId: req.permission.orgId,
         projectId: req.params.workspaceId,
@@ -70,7 +69,6 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
       const count = await server.services.snapshot.projectSecretSnapshotCount({
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         projectId: req.params.workspaceId,
         environment: req.query.environment,
@@ -132,7 +130,6 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
       const auditLogs = await server.services.auditLog.listProjectAuditLogs({
         actorId: req.permission.id,
         actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
         projectId: req.params.workspaceId,
         ...req.query,
         auditLogActor: req.query.actor,

backend/src/ee/routes/v1/saml-router.ts

@@ -231,7 +231,6 @@ export const registerSamlRouter = async (server: FastifyZodProvider) => {
         actor: req.permission.type,
         actorId: req.permission.id,
         actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
         orgId: req.query.organizationId,
         type: "org"
       });
@@ -260,7 +259,6 @@ export const registerSamlRouter = async (server: FastifyZodProvider) => {
       const saml = await server.services.saml.createSamlCfg({
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         orgId: req.body.organizationId,
         ...req.body
@@ -292,7 +290,6 @@ export const registerSamlRouter = async (server: FastifyZodProvider) => {
       const saml = await server.services.saml.updateSamlCfg({
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         orgId: req.body.organizationId,
         ...req.body

backend/src/ee/routes/v1/scim-router.ts

@@ -39,7 +39,6 @@ export const registerScimRouter = async (server: FastifyZodProvider) => {
         actorId: req.permission.id,
         actorOrgId: req.permission.orgId,
         orgId: req.body.organizationId,
-        actorAuthMethod: req.permission.authMethod,
         description: req.body.description,
         ttlDays: req.body.ttlDays
       });
@@ -66,7 +65,6 @@ export const registerScimRouter = async (server: FastifyZodProvider) => {
       const scimTokens = await server.services.scim.listScimTokens({
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         orgId: req.query.organizationId
       });
@@ -94,7 +92,6 @@ export const registerScimRouter = async (server: FastifyZodProvider) => {
         scimTokenId: req.params.scimTokenId,
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId
       });
 

backend/src/ee/routes/v1/secret-approval-policy-router.ts

@@ -34,7 +34,6 @@ export const registerSecretApprovalPolicyRouter = async (server: FastifyZodProvi
       const approval = await server.services.secretApprovalPolicy.createSecretApprovalPolicy({
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         projectId: req.body.workspaceId,
         ...req.body,
@@ -73,7 +72,6 @@ export const registerSecretApprovalPolicyRouter = async (server: FastifyZodProvi
       const approval = await server.services.secretApprovalPolicy.updateSecretApprovalPolicy({
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         ...req.body,
         secretPolicyId: req.params.sapId
@@ -100,7 +98,6 @@ export const registerSecretApprovalPolicyRouter = async (server: FastifyZodProvi
       const approval = await server.services.secretApprovalPolicy.deleteSecretApprovalPolicy({
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         secretPolicyId: req.params.sapId
       });
@@ -126,7 +123,6 @@ export const registerSecretApprovalPolicyRouter = async (server: FastifyZodProvi
       const approvals = await server.services.secretApprovalPolicy.getSecretApprovalPolicyByProjectId({
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         projectId: req.query.workspaceId
       });
@@ -154,7 +150,6 @@ export const registerSecretApprovalPolicyRouter = async (server: FastifyZodProvi
       const policy = await server.services.secretApprovalPolicy.getSecretApprovalPolicyOfFolder({
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         projectId: req.query.workspaceId,
         ...req.query

backend/src/ee/routes/v1/secret-approval-request-router.ts

@@ -52,7 +52,6 @@ export const registerSecretApprovalRequestRouter = async (server: FastifyZodProv
       const approvals = await server.services.secretApprovalRequest.getSecretApprovals({
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         ...req.query,
         projectId: req.query.workspaceId
@@ -82,7 +81,6 @@ export const registerSecretApprovalRequestRouter = async (server: FastifyZodProv
       const approvals = await server.services.secretApprovalRequest.requestCount({
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         projectId: req.query.workspaceId
       });
@@ -108,7 +106,6 @@ export const registerSecretApprovalRequestRouter = async (server: FastifyZodProv
       const { approval } = await server.services.secretApprovalRequest.mergeSecretApprovalRequest({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         approvalId: req.params.id
       });
@@ -137,7 +134,6 @@ export const registerSecretApprovalRequestRouter = async (server: FastifyZodProv
       const review = await server.services.secretApprovalRequest.reviewApproval({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         approvalId: req.params.id,
         status: req.body.status
@@ -167,7 +163,6 @@ export const registerSecretApprovalRequestRouter = async (server: FastifyZodProv
       const approval = await server.services.secretApprovalRequest.updateApprovalStatus({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         approvalId: req.params.id,
         status: req.body.status
@@ -276,7 +271,6 @@ export const registerSecretApprovalRequestRouter = async (server: FastifyZodProv
       const approval = await server.services.secretApprovalRequest.getSecretApprovalDetails({
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         id: req.params.id
       });

backend/src/ee/routes/v1/secret-rotation-provider-router.ts

@@ -30,7 +30,6 @@ export const registerSecretRotationProviderRouter = async (server: FastifyZodPro
       const providers = await server.services.secretRotation.getProviderTemplates({
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         projectId: req.params.workspaceId
       });

backend/src/ee/routes/v1/secret-rotation-router.ts

@@ -39,7 +39,6 @@ export const registerSecretRotationRouter = async (server: FastifyZodProvider) =
     handler: async (req) => {
       const secretRotation = await server.services.secretRotation.createRotation({
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorId: req.permission.id,
         actorOrgId: req.permission.orgId,
         ...req.body,
@@ -75,7 +74,6 @@ export const registerSecretRotationRouter = async (server: FastifyZodProvider) =
       const secretRotation = await server.services.secretRotation.restartById({
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         rotationId: req.body.id
       });
@@ -127,7 +125,6 @@ export const registerSecretRotationRouter = async (server: FastifyZodProvider) =
       const secretRotations = await server.services.secretRotation.getByProjectId({
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         projectId: req.query.workspaceId
       });
@@ -161,7 +158,6 @@ export const registerSecretRotationRouter = async (server: FastifyZodProvider) =
       const secretRotation = await server.services.secretRotation.deleteById({
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         rotationId: req.params.id
       });

backend/src/ee/routes/v1/secret-scanning-router.ts

@@ -22,7 +22,6 @@ export const registerSecretScanningRouter = async (server: FastifyZodProvider) =
       const session = await server.services.secretScanning.createInstallationSession({
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         orgId: req.body.organizationId
       });
@@ -47,7 +46,6 @@ export const registerSecretScanningRouter = async (server: FastifyZodProvider) =
       const { installatedApp } = await server.services.secretScanning.linkInstallationToOrg({
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         ...req.body
       });
@@ -69,7 +67,6 @@ export const registerSecretScanningRouter = async (server: FastifyZodProvider) =
       const appInstallationCompleted = await server.services.secretScanning.getOrgInstallationStatus({
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         orgId: req.params.organizationId
       });
@@ -91,7 +88,6 @@ export const registerSecretScanningRouter = async (server: FastifyZodProvider) =
       const { risks } = await server.services.secretScanning.getRisksByOrg({
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         orgId: req.params.organizationId
       });
@@ -114,7 +110,6 @@ export const registerSecretScanningRouter = async (server: FastifyZodProvider) =
       const { risk } = await server.services.secretScanning.updateRiskStatus({
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         orgId: req.params.organizationId,
         riskId: req.params.riskId,

backend/src/ee/routes/v1/secret-version-router.ts

@@ -27,7 +27,6 @@ export const registerSecretVersionRouter = async (server: FastifyZodProvider) =>
       const secretVersions = await server.services.secret.getSecretVersions({
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         limit: req.query.limit,
         offset: req.query.offset,

backend/src/ee/routes/v1/snapshot-router.ts

@@ -47,7 +47,6 @@ export const registerSnapshotRouter = async (server: FastifyZodProvider) => {
       const secretSnapshot = await server.services.snapshot.getSnapshotData({
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         id: req.params.secretSnapshotId
       });
@@ -80,7 +79,6 @@ export const registerSnapshotRouter = async (server: FastifyZodProvider) => {
       const secretSnapshot = await server.services.snapshot.rollbackSnapshot({
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         id: req.params.secretSnapshotId
       });

backend/src/ee/routes/v1/trusted-ip-router.ts

@@ -22,7 +22,6 @@ export const registerTrustedIpRouter = async (server: FastifyZodProvider) => {
     onRequest: verifyAuth([AuthMode.JWT]),
     handler: async (req) => {
       const trustedIps = await server.services.trustedIp.listIpsByProjectId({
-        actorAuthMethod: req.permission.authMethod,
         projectId: req.params.workspaceId,
         actor: req.permission.type,
         actorId: req.permission.id,
@@ -53,7 +52,6 @@ export const registerTrustedIpRouter = async (server: FastifyZodProvider) => {
     onRequest: verifyAuth([AuthMode.JWT]),
     handler: async (req) => {
       const { trustedIp, project } = await server.services.trustedIp.addProjectIp({
-        actorAuthMethod: req.permission.authMethod,
         projectId: req.params.workspaceId,
         actor: req.permission.type,
         actorId: req.permission.id,
@@ -101,7 +99,6 @@ export const registerTrustedIpRouter = async (server: FastifyZodProvider) => {
         projectId: req.params.workspaceId,
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         trustedIpId: req.params.trustedIpId,
         ...req.body
@@ -143,7 +140,6 @@ export const registerTrustedIpRouter = async (server: FastifyZodProvider) => {
         projectId: req.params.workspaceId,
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         trustedIpId: req.params.trustedIpId
       });

backend/src/ee/services/audit-log/audit-log-service.ts

@@ -31,17 +31,10 @@ export const auditLogServiceFactory = ({
     actor,
     actorId,
     actorOrgId,
-    actorAuthMethod,
     projectId,
     auditLogActor
   }: TListProjectAuditLogDTO) => {
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, projectId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.AuditLogs);
     const auditLogs = await auditLogDAL.find({
       startDate,

backend/src/ee/services/ldap-config/ldap-config-service.ts

@@ -55,7 +55,6 @@ export const ldapConfigServiceFactory = ({
     actorId,
     orgId,
     actorOrgId,
-    actorAuthMethod,
     isActive,
     url,
     bindDN,
@@ -63,7 +62,7 @@ export const ldapConfigServiceFactory = ({
     searchBase,
     caCert
   }: TCreateLdapCfgDTO) => {
-    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorAuthMethod, actorOrgId);
+    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Create, OrgPermissionSubjects.Ldap);
 
     const plan = await licenseService.getPlan(orgId);
@@ -150,14 +149,13 @@ export const ldapConfigServiceFactory = ({
     orgId,
     actorOrgId,
     isActive,
-    actorAuthMethod,
     url,
     bindDN,
     bindPass,
     searchBase,
     caCert
   }: TUpdateLdapCfgDTO) => {
-    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorAuthMethod, actorOrgId);
+    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Edit, OrgPermissionSubjects.Ldap);
 
     const plan = await licenseService.getPlan(orgId);
@@ -276,14 +274,8 @@ export const ldapConfigServiceFactory = ({
     };
   };
 
-  const getLdapCfgWithPermissionCheck = async ({
-    actor,
-    actorId,
-    orgId,
-    actorAuthMethod,
-    actorOrgId
-  }: TOrgPermission) => {
-    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorAuthMethod, actorOrgId);
+  const getLdapCfgWithPermissionCheck = async ({ actor, actorId, orgId, actorOrgId }: TOrgPermission) => {
+    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Read, OrgPermissionSubjects.Ldap);
     return getLdapCfg({
       orgId

backend/src/ee/services/license/__mocks__/licence-fns.ts

@@ -17,7 +17,7 @@ export const getDefaultOnPremFeatures = () => {
     customAlerts: false,
     auditLogs: false,
     auditLogsRetentionDays: 0,
-    samlSSO: false,
+    samlSSO: true,
     scim: false,
     ldap: false,
     status: null,

backend/src/ee/services/license/licence-fns.ts

@@ -23,7 +23,7 @@ export const getDefaultOnPremFeatures = (): TFeatureSet => ({
   customAlerts: false,
   auditLogs: false,
   auditLogsRetentionDays: 0,
-  samlSSO: false,
+  samlSSO: true,
   scim: false,
   ldap: false,
   status: null,

backend/src/ee/services/license/license-service.ts

@@ -224,10 +224,9 @@ export const licenseServiceFactory = ({
     actor,
     actorId,
     actorOrgId,
-    actorAuthMethod,
     billingCycle
   }: TOrgPlansTableDTO) => {
-    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorAuthMethod, actorOrgId);
+    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Read, OrgPermissionSubjects.Billing);
     const { data } = await licenseServerCloudApi.request.get(
       `/api/license-server/v1/cloud-products?billing-cycle=${billingCycle}`
@@ -235,22 +234,15 @@ export const licenseServiceFactory = ({
     return data;
   };
 
-  const getOrgPlan = async ({ orgId, actor, actorId, actorOrgId, actorAuthMethod, projectId }: TOrgPlanDTO) => {
-    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorAuthMethod, actorOrgId);
+  const getOrgPlan = async ({ orgId, actor, actorId, actorOrgId, projectId }: TOrgPlanDTO) => {
+    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Read, OrgPermissionSubjects.Billing);
     const plan = await getPlan(orgId, projectId);
     return plan;
   };
 
-  const startOrgTrial = async ({
-    orgId,
-    actorId,
-    actor,
-    actorOrgId,
-    actorAuthMethod,
-    success_url
-  }: TStartOrgTrialDTO) => {
-    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorAuthMethod, actorOrgId);
+  const startOrgTrial = async ({ orgId, actorId, actor, actorOrgId, success_url }: TStartOrgTrialDTO) => {
+    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Create, OrgPermissionSubjects.Billing);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Edit, OrgPermissionSubjects.Billing);
 
@@ -271,14 +263,8 @@ export const licenseServiceFactory = ({
     return { url };
   };
 
-  const createOrganizationPortalSession = async ({
-    orgId,
-    actorId,
-    actor,
-    actorAuthMethod,
-    actorOrgId
-  }: TCreateOrgPortalSession) => {
-    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorAuthMethod, actorOrgId);
+  const createOrganizationPortalSession = async ({ orgId, actorId, actor, actorOrgId }: TCreateOrgPortalSession) => {
+    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Create, OrgPermissionSubjects.Billing);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Edit, OrgPermissionSubjects.Billing);
 
@@ -324,8 +310,8 @@ export const licenseServiceFactory = ({
     return { url };
   };
 
-  const getOrgBillingInfo = async ({ orgId, actor, actorId, actorAuthMethod, actorOrgId }: TGetOrgBillInfoDTO) => {
-    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorAuthMethod, actorOrgId);
+  const getOrgBillingInfo = async ({ orgId, actor, actorId, actorOrgId }: TGetOrgBillInfoDTO) => {
+    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Read, OrgPermissionSubjects.Billing);
 
     const organization = await orgDAL.findOrgById(orgId);
@@ -341,8 +327,8 @@ export const licenseServiceFactory = ({
   };
 
   // returns org current plan feature table
-  const getOrgPlanTable = async ({ orgId, actor, actorId, actorAuthMethod, actorOrgId }: TGetOrgBillInfoDTO) => {
-    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorAuthMethod, actorOrgId);
+  const getOrgPlanTable = async ({ orgId, actor, actorId, actorOrgId }: TGetOrgBillInfoDTO) => {
+    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Read, OrgPermissionSubjects.Billing);
 
     const organization = await orgDAL.findOrgById(orgId);
@@ -357,8 +343,8 @@ export const licenseServiceFactory = ({
     return data;
   };
 
-  const getOrgBillingDetails = async ({ orgId, actor, actorId, actorAuthMethod, actorOrgId }: TGetOrgBillInfoDTO) => {
-    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorAuthMethod, actorOrgId);
+  const getOrgBillingDetails = async ({ orgId, actor, actorId, actorOrgId }: TGetOrgBillInfoDTO) => {
+    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Read, OrgPermissionSubjects.Billing);
 
     const organization = await orgDAL.findOrgById(orgId);
@@ -378,12 +364,11 @@ export const licenseServiceFactory = ({
     actorId,
     actor,
     actorOrgId,
-    actorAuthMethod,
     orgId,
     name,
     email
   }: TUpdateOrgBillingDetailsDTO) => {
-    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorAuthMethod, actorOrgId);
+    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Read, OrgPermissionSubjects.Billing);
 
     const organization = await orgDAL.findOrgById(orgId);
@@ -402,8 +387,8 @@ export const licenseServiceFactory = ({
     return data;
   };
 
-  const getOrgPmtMethods = async ({ orgId, actor, actorId, actorAuthMethod, actorOrgId }: TOrgPmtMethodsDTO) => {
-    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorAuthMethod, actorOrgId);
+  const getOrgPmtMethods = async ({ orgId, actor, actorId, actorOrgId }: TOrgPmtMethodsDTO) => {
+    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Read, OrgPermissionSubjects.Billing);
 
     const organization = await orgDAL.findOrgById(orgId);
@@ -425,12 +410,11 @@ export const licenseServiceFactory = ({
     orgId,
     actor,
     actorId,
-    actorAuthMethod,
     actorOrgId,
     success_url,
     cancel_url
   }: TAddOrgPmtMethodDTO) => {
-    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorAuthMethod, actorOrgId);
+    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Read, OrgPermissionSubjects.Billing);
 
     const organization = await orgDAL.findOrgById(orgId);
@@ -451,15 +435,8 @@ export const licenseServiceFactory = ({
     return { url };
   };
 
-  const delOrgPmtMethods = async ({
-    actorId,
-    actor,
-    actorAuthMethod,
-    actorOrgId,
-    orgId,
-    pmtMethodId
-  }: TDelOrgPmtMethodDTO) => {
-    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorAuthMethod, actorOrgId);
+  const delOrgPmtMethods = async ({ actorId, actor, actorOrgId, orgId, pmtMethodId }: TDelOrgPmtMethodDTO) => {
+    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Read, OrgPermissionSubjects.Billing);
 
     const organization = await orgDAL.findOrgById(orgId);
@@ -475,8 +452,8 @@ export const licenseServiceFactory = ({
     return data;
   };
 
-  const getOrgTaxIds = async ({ orgId, actor, actorId, actorAuthMethod, actorOrgId }: TGetOrgTaxIdDTO) => {
-    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorAuthMethod, actorOrgId);
+  const getOrgTaxIds = async ({ orgId, actor, actorId, actorOrgId }: TGetOrgTaxIdDTO) => {
+    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Read, OrgPermissionSubjects.Billing);
 
     const organization = await orgDAL.findOrgById(orgId);
@@ -493,8 +470,8 @@ export const licenseServiceFactory = ({
     return taxIds;
   };
 
-  const addOrgTaxId = async ({ actorId, actor, actorAuthMethod, actorOrgId, orgId, type, value }: TAddOrgTaxIdDTO) => {
-    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorAuthMethod, actorOrgId);
+  const addOrgTaxId = async ({ actorId, actor, actorOrgId, orgId, type, value }: TAddOrgTaxIdDTO) => {
+    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Read, OrgPermissionSubjects.Billing);
 
     const organization = await orgDAL.findOrgById(orgId);
@@ -514,8 +491,8 @@ export const licenseServiceFactory = ({
     return data;
   };
 
-  const delOrgTaxId = async ({ orgId, actor, actorId, actorAuthMethod, actorOrgId, taxId }: TDelOrgTaxIdDTO) => {
-    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorAuthMethod, actorOrgId);
+  const delOrgTaxId = async ({ orgId, actor, actorId, actorOrgId, taxId }: TDelOrgTaxIdDTO) => {
+    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Read, OrgPermissionSubjects.Billing);
 
     const organization = await orgDAL.findOrgById(orgId);
@@ -531,8 +508,8 @@ export const licenseServiceFactory = ({
     return data;
   };
 
-  const getOrgTaxInvoices = async ({ actorId, actor, actorOrgId, actorAuthMethod, orgId }: TOrgInvoiceDTO) => {
-    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorAuthMethod, actorOrgId);
+  const getOrgTaxInvoices = async ({ actorId, actor, actorOrgId, orgId }: TOrgInvoiceDTO) => {
+    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Read, OrgPermissionSubjects.Billing);
 
     const organization = await orgDAL.findOrgById(orgId);
@@ -548,8 +525,8 @@ export const licenseServiceFactory = ({
     return invoices;
   };
 
-  const getOrgLicenses = async ({ orgId, actor, actorId, actorAuthMethod, actorOrgId }: TOrgLicensesDTO) => {
-    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorAuthMethod, actorOrgId);
+  const getOrgLicenses = async ({ orgId, actor, actorId, actorOrgId }: TOrgLicensesDTO) => {
+    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Read, OrgPermissionSubjects.Billing);
 
     const organization = await orgDAL.findOrgById(orgId);

backend/src/ee/services/license/license-types.ts

@@ -39,7 +39,7 @@ export type TFeatureSet = {
   customAlerts: false;
   auditLogs: false;
   auditLogsRetentionDays: 0;
-  samlSSO: false;
+  samlSSO: true;
   scim: false;
   ldap: false;
   status: null;

backend/src/ee/services/permission/permission-dal.ts

@@ -129,18 +129,11 @@ export const permissionDALFactory = (db: TDbClient) => {
           `${TableName.IdentityProjectMembershipRole}.customRoleId`,
           `${TableName.ProjectRoles}.id`
         )
-        .join(
-          // Join the Project table to later select orgId
-          TableName.Project,
-          `${TableName.IdentityProjectMembership}.projectId`,
-          `${TableName.Project}.id`
-        )
         .where("identityId", identityId)
         .where(`${TableName.IdentityProjectMembership}.projectId`, projectId)
         .select(selectAllTableCols(TableName.IdentityProjectMembershipRole))
         .select(
           db.ref("id").withSchema(TableName.IdentityProjectMembership).as("membershipId"),
-          db.ref("orgId").withSchema(TableName.Project).as("orgId"), // Now you can select orgId from Project
           db.ref("role").withSchema(TableName.IdentityProjectMembership).as("oldRoleField"),
           db.ref("createdAt").withSchema(TableName.IdentityProjectMembership).as("membershipCreatedAt"),
           db.ref("updatedAt").withSchema(TableName.IdentityProjectMembership).as("membershipUpdatedAt"),
@@ -151,16 +144,16 @@ export const permissionDALFactory = (db: TDbClient) => {
       const permission = sqlNestRelationships({
         data: docs,
         key: "membershipId",
-        parentMapper: ({ membershipId, membershipCreatedAt, membershipUpdatedAt, oldRoleField, orgId }) => ({
+        parentMapper: ({ membershipId, membershipCreatedAt, membershipUpdatedAt, oldRoleField }) => ({
           id: membershipId,
           identityId,
           projectId,
           role: oldRoleField,
           createdAt: membershipCreatedAt,
           updatedAt: membershipUpdatedAt,
-          orgId,
           // just a prefilled value
-          orgAuthEnforced: false
+          orgAuthEnforced: false,
+          orgId: ""
         }),
         childrenMapper: [
           {

backend/src/ee/services/permission/permission-fns.ts

@@ -1,23 +0,0 @@
-import { TOrganizations } from "@app/db/schemas";
-import { UnauthorizedError } from "@app/lib/errors";
-import { ActorAuthMethod, AuthMethod } from "@app/services/auth/auth-type";
-
-function isAuthMethodSaml(actorAuthMethod: ActorAuthMethod) {
-  if (!actorAuthMethod) return false;
-
-  return [AuthMethod.AZURE_SAML, AuthMethod.OKTA_SAML, AuthMethod.JUMPCLOUD_SAML, AuthMethod.GOOGLE_SAML].includes(
-    actorAuthMethod
-  );
-}
-
-function validateOrgSAML(actorAuthMethod: ActorAuthMethod, isSamlEnforced: TOrganizations["authEnforced"]) {
-  if (actorAuthMethod === undefined) {
-    throw new UnauthorizedError({ name: "No auth method defined" });
-  }
-
-  if (isSamlEnforced && actorAuthMethod !== null && !isAuthMethodSaml(actorAuthMethod)) {
-    throw new UnauthorizedError({ name: "Cannot access org-scoped resource" });
-  }
-}
-
-export { isAuthMethodSaml, validateOrgSAML };

backend/src/ee/services/permission/permission-service.ts

@@ -11,15 +11,13 @@ import {
 } from "@app/db/schemas";
 import { conditionsMatcher } from "@app/lib/casl";
 import { BadRequestError, UnauthorizedError } from "@app/lib/errors";
-import { ActorAuthMethod, ActorType } from "@app/services/auth/auth-type";
+import { ActorType } from "@app/services/auth/auth-type";
 import { TOrgRoleDALFactory } from "@app/services/org/org-role-dal";
-import { TProjectDALFactory } from "@app/services/project/project-dal";
 import { TProjectRoleDALFactory } from "@app/services/project-role/project-role-dal";
 import { TServiceTokenDALFactory } from "@app/services/service-token/service-token-dal";
 
 import { orgAdminPermissions, orgMemberPermissions, orgNoAccessPermissions, OrgPermissionSet } from "./org-permission";
 import { TPermissionDALFactory } from "./permission-dal";
-import { validateOrgSAML } from "./permission-fns";
 import { TBuildProjectPermissionDTO } from "./permission-types";
 import {
   buildServiceTokenProjectPermission,
@@ -34,7 +32,6 @@ type TPermissionServiceFactoryDep = {
   orgRoleDAL: Pick<TOrgRoleDALFactory, "findOne">;
   projectRoleDAL: Pick<TProjectRoleDALFactory, "findOne">;
   serviceTokenDAL: Pick<TServiceTokenDALFactory, "findById">;
-  projectDAL: Pick<TProjectDALFactory, "findById">;
   permissionDAL: TPermissionDALFactory;
 };
 
@@ -44,8 +41,7 @@ export const permissionServiceFactory = ({
   permissionDAL,
   orgRoleDAL,
   projectRoleDAL,
-  serviceTokenDAL,
-  projectDAL
+  serviceTokenDAL
 }: TPermissionServiceFactoryDep) => {
   const buildOrgPermission = (role: string, permission?: unknown) => {
     switch (role) {
@@ -102,30 +98,16 @@ export const permissionServiceFactory = ({
 
   /*
    * Get user permission in an organization
-   */
-  const getUserOrgPermission = async (
-    userId: string,
-    orgId: string,
-    authMethod: ActorAuthMethod,
-    userOrgId?: string
-  ) => {
+   * */
+  const getUserOrgPermission = async (userId: string, orgId: string, userOrgId?: string) => {
     const membership = await permissionDAL.getOrgPermission(userId, orgId);
     if (!membership) throw new UnauthorizedError({ name: "User not in org" });
     if (membership.role === OrgMembershipRole.Custom && !membership.permissions) {
       throw new BadRequestError({ name: "Custom permission not found" });
     }
-
-    // If the org ID is API_KEY, the request is being made with an API Key.
-    // Since we can't scope API keys to an organization, we'll need to do an arbitrary check to see if the user is a member of the organization.
-
-    // Extra: This means that when users are using API keys to make requests, they can't use slug-based routes.
-    // Slug-based routes depend on the organization ID being present on the request, since project slugs aren't globally unique, and we need a way to filter by organization.
-    if (userOrgId !== "API_KEY" && membership.orgId !== userOrgId) {
-      throw new UnauthorizedError({ name: "You are not logged into this organization" });
+    if (membership.orgAuthEnforced && membership.orgId !== userOrgId) {
+      throw new BadRequestError({ name: "Cannot access org-scoped resource" });
     }
-
-    validateOrgSAML(authMethod, membership.orgAuthEnforced);
-
     return { permission: buildOrgPermission(membership.role, membership.permissions), membership };
   };
 
@@ -138,16 +120,10 @@ export const permissionServiceFactory = ({
     return { permission: buildOrgPermission(membership.role, membership.permissions), membership };
   };
 
-  const getOrgPermission = async (
-    type: ActorType,
-    id: string,
-    orgId: string,
-    authMethod: ActorAuthMethod,
-    actorOrgId: string | undefined
-  ) => {
+  const getOrgPermission = async (type: ActorType, id: string, orgId: string, actorOrgId?: string) => {
     switch (type) {
       case ActorType.USER:
-        return getUserOrgPermission(id, orgId, authMethod, actorOrgId);
+        return getUserOrgPermission(id, orgId, actorOrgId);
       case ActorType.IDENTITY:
         return getIdentityOrgPermission(id, orgId);
       default:
@@ -177,39 +153,34 @@ export const permissionServiceFactory = ({
   const getUserProjectPermission = async (
     userId: string,
     projectId: string,
-    authMethod: ActorAuthMethod,
     userOrgId?: string
   ): Promise<TProjectPermissionRT<ActorType.USER>> => {
-    const membership = await permissionDAL.getProjectPermission(userId, projectId);
-    if (!membership) throw new UnauthorizedError({ name: "User not in project" });
+    const userProjectPermission = await permissionDAL.getProjectPermission(userId, projectId);
+    if (!userProjectPermission) throw new UnauthorizedError({ name: "User not in project" });
 
-    if (membership.roles.some(({ role, permissions }) => role === ProjectMembershipRole.Custom && !permissions)) {
+    if (
+      userProjectPermission.roles.some(({ role, permissions }) => role === ProjectMembershipRole.Custom && !permissions)
+    ) {
       throw new BadRequestError({ name: "Custom permission not found" });
     }
 
-    // If the org ID is API_KEY, the request is being made with an API Key.
-    // Since we can't scope API keys to an organization, we'll need to do an arbitrary check to see if the user is a member of the organization.
-
-    // Extra: This means that when users are using API keys to make requests, they can't use slug-based routes.
-    // Slug-based routes depend on the organization ID being present on the request, since project slugs aren't globally unique, and we need a way to filter by organization.
-    if (userOrgId !== "API_KEY" && membership.orgId !== userOrgId) {
-      throw new UnauthorizedError({ name: "You are not logged into this organization" });
+    if (userProjectPermission.orgAuthEnforced && userProjectPermission.orgId !== userOrgId) {
+      throw new BadRequestError({ name: "Cannot access org-scoped resource" });
     }
 
-    validateOrgSAML(authMethod, membership.orgAuthEnforced);
-
     return {
-      permission: buildProjectPermission(membership.roles),
-      membership,
+      permission: buildProjectPermission(userProjectPermission.roles),
+      membership: userProjectPermission,
       hasRole: (role: string) =>
-        membership.roles.findIndex(({ role: slug, customRoleSlug }) => role === slug || slug === customRoleSlug) !== -1
+        userProjectPermission.roles.findIndex(
+          ({ role: slug, customRoleSlug }) => role === slug || slug === customRoleSlug
+        ) !== -1
     };
   };
 
   const getIdentityProjectPermission = async (
     identityId: string,
-    projectId: string,
-    identityOrgId: string | undefined
+    projectId: string
   ): Promise<TProjectPermissionRT<ActorType.IDENTITY>> => {
     const identityProjectPermission = await permissionDAL.getProjectIdentityPermission(identityId, projectId);
     if (!identityProjectPermission) throw new UnauthorizedError({ name: "Identity not in project" });
@@ -222,10 +193,6 @@ export const permissionServiceFactory = ({
       throw new BadRequestError({ name: "Custom permission not found" });
     }
 
-    if (identityProjectPermission.orgId !== identityOrgId) {
-      throw new UnauthorizedError({ name: "You are not a member of this organization" });
-    }
-
     return {
       permission: buildProjectPermission(identityProjectPermission.roles),
       membership: identityProjectPermission,
@@ -236,32 +203,14 @@ export const permissionServiceFactory = ({
     };
   };
 
-  const getServiceTokenProjectPermission = async (
-    serviceTokenId: string,
-    projectId: string,
-    actorOrgId: string | undefined
-  ) => {
+  const getServiceTokenProjectPermission = async (serviceTokenId: string, projectId: string) => {
     const serviceToken = await serviceTokenDAL.findById(serviceTokenId);
     if (!serviceToken) throw new BadRequestError({ message: "Service token not found" });
 
-    const serviceTokenProject = await projectDAL.findById(serviceToken.projectId);
-
-    if (!serviceTokenProject) throw new BadRequestError({ message: "Service token not linked to a project" });
-
-    if (serviceTokenProject.orgId !== actorOrgId) {
-      throw new UnauthorizedError({ message: "Service token not a part of this organization" });
-    }
-
     if (serviceToken.projectId !== projectId)
       throw new UnauthorizedError({
         message: "Failed to find service authorization for given project"
       });
-
-    if (serviceTokenProject.orgId !== actorOrgId)
-      throw new UnauthorizedError({
-        message: "Failed to find service authorization for given project"
-      });
-
     const scopes = ServiceTokenScopes.parse(serviceToken.scopes || []);
     return {
       permission: buildServiceTokenProjectPermission(scopes, serviceToken.permissions),
@@ -289,16 +238,15 @@ export const permissionServiceFactory = ({
     type: T,
     id: string,
     projectId: string,
-    actorAuthMethod: ActorAuthMethod,
-    actorOrgId: string | undefined
+    actorOrgId?: string
   ): Promise<TProjectPermissionRT<T>> => {
     switch (type) {
       case ActorType.USER:
-        return getUserProjectPermission(id, projectId, actorAuthMethod, actorOrgId) as Promise<TProjectPermissionRT<T>>;
+        return getUserProjectPermission(id, projectId, actorOrgId) as Promise<TProjectPermissionRT<T>>;
       case ActorType.SERVICE:
-        return getServiceTokenProjectPermission(id, projectId, actorOrgId) as Promise<TProjectPermissionRT<T>>;
+        return getServiceTokenProjectPermission(id, projectId) as Promise<TProjectPermissionRT<T>>;
       case ActorType.IDENTITY:
-        return getIdentityProjectPermission(id, projectId, actorOrgId) as Promise<TProjectPermissionRT<T>>;
+        return getIdentityProjectPermission(id, projectId) as Promise<TProjectPermissionRT<T>>;
       default:
         throw new UnauthorizedError({
           message: "Permission not defined",

backend/src/ee/services/saml-config/saml-config-service.ts

@@ -55,7 +55,6 @@ export const samlConfigServiceFactory = ({
   const createSamlCfg = async ({
     cert,
     actor,
-    actorAuthMethod,
     actorOrgId,
     orgId,
     issuer,
@@ -64,7 +63,7 @@ export const samlConfigServiceFactory = ({
     entryPoint,
     authProvider
   }: TCreateSamlCfgDTO) => {
-    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorAuthMethod, actorOrgId);
+    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Create, OrgPermissionSubjects.Sso);
 
     const plan = await licenseService.getPlan(orgId);
@@ -147,7 +146,6 @@ export const samlConfigServiceFactory = ({
     orgId,
     actor,
     actorOrgId,
-    actorAuthMethod,
     cert,
     actorId,
     issuer,
@@ -155,7 +153,7 @@ export const samlConfigServiceFactory = ({
     entryPoint,
     authProvider
   }: TUpdateSamlCfgDTO) => {
-    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorAuthMethod, actorOrgId);
+    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Edit, OrgPermissionSubjects.Sso);
     const plan = await licenseService.getPlan(orgId);
     if (!plan.samlSSO)
@@ -240,7 +238,6 @@ export const samlConfigServiceFactory = ({
         dto.actor,
         dto.actorId,
         ssoConfig.orgId,
-        dto.actorAuthMethod,
         dto.actorOrgId
       );
       ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Read, OrgPermissionSubjects.Sso);

backend/src/ee/services/saml-config/saml-config-types.ts

@@ -1,5 +1,5 @@
 import { TOrgPermission } from "@app/lib/types";
-import { ActorAuthMethod, ActorType } from "@app/services/auth/auth-type";
+import { ActorType } from "@app/services/auth/auth-type";
 
 export enum SamlProviders {
   OKTA_SAML = "okta-saml",
@@ -26,14 +26,7 @@ export type TUpdateSamlCfgDTO = Partial<{
   TOrgPermission;
 
 export type TGetSamlCfgDTO =
-  | {
-      type: "org";
-      orgId: string;
-      actor: ActorType;
-      actorId: string;
-      actorAuthMethod: ActorAuthMethod;
-      actorOrgId: string | undefined;
-    }
+  | { type: "org"; orgId: string; actor: ActorType; actorId: string; actorOrgId?: string }
   | {
       type: "orgSlug";
       orgSlug: string;

backend/src/ee/services/scim/scim-service.ts

@@ -56,16 +56,8 @@ export const scimServiceFactory = ({
   permissionService,
   smtpService
 }: TScimServiceFactoryDep) => {
-  const createScimToken = async ({
-    actor,
-    actorId,
-    actorOrgId,
-    actorAuthMethod,
-    orgId,
-    description,
-    ttlDays
-  }: TCreateScimTokenDTO) => {
-    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorAuthMethod, actorOrgId);
+  const createScimToken = async ({ actor, actorId, actorOrgId, orgId, description, ttlDays }: TCreateScimTokenDTO) => {
+    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Create, OrgPermissionSubjects.Scim);
 
     const plan = await licenseService.getPlan(orgId);
@@ -93,8 +85,8 @@ export const scimServiceFactory = ({
     return { scimToken };
   };
 
-  const listScimTokens = async ({ actor, actorId, actorOrgId, actorAuthMethod, orgId }: TOrgPermission) => {
-    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorAuthMethod, actorOrgId);
+  const listScimTokens = async ({ actor, actorId, actorOrgId, orgId }: TOrgPermission) => {
+    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Read, OrgPermissionSubjects.Scim);
 
     const plan = await licenseService.getPlan(orgId);
@@ -107,17 +99,11 @@ export const scimServiceFactory = ({
     return scimTokens;
   };
 
-  const deleteScimToken = async ({ scimTokenId, actor, actorId, actorAuthMethod, actorOrgId }: TDeleteScimTokenDTO) => {
+  const deleteScimToken = async ({ scimTokenId, actor, actorId, actorOrgId }: TDeleteScimTokenDTO) => {
     let scimToken = await scimDAL.findById(scimTokenId);
     if (!scimToken) throw new BadRequestError({ message: "Failed to find SCIM token to delete" });
 
-    const { permission } = await permissionService.getOrgPermission(
-      actor,
-      actorId,
-      scimToken.orgId,
-      actorAuthMethod,
-      actorOrgId
-    );
+    const { permission } = await permissionService.getOrgPermission(actor, actorId, scimToken.orgId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Delete, OrgPermissionSubjects.Scim);
 
     const plan = await licenseService.getPlan(scimToken.orgId);

backend/src/ee/services/secret-approval-policy/secret-approval-policy-service.ts

@@ -45,7 +45,6 @@ export const secretApprovalPolicyServiceFactory = ({
     actor,
     actorId,
     actorOrgId,
-    actorAuthMethod,
     approvals,
     approvers,
     projectId,
@@ -55,13 +54,7 @@ export const secretApprovalPolicyServiceFactory = ({
     if (approvals > approvers.length)
       throw new BadRequestError({ message: "Approvals cannot be greater than approvers" });
 
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, projectId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(
       ProjectPermissionActions.Create,
       ProjectPermissionSub.SecretApproval
@@ -105,7 +98,6 @@ export const secretApprovalPolicyServiceFactory = ({
     actorId,
     actor,
     actorOrgId,
-    actorAuthMethod,
     approvals,
     secretPolicyId
   }: TUpdateSapDTO) => {
@@ -116,7 +108,6 @@ export const secretApprovalPolicyServiceFactory = ({
       actor,
       actorId,
       secretApprovalPolicy.projectId,
-      actorAuthMethod,
       actorOrgId
     );
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Edit, ProjectPermissionSub.SecretApproval);
@@ -161,13 +152,7 @@ export const secretApprovalPolicyServiceFactory = ({
     };
   };
 
-  const deleteSecretApprovalPolicy = async ({
-    secretPolicyId,
-    actor,
-    actorId,
-    actorAuthMethod,
-    actorOrgId
-  }: TDeleteSapDTO) => {
+  const deleteSecretApprovalPolicy = async ({ secretPolicyId, actor, actorId, actorOrgId }: TDeleteSapDTO) => {
     const sapPolicy = await secretApprovalPolicyDAL.findById(secretPolicyId);
     if (!sapPolicy) throw new BadRequestError({ message: "Secret approval policy not found" });
 
@@ -175,7 +160,6 @@ export const secretApprovalPolicyServiceFactory = ({
       actor,
       actorId,
       sapPolicy.projectId,
-      actorAuthMethod,
       actorOrgId
     );
     ForbiddenError.from(permission).throwUnlessCan(
@@ -187,20 +171,8 @@ export const secretApprovalPolicyServiceFactory = ({
     return sapPolicy;
   };
 
-  const getSecretApprovalPolicyByProjectId = async ({
-    actorId,
-    actor,
-    actorOrgId,
-    actorAuthMethod,
-    projectId
-  }: TListSapDTO) => {
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+  const getSecretApprovalPolicyByProjectId = async ({ actorId, actor, actorOrgId, projectId }: TListSapDTO) => {
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, projectId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.SecretApproval);
 
     const sapPolicies = await secretApprovalPolicyDAL.find({ projectId });
@@ -229,17 +201,10 @@ export const secretApprovalPolicyServiceFactory = ({
     actor,
     actorId,
     actorOrgId,
-    actorAuthMethod,
     environment,
     secretPath
   }: TGetBoardSapDTO) => {
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, projectId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(
       ProjectPermissionActions.Read,
       subject(ProjectPermissionSub.Secrets, { secretPath, environment })

backend/src/ee/services/secret-approval-request/secret-approval-request-service.ts

@@ -82,14 +82,13 @@ export const secretApprovalRequestServiceFactory = ({
   secretVersionDAL,
   secretQueueService
 }: TSecretApprovalRequestServiceFactoryDep) => {
-  const requestCount = async ({ projectId, actor, actorId, actorOrgId, actorAuthMethod }: TApprovalRequestCountDTO) => {
+  const requestCount = async ({ projectId, actor, actorId, actorOrgId }: TApprovalRequestCountDTO) => {
     if (actor === ActorType.SERVICE) throw new BadRequestError({ message: "Cannot use service token" });
 
     const { membership } = await permissionService.getProjectPermission(
       actor as ActorType.USER,
       actorId,
       projectId,
-      actorAuthMethod,
       actorOrgId
     );
 
@@ -101,7 +100,6 @@ export const secretApprovalRequestServiceFactory = ({
     projectId,
     actorId,
     actor,
-    actorAuthMethod,
     actorOrgId,
     status,
     environment,
@@ -111,13 +109,7 @@ export const secretApprovalRequestServiceFactory = ({
   }: TListApprovalsDTO) => {
     if (actor === ActorType.SERVICE) throw new BadRequestError({ message: "Cannot use service token" });
 
-    const { membership } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+    const { membership } = await permissionService.getProjectPermission(actor, actorId, projectId, actorOrgId);
     const approvals = await secretApprovalRequestDAL.findByProjectId({
       projectId,
       committer,
@@ -130,13 +122,7 @@ export const secretApprovalRequestServiceFactory = ({
     return approvals;
   };
 
-  const getSecretApprovalDetails = async ({
-    actor,
-    actorId,
-    actorOrgId,
-    actorAuthMethod,
-    id
-  }: TSecretApprovalDetailsDTO) => {
+  const getSecretApprovalDetails = async ({ actor, actorId, actorOrgId, id }: TSecretApprovalDetailsDTO) => {
     if (actor === ActorType.SERVICE) throw new BadRequestError({ message: "Cannot use service token" });
 
     const secretApprovalRequest = await secretApprovalRequestDAL.findById(id);
@@ -147,7 +133,6 @@ export const secretApprovalRequestServiceFactory = ({
       actor,
       actorId,
       secretApprovalRequest.projectId,
-      actorAuthMethod,
       actorOrgId
     );
     if (
@@ -165,14 +150,7 @@ export const secretApprovalRequestServiceFactory = ({
     return { ...secretApprovalRequest, secretPath: secretPath?.[0]?.path || "/", commits: secrets };
   };
 
-  const reviewApproval = async ({
-    approvalId,
-    actor,
-    status,
-    actorId,
-    actorAuthMethod,
-    actorOrgId
-  }: TReviewRequestDTO) => {
+  const reviewApproval = async ({ approvalId, actor, status, actorId, actorOrgId }: TReviewRequestDTO) => {
     const secretApprovalRequest = await secretApprovalRequestDAL.findById(approvalId);
     if (!secretApprovalRequest) throw new BadRequestError({ message: "Secret approval request not found" });
     if (actor !== ActorType.USER) throw new BadRequestError({ message: "Must be a user" });
@@ -182,7 +160,6 @@ export const secretApprovalRequestServiceFactory = ({
       ActorType.USER,
       actorId,
       secretApprovalRequest.projectId,
-      actorAuthMethod,
       actorOrgId
     );
     if (
@@ -215,14 +192,7 @@ export const secretApprovalRequestServiceFactory = ({
     return reviewStatus;
   };
 
-  const updateApprovalStatus = async ({
-    actorId,
-    status,
-    approvalId,
-    actor,
-    actorOrgId,
-    actorAuthMethod
-  }: TStatusChangeDTO) => {
+  const updateApprovalStatus = async ({ actorId, status, approvalId, actor, actorOrgId }: TStatusChangeDTO) => {
     const secretApprovalRequest = await secretApprovalRequestDAL.findById(approvalId);
     if (!secretApprovalRequest) throw new BadRequestError({ message: "Secret approval request not found" });
     if (actor !== ActorType.USER) throw new BadRequestError({ message: "Must be a user" });
@@ -232,7 +202,6 @@ export const secretApprovalRequestServiceFactory = ({
       ActorType.USER,
       actorId,
       secretApprovalRequest.projectId,
-      actorAuthMethod,
       actorOrgId
     );
     if (
@@ -260,8 +229,7 @@ export const secretApprovalRequestServiceFactory = ({
     approvalId,
     actor,
     actorId,
-    actorOrgId,
-    actorAuthMethod
+    actorOrgId
   }: TMergeSecretApprovalRequestDTO) => {
     const secretApprovalRequest = await secretApprovalRequestDAL.findById(approvalId);
     if (!secretApprovalRequest) throw new BadRequestError({ message: "Secret approval request not found" });
@@ -272,10 +240,8 @@ export const secretApprovalRequestServiceFactory = ({
       ActorType.USER,
       actorId,
       projectId,
-      actorAuthMethod,
       actorOrgId
     );
-
     if (
       !hasRole(ProjectMembershipRole.Admin) &&
       secretApprovalRequest.committerId !== membership.id &&
@@ -472,7 +438,6 @@ export const secretApprovalRequestServiceFactory = ({
     actorId,
     actor,
     actorOrgId,
-    actorAuthMethod,
     policy,
     projectId,
     secretPath,
@@ -484,7 +449,6 @@ export const secretApprovalRequestServiceFactory = ({
       actor,
       actorId,
       projectId,
-      actorAuthMethod,
       actorOrgId
     );
     ForbiddenError.from(permission).throwUnlessCan(

backend/src/ee/services/secret-rotation/secret-rotation-queue/secret-rotation-queue-fn.ts

@@ -9,7 +9,6 @@ import jmespath from "jmespath";
 import knex from "knex";
 
 import { getConfig } from "@app/lib/config/env";
-import { getDbConnectionHost } from "@app/lib/knex";
 import { alphaNumericNanoId } from "@app/lib/nanoid";
 
 import { TAssignOp, TDbProviderClients, TDirectAssignOp, THttpProviderFunction } from "../templates/types";
@@ -90,7 +89,7 @@ export const secretRotationDbFn = async ({
   const appCfg = getConfig();
 
   const ssl = ca ? { rejectUnauthorized: false, ca } : undefined;
-  if (host === "localhost" || host === "127.0.0.1" || getDbConnectionHost(appCfg.DB_CONNECTION_URI) === host)
+  if (host === "localhost" || host === "127.0.0.1" || appCfg.DB_CONNECTION_URI.includes(host))
     throw new Error("Invalid db host");
 
   const db = knex({

backend/src/ee/services/secret-rotation/secret-rotation-service.ts

@@ -39,20 +39,8 @@ export const secretRotationServiceFactory = ({
   folderDAL,
   secretDAL
 }: TSecretRotationServiceFactoryDep) => {
-  const getProviderTemplates = async ({
-    actor,
-    actorId,
-    actorOrgId,
-    actorAuthMethod,
-    projectId
-  }: TProjectPermission) => {
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+  const getProviderTemplates = async ({ actor, actorId, actorOrgId, projectId }: TProjectPermission) => {
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, projectId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.SecretRotation);
 
     return {
@@ -66,7 +54,6 @@ export const secretRotationServiceFactory = ({
     actorId,
     actor,
     actorOrgId,
-    actorAuthMethod,
     inputs,
     outputs,
     interval,
@@ -74,13 +61,7 @@ export const secretRotationServiceFactory = ({
     secretPath,
     environment
   }: TCreateSecretRotationDTO) => {
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, projectId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(
       ProjectPermissionActions.Create,
       ProjectPermissionSub.SecretRotation
@@ -158,20 +139,14 @@ export const secretRotationServiceFactory = ({
     return secretRotation;
   };
 
-  const getByProjectId = async ({ actorId, projectId, actor, actorOrgId, actorAuthMethod }: TListByProjectIdDTO) => {
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+  const getByProjectId = async ({ actorId, projectId, actor, actorOrgId }: TListByProjectIdDTO) => {
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, projectId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.SecretRotation);
     const doc = await secretRotationDAL.find({ projectId });
     return doc;
   };
 
-  const restartById = async ({ actor, actorId, actorOrgId, actorAuthMethod, rotationId }: TRestartDTO) => {
+  const restartById = async ({ actor, actorId, actorOrgId, rotationId }: TRestartDTO) => {
     const doc = await secretRotationDAL.findById(rotationId);
     if (!doc) throw new BadRequestError({ message: "Rotation not found" });
 
@@ -182,30 +157,18 @@ export const secretRotationServiceFactory = ({
         message: "Failed to add secret rotation due to plan restriction. Upgrade plan to add secret rotation."
       });
 
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      doc.projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, doc.projectId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Edit, ProjectPermissionSub.SecretRotation);
     await secretRotationQueue.removeFromQueue(doc.id, doc.interval);
     await secretRotationQueue.addToQueue(doc.id, doc.interval);
     return doc;
   };
 
-  const deleteById = async ({ actor, actorId, actorOrgId, actorAuthMethod, rotationId }: TDeleteDTO) => {
+  const deleteById = async ({ actor, actorId, actorOrgId, rotationId }: TDeleteDTO) => {
     const doc = await secretRotationDAL.findById(rotationId);
     if (!doc) throw new BadRequestError({ message: "Rotation not found" });
 
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      doc.projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, doc.projectId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(
       ProjectPermissionActions.Delete,
       ProjectPermissionSub.SecretRotation

backend/src/ee/services/secret-scanning/secret-scanning-service.ts

@@ -39,14 +39,8 @@ export const secretScanningServiceFactory = ({
   permissionService,
   secretScanningQueue
 }: TSecretScanningServiceFactoryDep) => {
-  const createInstallationSession = async ({
-    actor,
-    orgId,
-    actorId,
-    actorAuthMethod,
-    actorOrgId
-  }: TInstallAppSessionDTO) => {
-    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorAuthMethod, actorOrgId);
+  const createInstallationSession = async ({ actor, orgId, actorId, actorOrgId }: TInstallAppSessionDTO) => {
+    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Create, OrgPermissionSubjects.SecretScanning);
 
     const sessionId = crypto.randomBytes(16).toString("hex");
@@ -59,19 +53,12 @@ export const secretScanningServiceFactory = ({
     actorId,
     installationId,
     actor,
-    actorAuthMethod,
     actorOrgId
   }: TLinkInstallSessionDTO) => {
     const session = await gitAppInstallSessionDAL.findOne({ sessionId });
     if (!session) throw new UnauthorizedError({ message: "Session not found" });
 
-    const { permission } = await permissionService.getOrgPermission(
-      actor,
-      actorId,
-      session.orgId,
-      actorAuthMethod,
-      actorOrgId
-    );
+    const { permission } = await permissionService.getOrgPermission(actor, actorId, session.orgId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Create, OrgPermissionSubjects.SecretScanning);
     const installatedApp = await gitAppOrgDAL.transaction(async (tx) => {
       await gitAppInstallSessionDAL.deleteById(session.id, tx);
@@ -102,37 +89,23 @@ export const secretScanningServiceFactory = ({
     return { installatedApp };
   };
 
-  const getOrgInstallationStatus = async ({
-    actorId,
-    orgId,
-    actor,
-    actorAuthMethod,
-    actorOrgId
-  }: TGetOrgInstallStatusDTO) => {
-    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorAuthMethod, actorOrgId);
+  const getOrgInstallationStatus = async ({ actorId, orgId, actor, actorOrgId }: TGetOrgInstallStatusDTO) => {
+    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Read, OrgPermissionSubjects.SecretScanning);
 
     const appInstallation = await gitAppOrgDAL.findOne({ orgId });
     return Boolean(appInstallation);
   };
 
-  const getRisksByOrg = async ({ actor, orgId, actorId, actorAuthMethod, actorOrgId }: TGetOrgRisksDTO) => {
-    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorAuthMethod, actorOrgId);
+  const getRisksByOrg = async ({ actor, orgId, actorId, actorOrgId }: TGetOrgRisksDTO) => {
+    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Read, OrgPermissionSubjects.SecretScanning);
     const risks = await secretScanningDAL.find({ orgId }, { sort: [["createdAt", "desc"]] });
     return { risks };
   };
 
-  const updateRiskStatus = async ({
-    actorId,
-    orgId,
-    actor,
-    actorOrgId,
-    actorAuthMethod,
-    riskId,
-    status
-  }: TUpdateRiskStatusDTO) => {
-    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorAuthMethod, actorOrgId);
+  const updateRiskStatus = async ({ actorId, orgId, actor, actorOrgId, riskId, status }: TUpdateRiskStatusDTO) => {
+    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Edit, OrgPermissionSubjects.SecretScanning);
 
     const isRiskResolved = Boolean(

backend/src/ee/services/secret-snapshot/secret-snapshot-service.ts

@@ -59,16 +59,9 @@ export const secretSnapshotServiceFactory = ({
     actorId,
     actor,
     actorOrgId,
-    actorAuthMethod,
     path
   }: TProjectSnapshotCountDTO) => {
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, projectId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.SecretRollback);
 
     const folder = await folderDAL.findBySecretPath(projectId, environment, path);
@@ -84,18 +77,11 @@ export const secretSnapshotServiceFactory = ({
     actorId,
     actor,
     actorOrgId,
-    actorAuthMethod,
     path,
     limit = 20,
     offset = 0
   }: TProjectSnapshotListDTO) => {
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, projectId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.SecretRollback);
 
     const folder = await folderDAL.findBySecretPath(projectId, environment, path);
@@ -105,16 +91,10 @@ export const secretSnapshotServiceFactory = ({
     return snapshots;
   };
 
-  const getSnapshotData = async ({ actorId, actor, actorOrgId, actorAuthMethod, id }: TGetSnapshotDataDTO) => {
+  const getSnapshotData = async ({ actorId, actor, actorOrgId, id }: TGetSnapshotDataDTO) => {
     const snapshot = await snapshotDAL.findSecretSnapshotDataById(id);
     if (!snapshot) throw new BadRequestError({ message: "Snapshot not found" });
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      snapshot.projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, snapshot.projectId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.SecretRollback);
     return snapshot;
   };
@@ -165,23 +145,11 @@ export const secretSnapshotServiceFactory = ({
     }
   };
 
-  const rollbackSnapshot = async ({
-    id: snapshotId,
-    actor,
-    actorId,
-    actorAuthMethod,
-    actorOrgId
-  }: TRollbackSnapshotDTO) => {
+  const rollbackSnapshot = async ({ id: snapshotId, actor, actorId, actorOrgId }: TRollbackSnapshotDTO) => {
     const snapshot = await snapshotDAL.findById(snapshotId);
     if (!snapshot) throw new BadRequestError({ message: "Snapshot not found" });
 
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      snapshot.projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, snapshot.projectId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(
       ProjectPermissionActions.Create,
       ProjectPermissionSub.SecretRollback

backend/src/ee/services/trusted-ip/trusted-ip-service.ts

@@ -26,14 +26,8 @@ export const trustedIpServiceFactory = ({
   licenseService,
   projectDAL
 }: TTrustedIpServiceFactoryDep) => {
-  const listIpsByProjectId = async ({ projectId, actor, actorId, actorAuthMethod, actorOrgId }: TProjectPermission) => {
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+  const listIpsByProjectId = async ({ projectId, actor, actorId, actorOrgId }: TProjectPermission) => {
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, projectId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.IpAllowList);
     const trustedIps = await trustedIpDAL.find({
       projectId
@@ -44,20 +38,13 @@ export const trustedIpServiceFactory = ({
   const addProjectIp = async ({
     projectId,
     actorId,
-    actorAuthMethod,
     actor,
     actorOrgId,
     ipAddress: ip,
     comment,
     isActive
   }: TCreateIpDTO) => {
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, projectId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Create, ProjectPermissionSub.IpAllowList);
 
     const project = await projectDAL.findById(projectId);
@@ -91,18 +78,11 @@ export const trustedIpServiceFactory = ({
     actorId,
     actor,
     actorOrgId,
-    actorAuthMethod,
     ipAddress: ip,
     comment,
     trustedIpId
   }: TUpdateIpDTO) => {
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, projectId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Create, ProjectPermissionSub.IpAllowList);
 
     const project = await projectDAL.findById(projectId);
@@ -133,21 +113,8 @@ export const trustedIpServiceFactory = ({
     return { trustedIp, project }; // for audit log
   };
 
-  const deleteProjectIp = async ({
-    projectId,
-    actorId,
-    actor,
-    actorOrgId,
-    actorAuthMethod,
-    trustedIpId
-  }: TDeleteIpDTO) => {
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+  const deleteProjectIp = async ({ projectId, actorId, actor, actorOrgId, trustedIpId }: TDeleteIpDTO) => {
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, projectId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Create, ProjectPermissionSub.IpAllowList);
 
     const project = await projectDAL.findById(projectId);

backend/src/lib/api-docs/constants.ts

@@ -84,7 +84,7 @@ export const ORGANIZATIONS = {
 
 export const PROJECTS = {
   CREATE: {
-    organizationSlug: "The slug of the organization to create the project in.",
+    organizationId: "The ID of the organization to create the project in.",
     projectName: "The name of the project to create.",
     slug: "An optional slug for the project."
   },
@@ -197,7 +197,6 @@ export const FOLDERS = {
 export const RAW_SECRETS = {
   LIST: {
     workspaceId: "The ID of the project to list secrets from.",
-    workspaceSlug: "The slug of the project to list secrets from. This parameter is only usable by machine identities.",
     environment: "The slug of the environment to list secrets from.",
     secretPath: "The secret path to list secrets from.",
     includeImports: "Weather to include imported secrets or not."

backend/src/lib/knex/connection.ts

@@ -1,11 +0,0 @@
-import { URL } from "url"; // Import the URL class
-
-export const getDbConnectionHost = (urlString: string) => {
-  try {
-    const url = new URL(urlString);
-    // Split hostname and port (if provided)
-    return url.hostname.split(":")[0];
-  } catch (error) {
-    return null;
-  }
-};

backend/src/lib/knex/index.ts

@@ -4,7 +4,6 @@ import { Tables } from "knex/types/tables";
 
 import { DatabaseError } from "../errors";
 
-export * from "./connection";
 export * from "./join";
 export * from "./select";
 

backend/src/lib/types/index.ts

@@ -1,19 +1,17 @@
-import { ActorAuthMethod, ActorType } from "@app/services/auth/auth-type";
+import { ActorType } from "@app/services/auth/auth-type";
 
 export type TOrgPermission = {
   actor: ActorType;
   actorId: string;
   orgId: string;
-  actorAuthMethod: ActorAuthMethod;
-  actorOrgId: string | undefined;
+  actorOrgId?: string;
 };
 
 export type TProjectPermission = {
   actor: ActorType;
   actorId: string;
   projectId: string;
-  actorAuthMethod: ActorAuthMethod;
-  actorOrgId: string | undefined;
+  actorOrgId?: string;
 };
 
 export type RequiredKeys<T> = {

backend/src/server/plugins/auth/inject-identity.ts

@@ -6,49 +6,42 @@ import { TServiceTokens, TUsers } from "@app/db/schemas";
 import { TScimTokenJwtPayload } from "@app/ee/services/scim/scim-types";
 import { getConfig } from "@app/lib/config/env";
 import { UnauthorizedError } from "@app/lib/errors";
-import { ActorType, AuthMethod, AuthMode, AuthModeJwtTokenPayload, AuthTokenType } from "@app/services/auth/auth-type";
+import { ActorType, AuthMode, AuthModeJwtTokenPayload, AuthTokenType } from "@app/services/auth/auth-type";
 import { TIdentityAccessTokenJwtPayload } from "@app/services/identity-access-token/identity-access-token-types";
 
 export type TAuthMode =
   | {
+      orgId?: string;
       authMode: AuthMode.JWT;
       actor: ActorType.USER;
       userId: string;
       tokenVersionId: string; // the session id of token used
       user: TUsers;
-      orgId?: string;
-      authMethod: AuthMethod;
     }
   | {
       authMode: AuthMode.API_KEY;
-      authMethod: null;
       actor: ActorType.USER;
       userId: string;
       user: TUsers;
-      orgId: string;
+      orgId?: string;
     }
   | {
       authMode: AuthMode.SERVICE_TOKEN;
       serviceToken: TServiceTokens & { createdByEmail: string };
       actor: ActorType.SERVICE;
       serviceTokenId: string;
-      orgId: string;
-      authMethod: null;
     }
   | {
       authMode: AuthMode.IDENTITY_ACCESS_TOKEN;
       actor: ActorType.IDENTITY;
       identityId: string;
       identityName: string;
-      orgId: string;
-      authMethod: null;
     }
   | {
       authMode: AuthMode.SCIM_TOKEN;
       actor: ActorType.SCIM_CLIENT;
       scimTokenId: string;
       orgId: string;
-      authMethod: null;
     };
 
 const extractAuth = async (req: FastifyRequest, jwtSecret: string) => {
@@ -57,7 +50,6 @@ const extractAuth = async (req: FastifyRequest, jwtSecret: string) => {
     return { authMode: AuthMode.API_KEY, token: apiKey, actor: ActorType.USER } as const;
   }
   const authHeader = req.headers?.authorization;
-
   if (!authHeader) return { authMode: null, token: null };
 
   const authTokenValue = authHeader.slice(7); // slice of after Bearer
@@ -79,7 +71,6 @@ const extractAuth = async (req: FastifyRequest, jwtSecret: string) => {
         actor: ActorType.USER
       } as const;
     case AuthTokenType.API_KEY:
-      // throw new Error("API Key auth is no longer supported.");
       return { authMode: AuthMode.API_KEY, token: decodedToken, actor: ActorType.USER } as const;
     case AuthTokenType.IDENTITY_ACCESS_TOKEN:
       return {
@@ -98,30 +89,17 @@ const extractAuth = async (req: FastifyRequest, jwtSecret: string) => {
   }
 };
 
-// ! Important: You can only 100% count on the `req.permission.orgId` field being present when the auth method is Identity Access Token (Machine Identity).
 export const injectIdentity = fp(async (server: FastifyZodProvider) => {
   server.decorateRequest("auth", null);
   server.addHook("onRequest", async (req) => {
     const appCfg = getConfig();
     const { authMode, token, actor } = await extractAuth(req, appCfg.AUTH_SECRET);
-
-    if (req.url.includes("/api/v3/auth/")) {
-      return;
-    }
     if (!authMode) return;
 
     switch (authMode) {
       case AuthMode.JWT: {
         const { user, tokenVersionId, orgId } = await server.services.authToken.fnValidateJwtIdentity(token);
-        req.auth = {
-          authMode: AuthMode.JWT,
-          user,
-          userId: user.id,
-          tokenVersionId,
-          actor,
-          orgId,
-          authMethod: token.authMethod
-        };
+        req.auth = { authMode: AuthMode.JWT, user, userId: user.id, tokenVersionId, actor, orgId };
         break;
       }
       case AuthMode.IDENTITY_ACCESS_TOKEN: {
@@ -129,40 +107,29 @@ export const injectIdentity = fp(async (server: FastifyZodProvider) => {
         req.auth = {
           authMode: AuthMode.IDENTITY_ACCESS_TOKEN,
           actor,
-          orgId: identity.orgId,
           identityId: identity.identityId,
-          identityName: identity.name,
-          authMethod: null
+          identityName: identity.name
         };
         break;
       }
       case AuthMode.SERVICE_TOKEN: {
         const serviceToken = await server.services.serviceToken.fnValidateServiceToken(token);
         req.auth = {
-          orgId: serviceToken.orgId,
           authMode: AuthMode.SERVICE_TOKEN as const,
           serviceToken,
           serviceTokenId: serviceToken.id,
-          actor,
-          authMethod: null
+          actor
         };
         break;
       }
       case AuthMode.API_KEY: {
         const user = await server.services.apiKey.fnValidateApiKey(token as string);
-        req.auth = {
-          authMode: AuthMode.API_KEY as const,
-          userId: user.id,
-          actor,
-          user,
-          orgId: "API_KEY", // We set the orgId to an arbitrary value, since we can't link an API key to a specific org. We have to deprecate API keys soon!
-          authMethod: null
-        };
+        req.auth = { authMode: AuthMode.API_KEY as const, userId: user.id, actor, user };
         break;
       }
       case AuthMode.SCIM_TOKEN: {
         const { orgId, scimTokenId } = await server.services.scim.fnValidateScimToken(token);
-        req.auth = { authMode: AuthMode.SCIM_TOKEN, actor, scimTokenId, orgId, authMethod: null };
+        req.auth = { authMode: AuthMode.SCIM_TOKEN, actor, scimTokenId, orgId };
         break;
       }
       default:

backend/src/server/plugins/auth/inject-permission.ts

@@ -9,33 +9,13 @@ export const injectPermission = fp(async (server) => {
     if (!req.auth) return;
 
     if (req.auth.actor === ActorType.USER) {
-      req.permission = {
-        type: ActorType.USER,
-        id: req.auth.userId,
-        orgId: req.auth.orgId, // if the req.auth.authMode is AuthMode.API_KEY, the orgId will be "API_KEY"
-        authMethod: req.auth.authMethod // if the req.auth.authMode is AuthMode.API_KEY, the authMethod will be null
-      };
+      req.permission = { type: ActorType.USER, id: req.auth.userId, orgId: req.auth?.orgId };
     } else if (req.auth.actor === ActorType.IDENTITY) {
-      req.permission = {
-        type: ActorType.IDENTITY,
-        id: req.auth.identityId,
-        orgId: req.auth.orgId,
-        authMethod: null
-      };
+      req.permission = { type: ActorType.IDENTITY, id: req.auth.identityId };
     } else if (req.auth.actor === ActorType.SERVICE) {
-      req.permission = {
-        type: ActorType.SERVICE,
-        id: req.auth.serviceTokenId,
-        orgId: req.auth.orgId,
-        authMethod: null
-      };
+      req.permission = { type: ActorType.SERVICE, id: req.auth.serviceTokenId };
     } else if (req.auth.actor === ActorType.SCIM_CLIENT) {
-      req.permission = {
-        type: ActorType.SCIM_CLIENT,
-        id: req.auth.scimTokenId,
-        orgId: req.auth.orgId,
-        authMethod: null
-      };
+      req.permission = { type: ActorType.SCIM_CLIENT, id: req.auth.scimTokenId, orgId: req.auth.orgId };
     }
   });
 });

backend/src/server/plugins/auth/verify-auth.ts

@@ -3,26 +3,15 @@ import { FastifyReply, FastifyRequest, HookHandlerDoneFunction } from "fastify";
 import { UnauthorizedError } from "@app/lib/errors";
 import { AuthMode } from "@app/services/auth/auth-type";
 
-interface TAuthOptions {
-  requireOrg: boolean;
-}
-
 export const verifyAuth =
-  <T extends FastifyRequest>(authStrategies: AuthMode[], options: TAuthOptions = { requireOrg: true }) =>
+  <T extends FastifyRequest>(authStrats: AuthMode[]) =>
   (req: T, _res: FastifyReply, done: HookHandlerDoneFunction) => {
-    if (!Array.isArray(authStrategies)) throw new Error("Auth strategy must be array");
+    if (!Array.isArray(authStrats)) throw new Error("Auth strategy must be array");
     if (!req.auth) throw new UnauthorizedError({ name: "Unauthorized access", message: "Token missing" });
 
-    const isAccessAllowed = authStrategies.some((strategy) => strategy === req.auth.authMode);
+    const isAccessAllowed = authStrats.some((strat) => strat === req.auth.authMode);
     if (!isAccessAllowed) {
       throw new UnauthorizedError({ name: `${req.url} Unauthorized Access` });
     }
-
-    // New optional option. There are some routes which do not require an organization ID to be present on the request.
-    // An example of this is the /v1 auth routes.
-    if (req.auth.authMode === AuthMode.JWT && options.requireOrg === true && !req.permission.orgId) {
-      throw new UnauthorizedError({ name: `${req.url} Unauthorized Access, no organization found in request` });
-    }
-
     done();
   };

backend/src/server/plugins/swagger.ts

@@ -14,13 +14,13 @@ export const fastifySwagger = fp(async (fastify) => {
         version: "0.0.1"
       },
       servers: [
-        {
-          url: "https://app.infisical.com",
-          description: "Production server"
-        },
         {
           url: "http://localhost:8080",
           description: "Local server"
+        },
+        {
+          url: "https://app.infisical.com",
+          description: "Production server"
         }
       ],
       components: {

backend/src/server/routes/index.ts

@@ -201,8 +201,7 @@ export const registerRoutes = async (
     permissionDAL,
     orgRoleDAL,
     projectRoleDAL,
-    serviceTokenDAL,
-    projectDAL
+    serviceTokenDAL
   });
   const licenseService = licenseServiceFactory({ permissionService, orgDAL, licenseDAL, keyStore });
   const trustedIpService = trustedIpServiceFactory({
@@ -267,7 +266,7 @@ export const registerRoutes = async (
 
   const tokenService = tokenServiceFactory({ tokenDAL: authTokenDAL, userDAL });
   const userService = userServiceFactory({ userDAL });
-  const loginService = authLoginServiceFactory({ userDAL, smtpService, tokenService, orgDAL, tokenDAL: authTokenDAL });
+  const loginService = authLoginServiceFactory({ userDAL, smtpService, tokenService });
   const passwordService = authPaswordServiceFactory({
     tokenService,
     smtpService,
@@ -373,7 +372,6 @@ export const registerRoutes = async (
     projectKeyDAL,
     userDAL,
     projectEnvDAL,
-    orgDAL,
     orgService,
     projectMembershipDAL,
     folderDAL,
@@ -519,8 +517,7 @@ export const registerRoutes = async (
     projectEnvDAL,
     serviceTokenDAL,
     userDAL,
-    permissionService,
-    projectDAL
+    permissionService
   });
 
   const identityService = identityServiceFactory({
@@ -528,10 +525,7 @@ export const registerRoutes = async (
     identityDAL,
     identityOrgMembershipDAL
   });
-  const identityAccessTokenService = identityAccessTokenServiceFactory({
-    identityAccessTokenDAL,
-    identityOrgMembershipDAL
-  });
+  const identityAccessTokenService = identityAccessTokenServiceFactory({ identityAccessTokenDAL });
   const identityProjectService = identityProjectServiceFactory({
     permissionService,
     projectDAL,

backend/src/server/routes/v1/auth-router.ts

@@ -21,7 +21,7 @@ export const registerAuthRoutes = async (server: FastifyZodProvider) => {
         })
       }
     },
-    onRequest: verifyAuth([AuthMode.JWT], { requireOrg: false }),
+    onRequest: verifyAuth([AuthMode.JWT]),
     handler: async (req, res) => {
       const appCfg = getConfig();
       if (req.auth.authMode === AuthMode.JWT) {
@@ -85,7 +85,6 @@ export const registerAuthRoutes = async (server: FastifyZodProvider) => {
 
       const token = jwt.sign(
         {
-          authMethod: decodedToken.authMethod,
           authTokenType: AuthTokenType.ACCESS_TOKEN,
           userId: decodedToken.userId,
           tokenVersionId: tokenVersion.id,

backend/src/server/routes/v1/bot-router.ts

@@ -30,7 +30,6 @@ export const registerProjectBotRouter = async (server: FastifyZodProvider) => {
         actor: req.permission.type,
         actorId: req.permission.id,
         actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
         projectId: req.params.projectId
       });
       return { bot };
@@ -71,7 +70,6 @@ export const registerProjectBotRouter = async (server: FastifyZodProvider) => {
         actor: req.permission.type,
         actorId: req.permission.id,
         actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
         botId: req.params.botId,
         botKey: req.body.botKey,
         isActive: req.body.isActive

backend/src/server/routes/v1/identity-router.ts

@@ -35,7 +35,6 @@ export const registerIdentityRouter = async (server: FastifyZodProvider) => {
       const identity = await server.services.identity.createIdentity({
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         ...req.body,
         orgId: req.body.organizationId
@@ -96,7 +95,6 @@ export const registerIdentityRouter = async (server: FastifyZodProvider) => {
       const identity = await server.services.identity.updateIdentity({
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         id: req.params.identityId,
         ...req.body
@@ -142,7 +140,6 @@ export const registerIdentityRouter = async (server: FastifyZodProvider) => {
       const identity = await server.services.identity.deleteIdentity({
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         id: req.params.identityId
       });

backend/src/server/routes/v1/identity-ua.ts

@@ -131,7 +131,6 @@ export const registerIdentityUaRouter = async (server: FastifyZodProvider) => {
         actor: req.permission.type,
         actorId: req.permission.id,
         actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
         ...req.body,
         identityId: req.params.identityId
       });
@@ -213,7 +212,6 @@ export const registerIdentityUaRouter = async (server: FastifyZodProvider) => {
         actor: req.permission.type,
         actorId: req.permission.id,
         actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
         ...req.body,
         identityId: req.params.identityId
       });
@@ -262,7 +260,6 @@ export const registerIdentityUaRouter = async (server: FastifyZodProvider) => {
       const identityUniversalAuth = await server.services.identityUa.getIdentityUa({
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         identityId: req.params.identityId
       });
@@ -312,7 +309,6 @@ export const registerIdentityUaRouter = async (server: FastifyZodProvider) => {
       const { clientSecret, clientSecretData, orgId } = await server.services.identityUa.createUaClientSecret({
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         identityId: req.params.identityId,
         ...req.body
@@ -358,7 +354,6 @@ export const registerIdentityUaRouter = async (server: FastifyZodProvider) => {
       const { clientSecrets: clientSecretData, orgId } = await server.services.identityUa.getUaClientSecrets({
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         identityId: req.params.identityId
       });
@@ -402,7 +397,6 @@ export const registerIdentityUaRouter = async (server: FastifyZodProvider) => {
       const clientSecretData = await server.services.identityUa.revokeUaClientSecret({
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         identityId: req.params.identityId,
         clientSecretId: req.params.clientSecretId

backend/src/server/routes/v1/integration-auth-router.ts

@@ -53,7 +53,6 @@ export const registerIntegrationAuthRouter = async (server: FastifyZodProvider)
       const integrationAuth = await server.services.integrationAuth.getIntegrationAuth({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         id: req.params.integrationAuthId
       });
@@ -81,7 +80,6 @@ export const registerIntegrationAuthRouter = async (server: FastifyZodProvider)
         actorId: req.permission.id,
         actor: req.permission.type,
         actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
         integration: req.query.integration,
         projectId: req.query.projectId
       });
@@ -119,7 +117,6 @@ export const registerIntegrationAuthRouter = async (server: FastifyZodProvider)
       const integrationAuth = await server.services.integrationAuth.deleteIntegrationAuthById({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         id: req.params.integrationAuthId
       });
@@ -160,7 +157,6 @@ export const registerIntegrationAuthRouter = async (server: FastifyZodProvider)
       const integrationAuth = await server.services.integrationAuth.oauthExchange({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         projectId: req.body.workspaceId,
         ...req.body
@@ -204,7 +200,6 @@ export const registerIntegrationAuthRouter = async (server: FastifyZodProvider)
       const integrationAuth = await server.services.integrationAuth.saveIntegrationToken({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         projectId: req.body.workspaceId,
         ...req.body
@@ -252,7 +247,6 @@ export const registerIntegrationAuthRouter = async (server: FastifyZodProvider)
       const apps = await server.services.integrationAuth.getIntegrationApps({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         id: req.params.integrationAuthId,
         ...req.query
@@ -284,7 +278,6 @@ export const registerIntegrationAuthRouter = async (server: FastifyZodProvider)
       const teams = await server.services.integrationAuth.getIntegrationAuthTeams({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         id: req.params.integrationAuthId
       });
@@ -313,7 +306,6 @@ export const registerIntegrationAuthRouter = async (server: FastifyZodProvider)
       const branches = await server.services.integrationAuth.getVercelBranches({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         id: req.params.integrationAuthId,
         appId: req.query.appId
@@ -343,7 +335,6 @@ export const registerIntegrationAuthRouter = async (server: FastifyZodProvider)
       const groups = await server.services.integrationAuth.getChecklyGroups({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         id: req.params.integrationAuthId,
         accountId: req.query.accountId
@@ -352,68 +343,6 @@ export const registerIntegrationAuthRouter = async (server: FastifyZodProvider)
     }
   });
 
-  server.route({
-    url: "/:integrationAuthId/github/orgs",
-    method: "GET",
-    onRequest: verifyAuth([AuthMode.JWT]),
-    schema: {
-      params: z.object({
-        integrationAuthId: z.string().trim()
-      }),
-      response: {
-        200: z.object({
-          orgs: z.object({ name: z.string(), orgId: z.string() }).array()
-        })
-      }
-    },
-    handler: async (req) => {
-      const orgs = await server.services.integrationAuth.getGithubOrgs({
-        actorId: req.permission.id,
-        actor: req.permission.type,
-        actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
-        id: req.params.integrationAuthId
-      });
-      if (!orgs) throw new Error("No organization found.");
-
-      return { orgs };
-    }
-  });
-
-  server.route({
-    url: "/:integrationAuthId/github/envs",
-    method: "GET",
-    onRequest: verifyAuth([AuthMode.JWT]),
-    schema: {
-      params: z.object({
-        integrationAuthId: z.string().trim()
-      }),
-      querystring: z.object({
-        repoOwner: z.string().trim(),
-        repoName: z.string().trim()
-      }),
-      response: {
-        200: z.object({
-          envs: z.object({ name: z.string(), envId: z.string() }).array()
-        })
-      }
-    },
-    handler: async (req) => {
-      const envs = await server.services.integrationAuth.getGithubEnvs({
-        actorId: req.permission.id,
-        actor: req.permission.type,
-        actorOrgId: req.permission.orgId,
-        id: req.params.integrationAuthId,
-        actorAuthMethod: req.permission.authMethod,
-        repoName: req.query.repoName,
-        repoOwner: req.query.repoOwner
-      });
-      if (!envs) throw new Error("No organization found.");
-
-      return { envs };
-    }
-  });
-
   server.route({
     url: "/:integrationAuthId/qovery/orgs",
     method: "GET",
@@ -432,7 +361,6 @@ export const registerIntegrationAuthRouter = async (server: FastifyZodProvider)
       const orgs = await server.services.integrationAuth.getQoveryOrgs({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         id: req.params.integrationAuthId
       });
@@ -461,7 +389,6 @@ export const registerIntegrationAuthRouter = async (server: FastifyZodProvider)
       const projects = await server.services.integrationAuth.getQoveryProjects({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         id: req.params.integrationAuthId,
         orgId: req.query.orgId
@@ -491,7 +418,6 @@ export const registerIntegrationAuthRouter = async (server: FastifyZodProvider)
       const environments = await server.services.integrationAuth.getQoveryEnvs({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         id: req.params.integrationAuthId,
         projectId: req.query.projectId
@@ -521,7 +447,6 @@ export const registerIntegrationAuthRouter = async (server: FastifyZodProvider)
       const apps = await server.services.integrationAuth.getQoveryApps({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         id: req.params.integrationAuthId,
         environmentId: req.query.environmentId
@@ -551,7 +476,6 @@ export const registerIntegrationAuthRouter = async (server: FastifyZodProvider)
       const containers = await server.services.integrationAuth.getQoveryContainers({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         id: req.params.integrationAuthId,
         environmentId: req.query.environmentId
@@ -581,7 +505,6 @@ export const registerIntegrationAuthRouter = async (server: FastifyZodProvider)
       const jobs = await server.services.integrationAuth.getQoveryJobs({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         id: req.params.integrationAuthId,
         environmentId: req.query.environmentId
@@ -614,7 +537,6 @@ export const registerIntegrationAuthRouter = async (server: FastifyZodProvider)
       const pipelines = await server.services.integrationAuth.getHerokuPipelines({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         id: req.params.integrationAuthId
       });
@@ -643,7 +565,6 @@ export const registerIntegrationAuthRouter = async (server: FastifyZodProvider)
       const environments = await server.services.integrationAuth.getRailwayEnvironments({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         id: req.params.integrationAuthId,
         appId: req.query.appId
@@ -673,7 +594,6 @@ export const registerIntegrationAuthRouter = async (server: FastifyZodProvider)
       const services = await server.services.integrationAuth.getRailwayServices({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         id: req.params.integrationAuthId,
         appId: req.query.appId
@@ -710,7 +630,6 @@ export const registerIntegrationAuthRouter = async (server: FastifyZodProvider)
       const workspaces = await server.services.integrationAuth.getBitbucketWorkspaces({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         id: req.params.integrationAuthId
       });
@@ -744,7 +663,6 @@ export const registerIntegrationAuthRouter = async (server: FastifyZodProvider)
       const secretGroups = await server.services.integrationAuth.getNorthFlankSecretGroups({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         id: req.params.integrationAuthId,
         appId: req.query.appId
@@ -779,7 +697,6 @@ export const registerIntegrationAuthRouter = async (server: FastifyZodProvider)
       const buildConfigs = await server.services.integrationAuth.getTeamcityBuildConfigs({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         id: req.params.integrationAuthId,
         appId: req.query.appId

backend/src/server/routes/v1/integration-router.ts

@@ -33,7 +33,6 @@ export const registerIntegrationRouter = async (server: FastifyZodProvider) => {
             secretPrefix: z.string().optional(),
             secretSuffix: z.string().optional(),
             initialSyncBehavior: z.string().optional(),
-            shouldAutoRedeploy: z.boolean().optional(),
             secretGCPLabel: z
               .object({
                 labelName: z.string(),
@@ -54,7 +53,6 @@ export const registerIntegrationRouter = async (server: FastifyZodProvider) => {
       const { integration, integrationAuth } = await server.services.integration.createIntegration({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         ...req.body
       });
@@ -125,7 +123,6 @@ export const registerIntegrationRouter = async (server: FastifyZodProvider) => {
       const integration = await server.services.integration.updateIntegration({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         id: req.params.integrationId,
         ...req.body
@@ -151,7 +148,6 @@ export const registerIntegrationRouter = async (server: FastifyZodProvider) => {
     handler: async (req) => {
       const integration = await server.services.integration.deleteIntegration({
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actor: req.permission.type,
         actorOrgId: req.permission.orgId,
         id: req.params.integrationId

backend/src/server/routes/v1/invite-org-router.ts

@@ -29,7 +29,6 @@ export const registerInviteOrgRouter = async (server: FastifyZodProvider) => {
         orgId: req.body.organizationId,
         userId: req.permission.id,
         inviteeEmail: req.body.inviteeEmail,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId
       });
 

backend/src/server/routes/v1/organization-router.ts

@@ -15,7 +15,7 @@ export const registerOrgRouter = async (server: FastifyZodProvider) => {
         })
       }
     },
-    onRequest: verifyAuth([AuthMode.JWT], { requireOrg: false }),
+    onRequest: verifyAuth([AuthMode.JWT]),
     handler: async (req) => {
       const organizations = await server.services.org.findAllOrganizationOfUser(req.permission.id);
       return { organizations };
@@ -40,7 +40,6 @@ export const registerOrgRouter = async (server: FastifyZodProvider) => {
       const organization = await server.services.org.findOrganizationById(
         req.permission.id,
         req.params.organizationId,
-        req.permission.authMethod,
         req.permission.orgId
       );
       return { organization };
@@ -77,7 +76,6 @@ export const registerOrgRouter = async (server: FastifyZodProvider) => {
       const users = await server.services.org.findAllOrgMembers(
         req.permission.id,
         req.params.organizationId,
-        req.permission.authMethod,
         req.permission.orgId
       );
       return { users };
@@ -113,7 +111,6 @@ export const registerOrgRouter = async (server: FastifyZodProvider) => {
         actor: req.permission.type,
         actorId: req.permission.id,
         actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
         orgId: req.params.organizationId,
         data: req.body
       });
@@ -141,7 +138,6 @@ export const registerOrgRouter = async (server: FastifyZodProvider) => {
       const incidentContactsOrg = await req.server.services.org.findIncidentContacts(
         req.permission.id,
         req.params.organizationId,
-        req.permission.authMethod,
         req.permission.orgId
       );
       return { incidentContactsOrg };
@@ -166,7 +162,6 @@ export const registerOrgRouter = async (server: FastifyZodProvider) => {
         req.permission.id,
         req.params.organizationId,
         req.body.email,
-        req.permission.authMethod,
         req.permission.orgId
       );
       return { incidentContactsOrg };
@@ -190,7 +185,6 @@ export const registerOrgRouter = async (server: FastifyZodProvider) => {
         req.permission.id,
         req.params.organizationId,
         req.params.incidentContactId,
-        req.permission.authMethod,
         req.permission.orgId
       );
       return { incidentContactsOrg };

backend/src/server/routes/v1/project-env-router.ts

@@ -39,7 +39,6 @@ export const registerProjectEnvRouter = async (server: FastifyZodProvider) => {
         actorId: req.permission.id,
         actor: req.permission.type,
         actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
         projectId: req.params.workspaceId,
         ...req.body
       });
@@ -96,7 +95,6 @@ export const registerProjectEnvRouter = async (server: FastifyZodProvider) => {
       const { environment, old } = await server.services.projectEnv.updateEnvironment({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         projectId: req.params.workspaceId,
         id: req.params.id,
@@ -155,7 +153,6 @@ export const registerProjectEnvRouter = async (server: FastifyZodProvider) => {
       const environment = await server.services.projectEnv.deleteEnvironment({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         projectId: req.params.workspaceId,
         id: req.params.id

backend/src/server/routes/v1/project-key-router.ts

@@ -30,7 +30,6 @@ export const registerProjectKeyRouter = async (server: FastifyZodProvider) => {
         projectId: req.params.workspaceId,
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         nonce: req.body.key.nonce,
         receiverId: req.body.key.userId,

backend/src/server/routes/v1/project-membership-router.ts

@@ -66,7 +66,6 @@ export const registerProjectMembershipRouter = async (server: FastifyZodProvider
       const memberships = await server.services.projectMembership.getProjectMemberships({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         projectId: req.params.workspaceId
       });
@@ -103,7 +102,6 @@ export const registerProjectMembershipRouter = async (server: FastifyZodProvider
       const data = await server.services.projectMembership.addUsersToProject({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         projectId: req.params.workspaceId,
         members: req.body.members
@@ -172,7 +170,6 @@ export const registerProjectMembershipRouter = async (server: FastifyZodProvider
       const roles = await server.services.projectMembership.updateProjectMembership({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         projectId: req.params.workspaceId,
         membershipId: req.params.membershipId,
@@ -222,7 +219,6 @@ export const registerProjectMembershipRouter = async (server: FastifyZodProvider
       const membership = await server.services.projectMembership.deleteProjectMembership({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         projectId: req.params.workspaceId,
         membershipId: req.params.membershipId

backend/src/server/routes/v1/project-router.ts

@@ -10,7 +10,6 @@ import {
 import { PROJECTS } from "@app/lib/api-docs";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";
-import { ProjectFilterType } from "@app/services/project/project-types";
 
 import { integrationAuthPubSchema } from "../sanitizedSchemas";
 import { sanitizedServiceTokenSchema } from "../v2/service-token-router";
@@ -46,7 +45,6 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
       const publicKeys = await server.services.projectKey.getProjectPublicKeys({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         projectId: req.params.workspaceId
       });
@@ -99,7 +97,6 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
       const users = await server.services.projectMembership.getProjectMemberships({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         projectId: req.params.workspaceId,
         actorOrgId: req.permission.orgId
       });
@@ -140,14 +137,37 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
     onRequest: verifyAuth([AuthMode.JWT, AuthMode.SERVICE_TOKEN, AuthMode.IDENTITY_ACCESS_TOKEN]),
     handler: async (req) => {
       const workspace = await server.services.project.getAProject({
-        filter: {
-          type: ProjectFilterType.ID,
-          projectId: req.params.workspaceId
-        },
-        actorAuthMethod: req.permission.authMethod,
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorOrgId: req.permission.orgId
+        actorOrgId: req.permission.orgId,
+        projectId: req.params.workspaceId
+      });
+      return { workspace };
+    }
+  });
+
+  server.route({
+    url: "/",
+    method: "POST",
+    schema: {
+      body: z.object({
+        workspaceName: z.string().trim(),
+        organizationId: z.string().trim()
+      }),
+      response: {
+        200: z.object({
+          workspace: projectWithEnv
+        })
+      }
+    },
+    onRequest: verifyAuth([AuthMode.JWT]),
+    handler: async (req) => {
+      const workspace = await server.services.project.createProject({
+        actorId: req.permission.id,
+        actor: req.permission.type,
+        orgId: req.body.organizationId,
+        actorOrgId: req.permission.orgId,
+        workspaceName: req.body.workspaceName
       });
       return { workspace };
     }
@@ -169,14 +189,10 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
     onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
     handler: async (req) => {
       const workspace = await server.services.project.deleteProject({
-        filter: {
-          type: ProjectFilterType.ID,
-          projectId: req.params.workspaceId
-        },
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actor: req.permission.type,
-        actorOrgId: req.permission.orgId
+        actorOrgId: req.permission.orgId,
+        projectId: req.params.workspaceId
       });
       return { workspace };
     }
@@ -204,7 +220,6 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
       const workspace = await server.services.project.updateName({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         projectId: req.params.workspaceId,
         name: req.body.name
@@ -238,21 +253,17 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
         })
       }
     },
-    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
+    onRequest: verifyAuth([AuthMode.JWT]),
     handler: async (req) => {
       const workspace = await server.services.project.updateProject({
-        filter: {
-          type: ProjectFilterType.ID,
-          projectId: req.params.workspaceId
-        },
+        actorId: req.permission.id,
+        actor: req.permission.type,
+        actorOrgId: req.permission.orgId,
+        projectId: req.params.workspaceId,
         update: {
           name: req.body.name,
           autoCapitalization: req.body.autoCapitalization
-        },
-        actorAuthMethod: req.permission.authMethod,
-        actorId: req.permission.id,
-        actor: req.permission.type,
-        actorOrgId: req.permission.orgId
+        }
       });
       return {
         workspace
@@ -282,7 +293,6 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
       const workspace = await server.services.project.toggleAutoCapitalization({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         projectId: req.params.workspaceId,
         autoCapitalization: req.body.autoCapitalization
@@ -319,7 +329,6 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
     handler: async (req) => {
       const integrations = await server.services.integration.listIntegrationByProject({
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actor: req.permission.type,
         actorOrgId: req.permission.orgId,
         projectId: req.params.workspaceId
@@ -345,7 +354,6 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
     handler: async (req) => {
       const authorizations = await server.services.integrationAuth.listIntegrationAuthByProjectId({
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actor: req.permission.type,
         actorOrgId: req.permission.orgId,
         projectId: req.params.workspaceId
@@ -371,7 +379,6 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
     handler: async (req) => {
       const serviceTokenData = await server.services.serviceToken.getProjectServiceTokens({
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actor: req.permission.type,
         actorOrgId: req.permission.orgId,
         projectId: req.params.workspaceId

backend/src/server/routes/v1/secret-folder-router.ts

@@ -39,7 +39,6 @@ export const registerSecretFolderRouter = async (server: FastifyZodProvider) =>
       const folder = await server.services.folder.createFolder({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         ...req.body,
         projectId: req.body.workspaceId,
@@ -97,7 +96,6 @@ export const registerSecretFolderRouter = async (server: FastifyZodProvider) =>
       const { folder, old } = await server.services.folder.updateFolder({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         ...req.body,
         projectId: req.body.workspaceId,
@@ -156,7 +154,6 @@ export const registerSecretFolderRouter = async (server: FastifyZodProvider) =>
       const folder = await server.services.folder.deleteFolder({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         ...req.body,
         projectId: req.body.workspaceId,
@@ -210,7 +207,6 @@ export const registerSecretFolderRouter = async (server: FastifyZodProvider) =>
       const folders = await server.services.folder.getFolders({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         ...req.query,
         projectId: req.query.workspaceId,

backend/src/server/routes/v1/secret-import-router.ts

@@ -44,7 +44,6 @@ export const registerSecretImportRouter = async (server: FastifyZodProvider) =>
       const secretImport = await server.services.secretImport.createImport({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         ...req.body,
         projectId: req.body.workspaceId,
@@ -115,7 +114,6 @@ export const registerSecretImportRouter = async (server: FastifyZodProvider) =>
       const secretImport = await server.services.secretImport.updateImport({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         id: req.params.secretImportId,
         ...req.body,
@@ -177,7 +175,6 @@ export const registerSecretImportRouter = async (server: FastifyZodProvider) =>
       const secretImport = await server.services.secretImport.deleteImport({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         id: req.params.secretImportId,
         ...req.body,
@@ -237,7 +234,6 @@ export const registerSecretImportRouter = async (server: FastifyZodProvider) =>
       const secretImports = await server.services.secretImport.getImports({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         ...req.query,
         projectId: req.query.workspaceId
@@ -291,7 +287,6 @@ export const registerSecretImportRouter = async (server: FastifyZodProvider) =>
       const importedSecrets = await server.services.secretImport.getSecretsFromImports({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         ...req.query,
         projectId: req.query.workspaceId

backend/src/server/routes/v1/secret-tag-router.ts

@@ -23,7 +23,6 @@ export const registerSecretTagRouter = async (server: FastifyZodProvider) => {
       const workspaceTags = await server.services.secretTag.getProjectTags({
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         projectId: req.params.projectId
       });
@@ -54,7 +53,6 @@ export const registerSecretTagRouter = async (server: FastifyZodProvider) => {
       const workspaceTag = await server.services.secretTag.createTag({
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         projectId: req.params.projectId,
         ...req.body
@@ -82,7 +80,6 @@ export const registerSecretTagRouter = async (server: FastifyZodProvider) => {
       const workspaceTag = await server.services.secretTag.deleteTag({
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         id: req.params.tagId
       });

backend/src/server/routes/v1/user-router.ts

@@ -15,7 +15,7 @@ export const registerUserRouter = async (server: FastifyZodProvider) => {
         })
       }
     },
-    onRequest: verifyAuth([AuthMode.JWT], { requireOrg: false }),
+    onRequest: verifyAuth([AuthMode.JWT]),
     handler: async (req) => {
       const user = await server.services.user.getMe(req.permission.id);
       return { user };

backend/src/server/routes/v1/webhook-router.ts

@@ -47,7 +47,6 @@ export const registerWebhookRouter = async (server: FastifyZodProvider) => {
       const webhook = await server.services.webhook.createWebhook({
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         projectId: req.body.workspaceId,
         ...req.body
@@ -94,7 +93,6 @@ export const registerWebhookRouter = async (server: FastifyZodProvider) => {
       const webhook = await server.services.webhook.updateWebhook({
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         id: req.params.webhookId,
         isDisabled: req.body.isDisabled
@@ -132,7 +130,6 @@ export const registerWebhookRouter = async (server: FastifyZodProvider) => {
       const webhook = await server.services.webhook.deleteWebhook({
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         id: req.params.webhookId
       });
@@ -175,7 +172,6 @@ export const registerWebhookRouter = async (server: FastifyZodProvider) => {
       const webhook = await server.services.webhook.testWebhook({
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         id: req.params.webhookId
       });
@@ -208,7 +204,6 @@ export const registerWebhookRouter = async (server: FastifyZodProvider) => {
       const webhooks = await server.services.webhook.listWebhooks({
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         ...req.query,
         projectId: req.query.workspaceId

backend/src/server/routes/v2/identity-org-router.ts

@@ -42,7 +42,6 @@ export const registerIdentityOrgRouter = async (server: FastifyZodProvider) => {
       const identityMemberships = await server.services.identity.listOrgIdentities({
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         orgId: req.params.orgId
       });

backend/src/server/routes/v2/identity-project-router.ts

@@ -35,7 +35,6 @@ export const registerIdentityProjectRouter = async (server: FastifyZodProvider)
       const identityMembership = await server.services.identityProject.createProjectIdentity({
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         identityId: req.params.identityId,
         projectId: req.params.projectId,
@@ -90,7 +89,6 @@ export const registerIdentityProjectRouter = async (server: FastifyZodProvider)
       const roles = await server.services.identityProject.updateProjectIdentity({
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         identityId: req.params.identityId,
         projectId: req.params.projectId,
@@ -125,7 +123,6 @@ export const registerIdentityProjectRouter = async (server: FastifyZodProvider)
       const identityMembership = await server.services.identityProject.deleteProjectIdentity({
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         identityId: req.params.identityId,
         projectId: req.params.projectId
@@ -180,7 +177,6 @@ export const registerIdentityProjectRouter = async (server: FastifyZodProvider)
       const identityMemberships = await server.services.identityProject.listProjectIdentities({
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         projectId: req.params.projectId
       });

backend/src/server/routes/v2/mfa-router.ts

@@ -68,14 +68,11 @@ export const registerMfaRouter = async (server: FastifyZodProvider) => {
     },
     handler: async (req, res) => {
       const userAgent = req.headers["user-agent"];
-      const mfaJwtToken = req.headers.authorization?.replace("Bearer ", "");
       if (!userAgent) throw new Error("user agent header is required");
-      if (!mfaJwtToken) throw new Error("authorization header is required");
       const appCfg = getConfig();
 
       const { user, token } = await server.services.login.verifyMfaToken({
         userAgent,
-        mfaJwtToken,
         ip: req.realIp,
         userId: req.mfa.userId,
         orgId: req.mfa.orgId,

backend/src/server/routes/v2/organization-router.ts

@@ -45,7 +45,6 @@ export const registerOrgRouter = async (server: FastifyZodProvider) => {
       const users = await server.services.org.findAllOrgMembers(
         req.permission.id,
         req.params.organizationId,
-        req.permission.authMethod,
         req.permission.orgId
       );
       return { users };
@@ -90,7 +89,6 @@ export const registerOrgRouter = async (server: FastifyZodProvider) => {
         actor: req.permission.type,
         actorId: req.permission.id,
         actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
         orgId: req.params.organizationId
       });
 
@@ -129,7 +127,6 @@ export const registerOrgRouter = async (server: FastifyZodProvider) => {
       const membership = await server.services.org.updateOrgMembership({
         userId: req.permission.id,
         role: req.body.role,
-        actorAuthMethod: req.permission.authMethod,
         orgId: req.params.organizationId,
         membershipId: req.params.membershipId,
         actorOrgId: req.permission.orgId
@@ -165,7 +162,6 @@ export const registerOrgRouter = async (server: FastifyZodProvider) => {
 
       const membership = await server.services.org.deleteOrgMembership({
         userId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         orgId: req.params.organizationId,
         membershipId: req.params.membershipId,
         actorOrgId: req.permission.orgId
@@ -187,7 +183,7 @@ export const registerOrgRouter = async (server: FastifyZodProvider) => {
         })
       }
     },
-    onRequest: verifyAuth([AuthMode.JWT, AuthMode.API_KEY], { requireOrg: false }),
+    onRequest: verifyAuth([AuthMode.JWT, AuthMode.API_KEY]),
     handler: async (req) => {
       if (req.auth.actor !== ActorType.USER) return;
 
@@ -221,7 +217,6 @@ export const registerOrgRouter = async (server: FastifyZodProvider) => {
       const organization = await server.services.org.deleteOrganizationById(
         req.permission.id,
         req.params.organizationId,
-        req.permission.authMethod,
         req.permission.orgId
       );
       return { organization };

backend/src/server/routes/v2/project-membership-router.ts

@@ -28,9 +28,7 @@ export const registerProjectMembershipRouter = async (server: FastifyZodProvider
     handler: async (req) => {
       const memberships = await server.services.projectMembership.addUsersToProjectNonE2EE({
         projectId: req.params.projectId,
-        actorAuthMethod: req.permission.authMethod,
         actorId: req.permission.id,
-        actorOrgId: req.permission.orgId,
         actor: req.permission.type,
         emails: req.body.emails,
         usernames: req.body.usernames
@@ -76,7 +74,6 @@ export const registerProjectMembershipRouter = async (server: FastifyZodProvider
       const memberships = await server.services.projectMembership.deleteProjectMemberships({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         projectId: req.params.projectId,
         emails: req.body.emails,

backend/src/server/routes/v2/project-router.ts

@@ -8,7 +8,6 @@ import { authRateLimit } from "@app/server/config/rateLimiter";
 import { getTelemetryDistinctId } from "@app/server/lib/telemetry";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";
-import { ProjectFilterType } from "@app/services/project/project-types";
 import { PostHogEventTypes } from "@app/services/telemetry/telemetry-types";
 
 const projectWithEnv = ProjectsSchema.merge(
@@ -18,14 +17,6 @@ const projectWithEnv = ProjectsSchema.merge(
   })
 );
 
-const slugSchema = z
-  .string()
-  .min(5)
-  .max(36)
-  .refine((v) => slugify(v) === v, {
-    message: "Slug must be at least 5 character but no more than 36"
-  });
-
 export const registerProjectRouter = async (server: FastifyZodProvider) => {
   /* Get project key */
   server.route({
@@ -56,7 +47,6 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
       const key = await server.services.projectKey.getLatestProjectKey({
         actor: req.permission.type,
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         projectId: req.params.workspaceId
       });
@@ -84,6 +74,7 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
       params: z.object({
         projectId: z.string().trim()
       }),
+
       body: z.object({
         userPrivateKey: z.string().trim()
       }),
@@ -91,13 +82,11 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
         200: z.void()
       }
     },
-    onRequest: verifyAuth([AuthMode.JWT]),
+    onRequest: verifyAuth([AuthMode.JWT, AuthMode.API_KEY]),
     handler: async (req) => {
       await server.services.project.upgradeProject({
         actorId: req.permission.id,
-        actorOrgId: req.permission.orgId,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         projectId: req.params.projectId,
         userPrivateKey: req.body.userPrivateKey
       });
@@ -118,11 +107,9 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
         })
       }
     },
-    onRequest: verifyAuth([AuthMode.JWT]),
+    onRequest: verifyAuth([AuthMode.JWT, AuthMode.API_KEY]),
     handler: async (req) => {
       const status = await server.services.project.getProjectUpgradeStatus({
-        actorAuthMethod: req.permission.authMethod,
-        actorOrgId: req.permission.orgId,
         projectId: req.params.projectId,
         actor: req.permission.type,
         actorId: req.permission.id
@@ -150,7 +137,8 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
             message: "Slug must be a valid slug"
           })
           .optional()
-          .describe(PROJECTS.CREATE.slug)
+          .describe(PROJECTS.CREATE.slug),
+        organizationId: z.string().trim().describe(PROJECTS.CREATE.organizationId)
       }),
       response: {
         200: z.object({
@@ -158,13 +146,12 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
         })
       }
     },
-    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
+    onRequest: verifyAuth([AuthMode.JWT, AuthMode.API_KEY, AuthMode.IDENTITY_ACCESS_TOKEN]),
     handler: async (req) => {
       const project = await server.services.project.createProject({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
+        orgId: req.body.organizationId,
         workspaceName: req.body.projectName,
         slug: req.body.slug
       });
@@ -173,7 +160,7 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
         event: PostHogEventTypes.ProjectCreated,
         distinctId: getTelemetryDistinctId(req),
         properties: {
-          orgId: project.orgId,
+          orgId: req.body.organizationId,
           name: project.name,
           ...req.auditLogInfo
         }
@@ -182,104 +169,4 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
       return { project };
     }
   });
-
-  /* Delete a project by slug */
-  server.route({
-    method: "DELETE",
-    url: "/:slug",
-    schema: {
-      params: z.object({
-        slug: slugSchema.describe("The slug of the project to delete.")
-      }),
-      response: {
-        200: ProjectsSchema
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
-
-    handler: async (req) => {
-      const project = await server.services.project.deleteProject({
-        filter: {
-          type: ProjectFilterType.SLUG,
-          slug: req.params.slug,
-          orgId: req.permission.orgId
-        },
-        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
-        actorOrgId: req.permission.orgId,
-        actor: req.permission.type
-      });
-
-      return project;
-    }
-  });
-
-  /* Get a project by slug */
-  server.route({
-    method: "GET",
-    url: "/:slug",
-    schema: {
-      params: z.object({
-        slug: slugSchema.describe("The slug of the project to get.")
-      }),
-      response: {
-        200: projectWithEnv
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
-    handler: async (req) => {
-      const project = await server.services.project.getAProject({
-        filter: {
-          slug: req.params.slug,
-          orgId: req.permission.orgId,
-          type: ProjectFilterType.SLUG
-        },
-        actorId: req.permission.id,
-        actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
-        actor: req.permission.type
-      });
-
-      return project;
-    }
-  });
-
-  /* Update a project by slug */
-  server.route({
-    method: "PATCH",
-    url: "/:slug",
-    schema: {
-      params: z.object({
-        slug: slugSchema.describe("The slug of the project to update.")
-      }),
-      body: z.object({
-        name: z.string().trim().optional().describe("The new name of the project."),
-        autoCapitalization: z.boolean().optional().describe("The new auto-capitalization setting.")
-      }),
-      response: {
-        200: ProjectsSchema
-      }
-    },
-
-    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
-    handler: async (req) => {
-      const project = await server.services.project.updateProject({
-        filter: {
-          type: ProjectFilterType.SLUG,
-          slug: req.params.slug,
-          orgId: req.permission.orgId
-        },
-        update: {
-          name: req.body.name,
-          autoCapitalization: req.body.autoCapitalization
-        },
-        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
-        actor: req.permission.type,
-        actorOrgId: req.permission.orgId
-      });
-
-      return project;
-    }
-  });
 };

backend/src/server/routes/v2/service-token-router.ts

@@ -46,8 +46,6 @@ export const registerServiceTokenRouter = async (server: FastifyZodProvider) =>
     handler: async (req) => {
       const { serviceToken, user } = await server.services.serviceToken.getServiceToken({
         actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
-        actorOrgId: req.permission.orgId,
         actor: req.permission.type
       });
 
@@ -100,7 +98,6 @@ export const registerServiceTokenRouter = async (server: FastifyZodProvider) =>
       const { serviceToken, token } = await server.services.serviceToken.createServiceToken({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         ...req.body,
         projectId: req.body.workspaceId
@@ -139,7 +136,6 @@ export const registerServiceTokenRouter = async (server: FastifyZodProvider) =>
       const serviceTokenData = await server.services.serviceToken.deleteServiceToken({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         id: req.params.serviceTokenId
       });

backend/src/server/routes/v2/user-router.ts

@@ -60,7 +60,7 @@ export const registerUserRouter = async (server: FastifyZodProvider) => {
         })
       }
     },
-    preHandler: verifyAuth([AuthMode.JWT, AuthMode.API_KEY], { requireOrg: false }),
+    preHandler: verifyAuth([AuthMode.JWT, AuthMode.API_KEY]),
     handler: async (req) => {
       const user = await server.services.user.updateAuthMethods(req.permission.id, req.body.authMethods);
       return { user };

backend/src/server/routes/v3/login-router.ts

@@ -34,42 +34,6 @@ export const registerLoginRouter = async (server: FastifyZodProvider) => {
     }
   });
 
-  server.route({
-    method: "POST",
-    url: "/select-organization",
-    config: {
-      rateLimit: authRateLimit
-    },
-    schema: {
-      body: z.object({
-        organizationId: z.string().trim()
-      }),
-      response: {
-        200: z.object({
-          token: z.string()
-        })
-      }
-    },
-    handler: async (req, res) => {
-      const cfg = getConfig();
-      const tokens = await server.services.login.selectOrganization({
-        userAgent: req.headers["user-agent"],
-        authJwtToken: req.headers.authorization,
-        organizationId: req.body.organizationId,
-        ipAddress: req.realIp
-      });
-
-      void res.setCookie("jid", tokens.refresh, {
-        httpOnly: true,
-        path: "/",
-        sameSite: "strict",
-        secure: cfg.HTTPS_ENABLED
-      });
-
-      return { token: tokens.access };
-    }
-  });
-
   server.route({
     method: "POST",
     url: "/login2",

backend/src/server/routes/v3/secret-blind-index-router.ts

@@ -20,7 +20,6 @@ export const registerSecretBlindIndexRouter = async (server: FastifyZodProvider)
     handler: async (req) => {
       const count = await server.services.secretBlindIndex.getSecretBlindIndexStatus({
         projectId: req.params.projectId,
-        actorAuthMethod: req.permission.authMethod,
         actorId: req.permission.id,
         actor: req.permission.type,
         actorOrgId: req.permission.orgId
@@ -53,7 +52,6 @@ export const registerSecretBlindIndexRouter = async (server: FastifyZodProvider)
     handler: async (req) => {
       const secrets = await server.services.secretBlindIndex.getProjectSecrets({
         projectId: req.params.projectId,
-        actorAuthMethod: req.permission.authMethod,
         actorId: req.permission.id,
         actor: req.permission.type,
         actorOrgId: req.permission.orgId
@@ -88,7 +86,6 @@ export const registerSecretBlindIndexRouter = async (server: FastifyZodProvider)
       await server.services.secretBlindIndex.updateProjectSecretName({
         projectId: req.params.projectId,
         secretsToUpdate: req.body.secretsToUpdate,
-        actorAuthMethod: req.permission.authMethod,
         actorId: req.permission.id,
         actor: req.permission.type,
         actorOrgId: req.permission.orgId

backend/src/server/routes/v3/secret-router.ts

@@ -17,7 +17,6 @@ import { getTelemetryDistinctId } from "@app/server/lib/telemetry";
 import { getUserAgentType } from "@app/server/plugins/audit-log";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { ActorType, AuthMode } from "@app/services/auth/auth-type";
-import { ProjectFilterType } from "@app/services/project/project-types";
 import { PostHogEventTypes } from "@app/services/telemetry/telemetry-types";
 
 import { secretRawSchema } from "../sanitizedSchemas";
@@ -36,7 +35,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
       ],
       querystring: z.object({
         workspaceId: z.string().trim().optional().describe(RAW_SECRETS.LIST.workspaceId),
-        workspaceSlug: z.string().trim().optional().describe(RAW_SECRETS.LIST.workspaceSlug),
         environment: z.string().trim().optional().describe(RAW_SECRETS.LIST.environment),
         secretPath: z.string().trim().default("/").transform(removeTrailingSlash).describe(RAW_SECRETS.LIST.secretPath),
         include_imports: z
@@ -72,22 +70,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
           environment = scope[0].environment;
           workspaceId = req.auth.serviceToken.projectId;
         }
-      } else if (req.permission.type === ActorType.IDENTITY && req.query.workspaceSlug && !workspaceId) {
-        const workspace = await server.services.project.getAProject({
-          filter: {
-            type: ProjectFilterType.SLUG,
-            orgId: req.permission.orgId,
-            slug: req.query.workspaceSlug
-          },
-          actorId: req.permission.id,
-          actorAuthMethod: req.permission.authMethod,
-          actor: req.permission.type,
-          actorOrgId: req.permission.orgId
-        });
-
-        if (!workspace) throw new BadRequestError({ message: `No project found with slug ${req.query.workspaceSlug}` });
-
-        workspaceId = workspace.id;
       }
 
       if (!workspaceId || !environment) throw new BadRequestError({ message: "Missing workspace id or environment" });
@@ -97,14 +79,13 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
         actor: req.permission.type,
         actorOrgId: req.permission.orgId,
         environment,
-        actorAuthMethod: req.permission.authMethod,
         projectId: workspaceId,
         path: secretPath,
         includeImports: req.query.include_imports
       });
 
       await server.services.auditLog.createAuditLog({
-        projectId: workspaceId,
+        projectId: req.query.workspaceId,
         ...req.auditLogInfo,
         event: {
           type: EventType.GET_SECRETS,
@@ -182,7 +163,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
       const secret = await server.services.secret.getSecretByNameRaw({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         environment,
         projectId: workspaceId,
@@ -268,7 +248,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
         actor: req.permission.type,
         actorOrgId: req.permission.orgId,
         environment: req.body.environment,
-        actorAuthMethod: req.permission.authMethod,
         projectId: req.body.workspaceId,
         secretPath: req.body.secretPath,
         secretName: req.params.secretName,
@@ -352,7 +331,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
         actorId: req.permission.id,
         actor: req.permission.type,
         actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
         environment: req.body.environment,
         projectId: req.body.workspaceId,
         secretPath: req.body.secretPath,
@@ -429,7 +407,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
       const secret = await server.services.secret.deleteSecretRaw({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         environment: req.body.environment,
         projectId: req.body.workspaceId,
@@ -525,7 +502,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
       const { secrets, imports } = await server.services.secret.getSecrets({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         environment: req.query.environment,
         projectId: req.query.workspaceId,
@@ -612,7 +588,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
       const secret = await server.services.secret.getSecretByName({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         environment: req.query.environment,
         projectId: req.query.workspaceId,
@@ -715,8 +690,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
       if (req.body.type !== SecretType.Personal && req.permission.type === ActorType.USER) {
         const policy = await server.services.secretApprovalPolicy.getSecretApprovalPolicyOfFolder({
           actorId: req.permission.id,
-          actorOrgId: req.permission.orgId,
-          actorAuthMethod: req.permission.authMethod,
           actor: req.permission.type,
           secretPath,
           environment,
@@ -726,7 +699,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
           const approval = await server.services.secretApprovalRequest.generateSecretApprovalRequest({
             actorId: req.permission.id,
             actor: req.permission.type,
-            actorAuthMethod: req.permission.authMethod,
             actorOrgId: req.permission.orgId,
             secretPath,
             environment,
@@ -770,7 +742,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
       const secret = await server.services.secret.createSecret({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         path: secretPath,
         type,
@@ -895,7 +866,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
         const policy = await server.services.secretApprovalPolicy.getSecretApprovalPolicyOfFolder({
           actorId: req.permission.id,
           actor: req.permission.type,
-          actorAuthMethod: req.permission.authMethod,
           actorOrgId: req.permission.orgId,
           secretPath,
           environment,
@@ -905,7 +875,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
           const approval = await server.services.secretApprovalRequest.generateSecretApprovalRequest({
             actorId: req.permission.id,
             actor: req.permission.type,
-            actorAuthMethod: req.permission.authMethod,
             actorOrgId: req.permission.orgId,
             secretPath,
             environment,
@@ -951,7 +920,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
       const secret = await server.services.secret.updateSecret({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         path: secretPath,
         type,
@@ -1042,7 +1010,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
         const policy = await server.services.secretApprovalPolicy.getSecretApprovalPolicyOfFolder({
           actorId: req.permission.id,
           actor: req.permission.type,
-          actorAuthMethod: req.permission.authMethod,
           actorOrgId: req.permission.orgId,
           secretPath,
           environment,
@@ -1052,7 +1019,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
           const approval = await server.services.secretApprovalRequest.generateSecretApprovalRequest({
             actorId: req.permission.id,
             actor: req.permission.type,
-            actorAuthMethod: req.permission.authMethod,
             actorOrgId: req.permission.orgId,
             secretPath,
             environment,
@@ -1086,7 +1052,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
       const secret = await server.services.secret.deleteSecret({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         path: secretPath,
         type,
@@ -1169,7 +1134,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
         const policy = await server.services.secretApprovalPolicy.getSecretApprovalPolicyOfFolder({
           actorId: req.permission.id,
           actor: req.permission.type,
-          actorAuthMethod: req.permission.authMethod,
           actorOrgId: req.permission.orgId,
           secretPath,
           environment,
@@ -1179,7 +1143,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
           const approval = await server.services.secretApprovalRequest.generateSecretApprovalRequest({
             actorId: req.permission.id,
             actor: req.permission.type,
-            actorAuthMethod: req.permission.authMethod,
             actorOrgId: req.permission.orgId,
             secretPath,
             environment,
@@ -1209,7 +1172,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
       const secrets = await server.services.secret.createManySecret({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         path: secretPath,
         environment,
@@ -1293,7 +1255,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
         const policy = await server.services.secretApprovalPolicy.getSecretApprovalPolicyOfFolder({
           actorId: req.permission.id,
           actor: req.permission.type,
-          actorAuthMethod: req.permission.authMethod,
           actorOrgId: req.permission.orgId,
           secretPath,
           environment,
@@ -1303,7 +1264,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
           const approval = await server.services.secretApprovalRequest.generateSecretApprovalRequest({
             actorId: req.permission.id,
             actor: req.permission.type,
-            actorAuthMethod: req.permission.authMethod,
             actorOrgId: req.permission.orgId,
             secretPath,
             environment,
@@ -1332,7 +1292,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
       const secrets = await server.services.secret.updateManySecret({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         path: secretPath,
         environment,
@@ -1405,7 +1364,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
         const policy = await server.services.secretApprovalPolicy.getSecretApprovalPolicyOfFolder({
           actorId: req.permission.id,
           actor: req.permission.type,
-          actorAuthMethod: req.permission.authMethod,
           actorOrgId: req.permission.orgId,
           secretPath,
           environment,
@@ -1415,7 +1373,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
           const approval = await server.services.secretApprovalRequest.generateSecretApprovalRequest({
             actorId: req.permission.id,
             actor: req.permission.type,
-            actorAuthMethod: req.permission.authMethod,
             actorOrgId: req.permission.orgId,
             secretPath,
             environment,
@@ -1443,7 +1400,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
       const secrets = await server.services.secret.deleteManySecret({
         actorId: req.permission.id,
         actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         path: req.body.secretPath,
         environment,

backend/src/server/routes/v3/signup-router.ts

@@ -108,8 +108,7 @@ export const registerSignupRouter = async (server: FastifyZodProvider) => {
         200: z.object({
           message: z.string(),
           user: UsersSchema,
-          token: z.string(),
-          organizationId: z.string().nullish()
+          token: z.string()
         })
       }
     },
@@ -125,13 +124,12 @@ export const registerSignupRouter = async (server: FastifyZodProvider) => {
         });
       }
 
-      const { user, accessToken, refreshToken, organizationId } =
-        await server.services.signup.completeEmailAccountSignup({
-          ...req.body,
-          ip: req.realIp,
-          userAgent,
-          authorization: req.headers.authorization as string
-        });
+      const { user, accessToken, refreshToken } = await server.services.signup.completeEmailAccountSignup({
+        ...req.body,
+        ip: req.realIp,
+        userAgent,
+        authorization: req.headers.authorization as string
+      });
 
       if (user.email) {
         void server.services.telemetry.sendLoopsEvent(user.email, user.firstName || "", user.lastName || "");
@@ -154,7 +152,7 @@ export const registerSignupRouter = async (server: FastifyZodProvider) => {
         secure: appCfg.HTTPS_ENABLED
       });
 
-      return { message: "Successfully set up account", user, token: accessToken, organizationId };
+      return { message: "Successfully set up account", user, token: accessToken };
     }
   });
 

backend/src/services/auth/auth-fns.ts

@@ -15,10 +15,10 @@ export const validateProviderAuthToken = (providerToken: string, username?: stri
   if (decodedToken.username !== username) throw new Error("Invalid auth credentials");
 
   if (decodedToken.organizationId) {
-    return { orgId: decodedToken.organizationId, authMethod: decodedToken.authMethod };
+    return { orgId: decodedToken.organizationId };
   }
 
-  return { authMethod: decodedToken.authMethod, orgId: null };
+  return {};
 };
 
 export const validateSignUpAuthorization = (token: string, userId: string, validate = true) => {

backend/src/services/auth/auth-login-service.ts

@@ -1,16 +1,13 @@
 import jwt from "jsonwebtoken";
 
 import { TUsers, UserDeviceSchema } from "@app/db/schemas";
-import { isAuthMethodSaml } from "@app/ee/services/permission/permission-fns";
 import { getConfig } from "@app/lib/config/env";
 import { generateSrpServerKey, srpCheckClientProof } from "@app/lib/crypto";
-import { BadRequestError, UnauthorizedError } from "@app/lib/errors";
+import { BadRequestError } from "@app/lib/errors";
 import { getServerCfg } from "@app/services/super-admin/super-admin-service";
 
-import { TTokenDALFactory } from "../auth-token/auth-token-dal";
 import { TAuthTokenServiceFactory } from "../auth-token/auth-token-service";
 import { TokenType } from "../auth-token/auth-token-types";
-import { TOrgDALFactory } from "../org/org-dal";
 import { SmtpTemplates, TSmtpService } from "../smtp/smtp-service";
 import { TUserDALFactory } from "../user/user-dal";
 import { validateProviderAuthToken } from "./auth-fns";
@@ -20,24 +17,16 @@ import {
   TOauthLoginDTO,
   TVerifyMfaTokenDTO
 } from "./auth-login-type";
-import { AuthMethod, AuthModeJwtTokenPayload, AuthModeMfaJwtTokenPayload, AuthTokenType } from "./auth-type";
+import { AuthMethod, AuthTokenType } from "./auth-type";
 
 type TAuthLoginServiceFactoryDep = {
   userDAL: TUserDALFactory;
-  orgDAL: TOrgDALFactory;
   tokenService: TAuthTokenServiceFactory;
   smtpService: TSmtpService;
-  tokenDAL: TTokenDALFactory;
 };
 
 export type TAuthLoginFactory = ReturnType<typeof authLoginServiceFactory>;
-export const authLoginServiceFactory = ({
-  userDAL,
-  tokenService,
-  smtpService,
-  orgDAL,
-  tokenDAL
-}: TAuthLoginServiceFactoryDep) => {
+export const authLoginServiceFactory = ({ userDAL, tokenService, smtpService }: TAuthLoginServiceFactoryDep) => {
   /*
    * Private
    * Not exported. This is to update user device list
@@ -94,14 +83,12 @@ export const authLoginServiceFactory = ({
     user,
     ip,
     userAgent,
-    organizationId,
-    authMethod
+    organizationId
   }: {
     user: TUsers;
     ip: string;
     userAgent: string;
-    organizationId: string | undefined;
-    authMethod: AuthMethod;
+    organizationId?: string;
   }) => {
     const cfg = getConfig();
     await updateUserDeviceSession(user, ip, userAgent);
@@ -111,10 +98,8 @@ export const authLoginServiceFactory = ({
       userId: user.id
     });
     if (!tokenSession) throw new Error("Failed to create token");
-
     const accessToken = jwt.sign(
       {
-        authMethod,
         authTokenType: AuthTokenType.ACCESS_TOKEN,
         userId: user.id,
         tokenVersionId: tokenSession.id,
@@ -127,7 +112,6 @@ export const authLoginServiceFactory = ({
 
     const refreshToken = jwt.sign(
       {
-        authMethod,
         authTokenType: AuthTokenType.REFRESH_TOKEN,
         userId: user.id,
         tokenVersionId: tokenSession.id,
@@ -174,9 +158,9 @@ export const authLoginServiceFactory = ({
   const loginExchangeClientProof = async ({
     email,
     clientProof,
+    providerAuthToken,
     ip,
-    userAgent,
-    providerAuthToken
+    userAgent
   }: TLoginClientProofDTO) => {
     const userEnc = await userDAL.findUserEncKeyByUsername({
       username: email
@@ -184,16 +168,14 @@ export const authLoginServiceFactory = ({
     if (!userEnc) throw new Error("Failed to find user");
     const cfg = getConfig();
 
-    let authMethod = AuthMethod.EMAIL;
-    let organizationId: string | undefined;
-
-    if (providerAuthToken) {
-      const decodedProviderToken = validateProviderAuthToken(providerAuthToken, email);
-
-      authMethod = decodedProviderToken.authMethod;
-      if (isAuthMethodSaml(authMethod) && decodedProviderToken.orgId) {
-        organizationId = decodedProviderToken.orgId;
-      }
+    let organizationId;
+    if (!userEnc.authMethods?.includes(AuthMethod.EMAIL)) {
+      const { orgId } = validateProviderAuthToken(providerAuthToken as string, email);
+      organizationId = orgId;
+    } else if (providerAuthToken) {
+      // SAML SSO
+      const { orgId } = validateProviderAuthToken(providerAuthToken, email);
+      organizationId = orgId;
     }
 
     if (!userEnc.serverPrivateKey || !userEnc.clientPublicKey) throw new Error("Failed to authenticate. Try again?");
@@ -214,9 +196,9 @@ export const authLoginServiceFactory = ({
     if (userEnc.isMfaEnabled && userEnc.email) {
       const mfaToken = jwt.sign(
         {
-          authMethod,
           authTokenType: AuthTokenType.MFA_TOKEN,
-          userId: userEnc.userId
+          userId: userEnc.userId,
+          organizationId
         },
         cfg.AUTH_SECRET,
         {
@@ -239,60 +221,12 @@ export const authLoginServiceFactory = ({
       },
       ip,
       userAgent,
-      authMethod,
       organizationId
     });
 
     return { token, isMfaEnabled: false, user: userEnc } as const;
   };
 
-  const selectOrganization = async ({
-    userAgent,
-    authJwtToken,
-    ipAddress,
-    organizationId
-  }: {
-    userAgent: string | undefined;
-    authJwtToken: string | undefined;
-    ipAddress: string;
-    organizationId: string;
-  }) => {
-    const cfg = getConfig();
-
-    if (!authJwtToken) throw new UnauthorizedError({ name: "Authorization header is required" });
-    if (!userAgent) throw new UnauthorizedError({ name: "user agent header is required" });
-
-    // eslint-disable-next-line no-param-reassign
-    authJwtToken = authJwtToken.replace("Bearer ", ""); // remove bearer from token
-
-    // The decoded JWT token, which contains the auth method.
-    const decodedToken = jwt.verify(authJwtToken, cfg.AUTH_SECRET) as AuthModeJwtTokenPayload;
-    if (!decodedToken.authMethod) throw new UnauthorizedError({ name: "Auth method not found on existing token" });
-
-    const user = await userDAL.findUserEncKeyByUserId(decodedToken.userId);
-    if (!user) throw new BadRequestError({ message: "User not found", name: "Find user from token" });
-
-    // Check if the user actually has access to the specified organization.
-    const userOrgs = await orgDAL.findAllOrgsByUserId(user.id);
-    const hasOrganizationMembership = userOrgs.some((org) => org.id === organizationId);
-
-    if (!hasOrganizationMembership) {
-      throw new UnauthorizedError({ message: "User does not have access to the organization" });
-    }
-
-    await tokenDAL.incrementTokenSessionVersion(user.id, decodedToken.tokenVersionId);
-
-    const tokens = await generateUserTokens({
-      authMethod: decodedToken.authMethod,
-      user,
-      userAgent,
-      ip: ipAddress,
-      organizationId
-    });
-
-    return tokens;
-  };
-
   /*
    * Multi factor authentication re-send code, Get user id from token
    * saved in frontend
@@ -310,15 +244,12 @@ export const authLoginServiceFactory = ({
    * Multi factor authentication verification of code
    * Third step of login in which user completes with mfa
    * */
-  const verifyMfaToken = async ({ userId, mfaToken, mfaJwtToken, ip, userAgent, orgId }: TVerifyMfaTokenDTO) => {
+  const verifyMfaToken = async ({ userId, mfaToken, ip, userAgent, orgId }: TVerifyMfaTokenDTO) => {
     await tokenService.validateTokenForUser({
       type: TokenType.TOKEN_EMAIL_MFA,
       userId,
       code: mfaToken
     });
-
-    const decodedToken = jwt.verify(mfaJwtToken, getConfig().AUTH_SECRET) as AuthModeMfaJwtTokenPayload;
-
     const userEnc = await userDAL.findUserEncKeyByUserId(userId);
     if (!userEnc) throw new Error("Failed to authenticate user");
 
@@ -329,8 +260,7 @@ export const authLoginServiceFactory = ({
       },
       ip,
       userAgent,
-      organizationId: orgId,
-      authMethod: decodedToken.authMethod
+      organizationId: orgId
     });
 
     return { token, user: userEnc };
@@ -409,7 +339,6 @@ export const authLoginServiceFactory = ({
     oauth2Login,
     resendMfaToken,
     verifyMfaToken,
-    selectOrganization,
     generateUserTokens
   };
 };

backend/src/services/auth/auth-login-type.ts

@@ -17,7 +17,6 @@ export type TLoginClientProofDTO = {
 export type TVerifyMfaTokenDTO = {
   userId: string;
   mfaToken: string;
-  mfaJwtToken: string;
   ip: string;
   userAgent: string;
   orgId?: string;

backend/src/services/auth/auth-signup-service.ts

@@ -150,15 +150,11 @@ export const authSignupServiceFactory = ({
     });
 
     if (!organizationId) {
-      const newOrganization = await orgService.createOrganization({
+      await orgService.createOrganization({
         userId: user.id,
         userEmail: user.email ?? user.username,
         orgName: organizationName
       });
-
-      if (!newOrganization) throw new Error("Failed to create organization");
-
-      organizationId = newOrganization.id;
     }
 
     const updatedMembersips = await orgDAL.updateMembership(
@@ -178,7 +174,6 @@ export const authSignupServiceFactory = ({
 
     const accessToken = jwt.sign(
       {
-        authMethod: AuthMethod.EMAIL,
         authTokenType: AuthTokenType.ACCESS_TOKEN,
         userId: updateduser.info.id,
         tokenVersionId: tokenSession.id,
@@ -191,7 +186,6 @@ export const authSignupServiceFactory = ({
 
     const refreshToken = jwt.sign(
       {
-        authMethod: AuthMethod.EMAIL,
         authTokenType: AuthTokenType.REFRESH_TOKEN,
         userId: updateduser.info.id,
         tokenVersionId: tokenSession.id,
@@ -202,7 +196,7 @@ export const authSignupServiceFactory = ({
       { expiresIn: appCfg.JWT_REFRESH_LIFETIME }
     );
 
-    return { user: updateduser.info, accessToken, refreshToken, organizationId };
+    return { user: updateduser.info, accessToken, refreshToken };
   };
 
   /*
@@ -283,7 +277,6 @@ export const authSignupServiceFactory = ({
 
     const accessToken = jwt.sign(
       {
-        authMethod: AuthMethod.EMAIL,
         authTokenType: AuthTokenType.ACCESS_TOKEN,
         userId: updateduser.info.id,
         tokenVersionId: tokenSession.id,
@@ -295,7 +288,6 @@ export const authSignupServiceFactory = ({
 
     const refreshToken = jwt.sign(
       {
-        authMethod: AuthMethod.EMAIL,
         authTokenType: AuthTokenType.REFRESH_TOKEN,
         userId: updateduser.info.id,
         tokenVersionId: tokenSession.id,

backend/src/services/auth/auth-type.ts

@@ -6,7 +6,6 @@ export enum AuthMethod {
   OKTA_SAML = "okta-saml",
   AZURE_SAML = "azure-saml",
   JUMPCLOUD_SAML = "jumpcloud-saml",
-  GOOGLE_SAML = "google-saml",
   LDAP = "ldap"
 }
 
@@ -39,12 +38,8 @@ export enum ActorType { // would extend to AWS, Azure, ...
   SCIM_CLIENT = "scimClient"
 }
 
-// This will be null unless the token-type is JWT
-export type ActorAuthMethod = AuthMethod | null;
-
 export type AuthModeJwtTokenPayload = {
   authTokenType: AuthTokenType.ACCESS_TOKEN;
-  authMethod: AuthMethod;
   userId: string;
   tokenVersionId: string;
   accessVersion: number;
@@ -53,15 +48,12 @@ export type AuthModeJwtTokenPayload = {
 
 export type AuthModeMfaJwtTokenPayload = {
   authTokenType: AuthTokenType.MFA_TOKEN;
-  authMethod: AuthMethod;
   userId: string;
   organizationId?: string;
 };
 
 export type AuthModeRefreshJwtTokenPayload = {
-  // authMode
   authTokenType: AuthTokenType.REFRESH_TOKEN;
-  authMethod: AuthMethod;
   userId: string;
   tokenVersionId: string;
   refreshVersion: number;
@@ -71,8 +63,6 @@ export type AuthModeRefreshJwtTokenPayload = {
 export type AuthModeProviderJwtTokenPayload = {
   authTokenType: AuthTokenType.PROVIDER_TOKEN;
   username: string;
-  authMethod: AuthMethod;
-  email: string;
   organizationId?: string;
 };
 

backend/src/services/identity-access-token/identity-access-token-service.ts

@@ -6,20 +6,17 @@ import { BadRequestError, UnauthorizedError } from "@app/lib/errors";
 import { checkIPAgainstBlocklist, TIp } from "@app/lib/ip";
 
 import { AuthTokenType } from "../auth/auth-type";
-import { TIdentityOrgDALFactory } from "../identity/identity-org-dal";
 import { TIdentityAccessTokenDALFactory } from "./identity-access-token-dal";
 import { TIdentityAccessTokenJwtPayload, TRenewAccessTokenDTO } from "./identity-access-token-types";
 
 type TIdentityAccessTokenServiceFactoryDep = {
   identityAccessTokenDAL: TIdentityAccessTokenDALFactory;
-  identityOrgMembershipDAL: TIdentityOrgDALFactory;
 };
 
 export type TIdentityAccessTokenServiceFactory = ReturnType<typeof identityAccessTokenServiceFactory>;
 
 export const identityAccessTokenServiceFactory = ({
-  identityAccessTokenDAL,
-  identityOrgMembershipDAL
+  identityAccessTokenDAL
 }: TIdentityAccessTokenServiceFactoryDep) => {
   const validateAccessTokenExp = (identityAccessToken: TIdentityAccessTokens) => {
     const {
@@ -120,16 +117,8 @@ export const identityAccessTokenServiceFactory = ({
       });
     }
 
-    const identityOrgMembership = await identityOrgMembershipDAL.findOne({
-      identityId: identityAccessToken.identityId
-    });
-
-    if (!identityOrgMembership) {
-      throw new UnauthorizedError({ message: "Identity does not belong to any organization" });
-    }
-
     validateAccessTokenExp(identityAccessToken);
-    return { ...identityAccessToken, orgId: identityOrgMembership.orgId };
+    return identityAccessToken;
   };
 
   return { renewAccessToken, fnValidateIdentityAccessToken };

backend/src/services/identity-project/identity-project-service.ts

@@ -49,17 +49,10 @@ export const identityProjectServiceFactory = ({
     actor,
     actorId,
     actorOrgId,
-    actorAuthMethod,
     projectId,
     role
   }: TCreateProjectIdentityDTO) => {
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, projectId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Create, ProjectPermissionSub.Identity);
 
     const existingIdentity = await identityProjectDAL.findOne({ identityId, projectId });
@@ -119,16 +112,9 @@ export const identityProjectServiceFactory = ({
     roles,
     actor,
     actorId,
-    actorAuthMethod,
     actorOrgId
   }: TUpdateProjectIdentityDTO) => {
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, projectId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Edit, ProjectPermissionSub.Identity);
 
     const projectIdentity = await identityProjectDAL.findOne({ identityId, projectId });
@@ -141,7 +127,6 @@ export const identityProjectServiceFactory = ({
       ActorType.IDENTITY,
       projectIdentity.identityId,
       projectIdentity.projectId,
-      actorAuthMethod,
       actorOrgId
     );
     const hasRequiredPriviledges = isAtLeastAsPrivileged(permission, identityRolePermission);
@@ -200,7 +185,6 @@ export const identityProjectServiceFactory = ({
     actorId,
     actor,
     actorOrgId,
-    actorAuthMethod,
     projectId
   }: TDeleteProjectIdentityDTO) => {
     const identityProjectMembership = await identityProjectDAL.findOne({ identityId, projectId });
@@ -211,7 +195,6 @@ export const identityProjectServiceFactory = ({
       actor,
       actorId,
       identityProjectMembership.projectId,
-      actorAuthMethod,
       actorOrgId
     );
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Delete, ProjectPermissionSub.Identity);
@@ -219,7 +202,6 @@ export const identityProjectServiceFactory = ({
       ActorType.IDENTITY,
       identityId,
       identityProjectMembership.projectId,
-      actorAuthMethod,
       actorOrgId
     );
     const hasRequiredPriviledges = isAtLeastAsPrivileged(permission, identityRolePermission);
@@ -230,20 +212,8 @@ export const identityProjectServiceFactory = ({
     return deletedIdentity;
   };
 
-  const listProjectIdentities = async ({
-    projectId,
-    actor,
-    actorId,
-    actorAuthMethod,
-    actorOrgId
-  }: TListProjectIdentityDTO) => {
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+  const listProjectIdentities = async ({ projectId, actor, actorId, actorOrgId }: TListProjectIdentityDTO) => {
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, projectId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Identity);
 
     const identityMemberhips = await identityProjectDAL.findByProjectId(projectId);

backend/src/services/identity-ua/identity-ua-service.ts

@@ -144,7 +144,6 @@ export const identityUaServiceFactory = ({
     accessTokenTrustedIps,
     clientSecretTrustedIps,
     actorId,
-    actorAuthMethod,
     actor,
     actorOrgId
   }: TAttachUaDTO) => {
@@ -163,7 +162,6 @@ export const identityUaServiceFactory = ({
       actor,
       actorId,
       identityMembershipOrg.orgId,
-      actorAuthMethod,
       actorOrgId
     );
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Create, OrgPermissionSubjects.Identity);
@@ -235,7 +233,6 @@ export const identityUaServiceFactory = ({
     accessTokenTrustedIps,
     clientSecretTrustedIps,
     actorId,
-    actorAuthMethod,
     actor,
     actorOrgId
   }: TUpdateUaDTO) => {
@@ -259,7 +256,6 @@ export const identityUaServiceFactory = ({
       actor,
       actorId,
       identityMembershipOrg.orgId,
-      actorAuthMethod,
       actorOrgId
     );
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Edit, OrgPermissionSubjects.Identity);
@@ -312,7 +308,7 @@ export const identityUaServiceFactory = ({
     return { ...updatedUaAuth, orgId: identityMembershipOrg.orgId };
   };
 
-  const getIdentityUa = async ({ identityId, actorId, actor, actorAuthMethod, actorOrgId }: TGetUaDTO) => {
+  const getIdentityUa = async ({ identityId, actorId, actor, actorOrgId }: TGetUaDTO) => {
     const identityMembershipOrg = await identityOrgMembershipDAL.findOne({ identityId });
     if (!identityMembershipOrg) throw new BadRequestError({ message: "Failed to find identity" });
     if (identityMembershipOrg.identity?.authMethod !== IdentityAuthMethod.Univeral)
@@ -326,7 +322,6 @@ export const identityUaServiceFactory = ({
       actor,
       actorId,
       identityMembershipOrg.orgId,
-      actorAuthMethod,
       actorOrgId
     );
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Read, OrgPermissionSubjects.Identity);
@@ -339,7 +334,6 @@ export const identityUaServiceFactory = ({
     actorOrgId,
     identityId,
     ttl,
-    actorAuthMethod,
     description,
     numUsesLimit
   }: TCreateUaClientSecretDTO) => {
@@ -353,7 +347,6 @@ export const identityUaServiceFactory = ({
       actor,
       actorId,
       identityMembershipOrg.orgId,
-      actorAuthMethod,
       actorOrgId
     );
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Create, OrgPermissionSubjects.Identity);
@@ -362,7 +355,6 @@ export const identityUaServiceFactory = ({
       ActorType.IDENTITY,
       identityMembershipOrg.identityId,
       identityMembershipOrg.orgId,
-      actorAuthMethod,
       actorOrgId
     );
     const hasPriviledge = isAtLeastAsPrivileged(permission, rolePermission);
@@ -396,13 +388,7 @@ export const identityUaServiceFactory = ({
     };
   };
 
-  const getUaClientSecrets = async ({
-    actor,
-    actorId,
-    actorOrgId,
-    actorAuthMethod,
-    identityId
-  }: TGetUaClientSecretsDTO) => {
+  const getUaClientSecrets = async ({ actor, actorId, actorOrgId, identityId }: TGetUaClientSecretsDTO) => {
     const identityMembershipOrg = await identityOrgMembershipDAL.findOne({ identityId });
     if (!identityMembershipOrg) throw new BadRequestError({ message: "Failed to find identity" });
     if (identityMembershipOrg.identity?.authMethod !== IdentityAuthMethod.Univeral)
@@ -413,7 +399,6 @@ export const identityUaServiceFactory = ({
       actor,
       actorId,
       identityMembershipOrg.orgId,
-      actorAuthMethod,
       actorOrgId
     );
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Read, OrgPermissionSubjects.Identity);
@@ -422,7 +407,6 @@ export const identityUaServiceFactory = ({
       ActorType.IDENTITY,
       identityMembershipOrg.identityId,
       identityMembershipOrg.orgId,
-      actorAuthMethod,
       actorOrgId
     );
     const hasPriviledge = isAtLeastAsPrivileged(permission, rolePermission);
@@ -447,7 +431,6 @@ export const identityUaServiceFactory = ({
     actorId,
     actor,
     actorOrgId,
-    actorAuthMethod,
     clientSecretId
   }: TRevokeUaClientSecretDTO) => {
     const identityMembershipOrg = await identityOrgMembershipDAL.findOne({ identityId });
@@ -460,7 +443,6 @@ export const identityUaServiceFactory = ({
       actor,
       actorId,
       identityMembershipOrg.orgId,
-      actorAuthMethod,
       actorOrgId
     );
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Delete, OrgPermissionSubjects.Identity);
@@ -469,7 +451,6 @@ export const identityUaServiceFactory = ({
       ActorType.IDENTITY,
       identityMembershipOrg.identityId,
       identityMembershipOrg.orgId,
-      actorAuthMethod,
       actorOrgId
     );
     const hasPriviledge = isAtLeastAsPrivileged(permission, rolePermission);

backend/src/services/identity/identity-service.ts

@@ -25,16 +25,8 @@ export const identityServiceFactory = ({
   identityOrgMembershipDAL,
   permissionService
 }: TIdentityServiceFactoryDep) => {
-  const createIdentity = async ({
-    name,
-    role,
-    actor,
-    orgId,
-    actorId,
-    actorAuthMethod,
-    actorOrgId
-  }: TCreateIdentityDTO) => {
-    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorAuthMethod, actorOrgId);
+  const createIdentity = async ({ name, role, actor, orgId, actorId, actorOrgId }: TCreateIdentityDTO) => {
+    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Create, OrgPermissionSubjects.Identity);
 
     const { permission: rolePermission, role: customRole } = await permissionService.getOrgPermissionByRole(
@@ -62,15 +54,7 @@ export const identityServiceFactory = ({
     return identity;
   };
 
-  const updateIdentity = async ({
-    id,
-    role,
-    name,
-    actor,
-    actorId,
-    actorAuthMethod,
-    actorOrgId
-  }: TUpdateIdentityDTO) => {
+  const updateIdentity = async ({ id, role, name, actor, actorId, actorOrgId }: TUpdateIdentityDTO) => {
     const identityOrgMembership = await identityOrgMembershipDAL.findOne({ identityId: id });
     if (!identityOrgMembership) throw new BadRequestError({ message: `Failed to find identity with id ${id}` });
 
@@ -78,7 +62,6 @@ export const identityServiceFactory = ({
       actor,
       actorId,
       identityOrgMembership.orgId,
-      actorAuthMethod,
       actorOrgId
     );
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Edit, OrgPermissionSubjects.Identity);
@@ -87,7 +70,6 @@ export const identityServiceFactory = ({
       ActorType.IDENTITY,
       id,
       identityOrgMembership.orgId,
-      actorAuthMethod,
       actorOrgId
     );
     const hasRequiredPriviledges = isAtLeastAsPrivileged(permission, identityRolePermission);
@@ -126,7 +108,7 @@ export const identityServiceFactory = ({
     return { ...identity, orgId: identityOrgMembership.orgId };
   };
 
-  const deleteIdentity = async ({ actorId, actor, actorOrgId, actorAuthMethod, id }: TDeleteIdentityDTO) => {
+  const deleteIdentity = async ({ actorId, actor, actorOrgId, id }: TDeleteIdentityDTO) => {
     const identityOrgMembership = await identityOrgMembershipDAL.findOne({ identityId: id });
     if (!identityOrgMembership) throw new BadRequestError({ message: `Failed to find identity with id ${id}` });
 
@@ -134,16 +116,13 @@ export const identityServiceFactory = ({
       actor,
       actorId,
       identityOrgMembership.orgId,
-      actorAuthMethod,
       actorOrgId
     );
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Delete, OrgPermissionSubjects.Identity);
     const { permission: identityRolePermission } = await permissionService.getOrgPermission(
       ActorType.IDENTITY,
       id,
-      identityOrgMembership.orgId,
-      actorAuthMethod,
-      actorOrgId
+      identityOrgMembership.orgId
     );
     const hasRequiredPriviledges = isAtLeastAsPrivileged(permission, identityRolePermission);
     if (!hasRequiredPriviledges)
@@ -153,8 +132,8 @@ export const identityServiceFactory = ({
     return { ...deletedIdentity, orgId: identityOrgMembership.orgId };
   };
 
-  const listOrgIdentities = async ({ orgId, actor, actorId, actorAuthMethod, actorOrgId }: TOrgPermission) => {
-    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorAuthMethod, actorOrgId);
+  const listOrgIdentities = async ({ orgId, actor, actorId, actorOrgId }: TOrgPermission) => {
+    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Read, OrgPermissionSubjects.Identity);
 
     const identityMemberhips = await identityOrgMembershipDAL.findByOrgId(orgId);

backend/src/services/integration-auth/integration-auth-service.ts

@@ -1,5 +1,4 @@
 import { ForbiddenError } from "@casl/ability";
-import { Octokit } from "@octokit/rest";
 
 import { SecretEncryptionAlgo, SecretKeyEncoding, TIntegrationAuths, TIntegrationAuthsInsert } from "@app/db/schemas";
 import { TPermissionServiceFactory } from "@app/ee/services/permission/permission-service";
@@ -25,8 +24,6 @@ import {
   TIntegrationAuthAppsDTO,
   TIntegrationAuthBitbucketWorkspaceDTO,
   TIntegrationAuthChecklyGroupsDTO,
-  TIntegrationAuthGithubEnvsDTO,
-  TIntegrationAuthGithubOrgsDTO,
   TIntegrationAuthHerokuPipelinesDTO,
   TIntegrationAuthNorthflankSecretGroupDTO,
   TIntegrationAuthQoveryEnvironmentsDTO,
@@ -64,26 +61,14 @@ export const integrationAuthServiceFactory = ({
   projectBotDAL,
   projectBotService
 }: TIntegrationAuthServiceFactoryDep) => {
-  const listIntegrationAuthByProjectId = async ({
-    actorId,
-    actor,
-    actorOrgId,
-    actorAuthMethod,
-    projectId
-  }: TProjectPermission) => {
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+  const listIntegrationAuthByProjectId = async ({ actorId, actor, actorOrgId, projectId }: TProjectPermission) => {
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, projectId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
     const authorizations = await integrationAuthDAL.find({ projectId });
     return authorizations;
   };
 
-  const getIntegrationAuth = async ({ actor, id, actorId, actorAuthMethod, actorOrgId }: TGetIntegrationAuthDTO) => {
+  const getIntegrationAuth = async ({ actor, id, actorId, actorOrgId }: TGetIntegrationAuthDTO) => {
     const integrationAuth = await integrationAuthDAL.findById(id);
     if (!integrationAuth) throw new BadRequestError({ message: "Failed to find integration" });
 
@@ -91,7 +76,6 @@ export const integrationAuthServiceFactory = ({
       actor,
       actorId,
       integrationAuth.projectId,
-      actorAuthMethod,
       actorOrgId
     );
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
@@ -103,7 +87,6 @@ export const integrationAuthServiceFactory = ({
     actorId,
     actor,
     actorOrgId,
-    actorAuthMethod,
     integration,
     url,
     code
@@ -111,13 +94,7 @@ export const integrationAuthServiceFactory = ({
     if (!Object.values(Integrations).includes(integration as Integrations))
       throw new BadRequestError({ message: "Invalid integration" });
 
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, projectId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Create, ProjectPermissionSub.Integrations);
 
     const bot = await projectBotDAL.findOne({ isActive: true, projectId });
@@ -173,7 +150,6 @@ export const integrationAuthServiceFactory = ({
     url,
     actor,
     actorOrgId,
-    actorAuthMethod,
     accessId,
     namespace,
     accessToken
@@ -181,13 +157,7 @@ export const integrationAuthServiceFactory = ({
     if (!Object.values(Integrations).includes(integration as Integrations))
       throw new BadRequestError({ message: "Invalid integration" });
 
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, projectId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Create, ProjectPermissionSub.Integrations);
 
     const bot = await projectBotDAL.findOne({ isActive: true, projectId });
@@ -304,7 +274,6 @@ export const integrationAuthServiceFactory = ({
     actor,
     actorId,
     actorOrgId,
-    actorAuthMethod,
     teamId,
     id,
     workspaceSlug
@@ -316,7 +285,6 @@ export const integrationAuthServiceFactory = ({
       actor,
       actorId,
       integrationAuth.projectId,
-      actorAuthMethod,
       actorOrgId
     );
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
@@ -334,13 +302,7 @@ export const integrationAuthServiceFactory = ({
     return apps;
   };
 
-  const getIntegrationAuthTeams = async ({
-    actor,
-    actorId,
-    actorAuthMethod,
-    actorOrgId,
-    id
-  }: TIntegrationAuthTeamsDTO) => {
+  const getIntegrationAuthTeams = async ({ actor, actorId, actorOrgId, id }: TIntegrationAuthTeamsDTO) => {
     const integrationAuth = await integrationAuthDAL.findById(id);
     if (!integrationAuth) throw new BadRequestError({ message: "Failed to find integration" });
 
@@ -348,7 +310,6 @@ export const integrationAuthServiceFactory = ({
       actor,
       actorId,
       integrationAuth.projectId,
-      actorAuthMethod,
       actorOrgId
     );
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
@@ -363,14 +324,7 @@ export const integrationAuthServiceFactory = ({
     return teams;
   };
 
-  const getVercelBranches = async ({
-    appId,
-    id,
-    actor,
-    actorId,
-    actorAuthMethod,
-    actorOrgId
-  }: TIntegrationAuthVercelBranchesDTO) => {
+  const getVercelBranches = async ({ appId, id, actor, actorId, actorOrgId }: TIntegrationAuthVercelBranchesDTO) => {
     const integrationAuth = await integrationAuthDAL.findById(id);
     if (!integrationAuth) throw new BadRequestError({ message: "Failed to find integration" });
 
@@ -378,7 +332,6 @@ export const integrationAuthServiceFactory = ({
       actor,
       actorId,
       integrationAuth.projectId,
-      actorAuthMethod,
       actorOrgId
     );
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
@@ -404,14 +357,7 @@ export const integrationAuthServiceFactory = ({
     return [];
   };
 
-  const getChecklyGroups = async ({
-    actorId,
-    actor,
-    actorOrgId,
-    actorAuthMethod,
-    id,
-    accountId
-  }: TIntegrationAuthChecklyGroupsDTO) => {
+  const getChecklyGroups = async ({ actorId, actor, actorOrgId, id, accountId }: TIntegrationAuthChecklyGroupsDTO) => {
     const integrationAuth = await integrationAuthDAL.findById(id);
     if (!integrationAuth) throw new BadRequestError({ message: "Failed to find integration" });
 
@@ -419,7 +365,6 @@ export const integrationAuthServiceFactory = ({
       actor,
       actorId,
       integrationAuth.projectId,
-      actorAuthMethod,
       actorOrgId
     );
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
@@ -438,7 +383,7 @@ export const integrationAuthServiceFactory = ({
     return [];
   };
 
-  const getGithubOrgs = async ({ actorId, actor, actorOrgId, actorAuthMethod, id }: TIntegrationAuthGithubOrgsDTO) => {
+  const getQoveryOrgs = async ({ actorId, actor, actorOrgId, id }: TIntegrationAuthQoveryOrgsDTO) => {
     const integrationAuth = await integrationAuthDAL.findById(id);
     if (!integrationAuth) throw new BadRequestError({ message: "Failed to find integration" });
 
@@ -446,76 +391,6 @@ export const integrationAuthServiceFactory = ({
       actor,
       actorId,
       integrationAuth.projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
-    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
-    const botKey = await projectBotService.getBotKey(integrationAuth.projectId);
-    const { accessToken } = await getIntegrationAccessToken(integrationAuth, botKey);
-
-    const octokit = new Octokit({
-      auth: accessToken
-    });
-
-    const { data } = await octokit.request("GET /user/orgs", {
-      headers: {
-        "X-GitHub-Api-Version": "2022-11-28"
-      }
-    });
-    if (!data) return [];
-
-    return data.map(({ login: name, id: orgId }) => ({ name, orgId: String(orgId) }));
-  };
-
-  const getGithubEnvs = async ({
-    actorId,
-    actor,
-    actorOrgId,
-    actorAuthMethod,
-    id,
-    repoOwner,
-    repoName
-  }: TIntegrationAuthGithubEnvsDTO) => {
-    const integrationAuth = await integrationAuthDAL.findById(id);
-    if (!integrationAuth) throw new BadRequestError({ message: "Failed to find integration" });
-
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      integrationAuth.projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
-    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
-    const botKey = await projectBotService.getBotKey(integrationAuth.projectId);
-    const { accessToken } = await getIntegrationAccessToken(integrationAuth, botKey);
-
-    const octokit = new Octokit({
-      auth: accessToken
-    });
-
-    const {
-      data: { environments }
-    } = await octokit.request("GET /repos/{owner}/{repo}/environments", {
-      headers: {
-        "X-GitHub-Api-Version": "2022-11-28"
-      },
-      owner: repoOwner,
-      repo: repoName
-    });
-    if (!environments) return [];
-    return environments.map(({ id: envId, name }) => ({ name, envId: String(envId) }));
-  };
-
-  const getQoveryOrgs = async ({ actorId, actor, actorOrgId, actorAuthMethod, id }: TIntegrationAuthQoveryOrgsDTO) => {
-    const integrationAuth = await integrationAuthDAL.findById(id);
-    if (!integrationAuth) throw new BadRequestError({ message: "Failed to find integration" });
-
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      integrationAuth.projectId,
-      actorAuthMethod,
       actorOrgId
     );
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
@@ -534,14 +409,7 @@ export const integrationAuthServiceFactory = ({
     return data.results.map(({ name, id: orgId }) => ({ name, orgId }));
   };
 
-  const getQoveryProjects = async ({
-    actorId,
-    actor,
-    actorOrgId,
-    actorAuthMethod,
-    id,
-    orgId
-  }: TIntegrationAuthQoveryProjectDTO) => {
+  const getQoveryProjects = async ({ actorId, actor, actorOrgId, id, orgId }: TIntegrationAuthQoveryProjectDTO) => {
     const integrationAuth = await integrationAuthDAL.findById(id);
     if (!integrationAuth) throw new BadRequestError({ message: "Failed to find integration" });
 
@@ -549,7 +417,6 @@ export const integrationAuthServiceFactory = ({
       actor,
       actorId,
       integrationAuth.projectId,
-      actorAuthMethod,
       actorOrgId
     );
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
@@ -575,7 +442,6 @@ export const integrationAuthServiceFactory = ({
     id,
     actor,
     actorId,
-    actorAuthMethod,
     actorOrgId
   }: TIntegrationAuthQoveryEnvironmentsDTO) => {
     const integrationAuth = await integrationAuthDAL.findById(id);
@@ -585,7 +451,6 @@ export const integrationAuthServiceFactory = ({
       actor,
       actorId,
       integrationAuth.projectId,
-      actorAuthMethod,
       actorOrgId
     );
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
@@ -611,14 +476,7 @@ export const integrationAuthServiceFactory = ({
     return [];
   };
 
-  const getQoveryApps = async ({
-    id,
-    actor,
-    actorId,
-    actorOrgId,
-    actorAuthMethod,
-    environmentId
-  }: TIntegrationAuthQoveryScopesDTO) => {
+  const getQoveryApps = async ({ id, actor, actorId, actorOrgId, environmentId }: TIntegrationAuthQoveryScopesDTO) => {
     const integrationAuth = await integrationAuthDAL.findById(id);
     if (!integrationAuth) throw new BadRequestError({ message: "Failed to find integration" });
 
@@ -626,7 +484,6 @@ export const integrationAuthServiceFactory = ({
       actor,
       actorId,
       integrationAuth.projectId,
-      actorAuthMethod,
       actorOrgId
     );
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
@@ -656,7 +513,6 @@ export const integrationAuthServiceFactory = ({
     actor,
     actorId,
     actorOrgId,
-    actorAuthMethod,
     environmentId
   }: TIntegrationAuthQoveryScopesDTO) => {
     const integrationAuth = await integrationAuthDAL.findById(id);
@@ -666,7 +522,6 @@ export const integrationAuthServiceFactory = ({
       actor,
       actorId,
       integrationAuth.projectId,
-      actorAuthMethod,
       actorOrgId
     );
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
@@ -691,14 +546,7 @@ export const integrationAuthServiceFactory = ({
     return [];
   };
 
-  const getQoveryJobs = async ({
-    id,
-    actor,
-    actorId,
-    actorOrgId,
-    actorAuthMethod,
-    environmentId
-  }: TIntegrationAuthQoveryScopesDTO) => {
+  const getQoveryJobs = async ({ id, actor, actorId, actorOrgId, environmentId }: TIntegrationAuthQoveryScopesDTO) => {
     const integrationAuth = await integrationAuthDAL.findById(id);
     if (!integrationAuth) throw new BadRequestError({ message: "Failed to find integration" });
 
@@ -706,7 +554,6 @@ export const integrationAuthServiceFactory = ({
       actor,
       actorId,
       integrationAuth.projectId,
-      actorAuthMethod,
       actorOrgId
     );
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
@@ -731,13 +578,7 @@ export const integrationAuthServiceFactory = ({
     return [];
   };
 
-  const getHerokuPipelines = async ({
-    id,
-    actor,
-    actorId,
-    actorAuthMethod,
-    actorOrgId
-  }: TIntegrationAuthHerokuPipelinesDTO) => {
+  const getHerokuPipelines = async ({ id, actor, actorId, actorOrgId }: TIntegrationAuthHerokuPipelinesDTO) => {
     const integrationAuth = await integrationAuthDAL.findById(id);
     if (!integrationAuth) throw new BadRequestError({ message: "Failed to find integration" });
 
@@ -745,7 +586,6 @@ export const integrationAuthServiceFactory = ({
       actor,
       actorId,
       integrationAuth.projectId,
-      actorAuthMethod,
       actorOrgId
     );
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
@@ -770,14 +610,7 @@ export const integrationAuthServiceFactory = ({
     }));
   };
 
-  const getRailwayEnvironments = async ({
-    id,
-    actor,
-    actorId,
-    actorOrgId,
-    actorAuthMethod,
-    appId
-  }: TIntegrationAuthRailwayEnvDTO) => {
+  const getRailwayEnvironments = async ({ id, actor, actorId, actorOrgId, appId }: TIntegrationAuthRailwayEnvDTO) => {
     const integrationAuth = await integrationAuthDAL.findById(id);
     if (!integrationAuth) throw new BadRequestError({ message: "Failed to find integration" });
 
@@ -785,7 +618,6 @@ export const integrationAuthServiceFactory = ({
       actor,
       actorId,
       integrationAuth.projectId,
-      actorAuthMethod,
       actorOrgId
     );
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
@@ -838,14 +670,7 @@ export const integrationAuthServiceFactory = ({
     return [];
   };
 
-  const getRailwayServices = async ({
-    id,
-    actor,
-    actorId,
-    actorOrgId,
-    actorAuthMethod,
-    appId
-  }: TIntegrationAuthRailwayServicesDTO) => {
+  const getRailwayServices = async ({ id, actor, actorId, actorOrgId, appId }: TIntegrationAuthRailwayServicesDTO) => {
     const integrationAuth = await integrationAuthDAL.findById(id);
     if (!integrationAuth) throw new BadRequestError({ message: "Failed to find integration" });
 
@@ -853,7 +678,6 @@ export const integrationAuthServiceFactory = ({
       actor,
       actorId,
       integrationAuth.projectId,
-      actorAuthMethod,
       actorOrgId
     );
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
@@ -913,13 +737,7 @@ export const integrationAuthServiceFactory = ({
     return [];
   };
 
-  const getBitbucketWorkspaces = async ({
-    actorId,
-    actor,
-    actorOrgId,
-    actorAuthMethod,
-    id
-  }: TIntegrationAuthBitbucketWorkspaceDTO) => {
+  const getBitbucketWorkspaces = async ({ actorId, actor, actorOrgId, id }: TIntegrationAuthBitbucketWorkspaceDTO) => {
     const integrationAuth = await integrationAuthDAL.findById(id);
     if (!integrationAuth) throw new BadRequestError({ message: "Failed to find integration" });
 
@@ -927,7 +745,6 @@ export const integrationAuthServiceFactory = ({
       actor,
       actorId,
       integrationAuth.projectId,
-      actorAuthMethod,
       actorOrgId
     );
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
@@ -939,7 +756,9 @@ export const integrationAuthServiceFactory = ({
 
     while (hasNextPage) {
       // eslint-disable-next-line
-      const { data }: { data: { values: TBitbucketWorkspace[]; next: string } } = await request.get(workspaceUrl, {
+      const { data }: { data: { values: TBitbucketWorkspace[]; next: string } } = await request.get(
+        workspaceUrl,
+        {
         headers: {
           Authorization: `Bearer ${accessToken}`,
           "Accept-Encoding": "application/json"
@@ -966,7 +785,6 @@ export const integrationAuthServiceFactory = ({
     actor,
     actorId,
     actorOrgId,
-    actorAuthMethod,
     appId
   }: TIntegrationAuthNorthflankSecretGroupDTO) => {
     const integrationAuth = await integrationAuthDAL.findById(id);
@@ -976,7 +794,6 @@ export const integrationAuthServiceFactory = ({
       actor,
       actorId,
       integrationAuth.projectId,
-      actorAuthMethod,
       actorOrgId
     );
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
@@ -1034,7 +851,6 @@ export const integrationAuthServiceFactory = ({
     id,
     actorId,
     actorOrgId,
-    actorAuthMethod,
     actor
   }: TGetIntegrationAuthTeamCityBuildConfigDTO) => {
     const integrationAuth = await integrationAuthDAL.findById(id);
@@ -1044,7 +860,6 @@ export const integrationAuthServiceFactory = ({
       actor,
       actorId,
       integrationAuth.projectId,
-      actorAuthMethod,
       actorOrgId
     );
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
@@ -1076,29 +891,16 @@ export const integrationAuthServiceFactory = ({
     integration,
     actor,
     actorId,
-    actorAuthMethod,
     actorOrgId
   }: TDeleteIntegrationAuthsDTO) => {
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, projectId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Delete, ProjectPermissionSub.Integrations);
 
     const integrations = await integrationAuthDAL.delete({ integration, projectId });
     return integrations;
   };
 
-  const deleteIntegrationAuthById = async ({
-    id,
-    actorId,
-    actor,
-    actorAuthMethod,
-    actorOrgId
-  }: TDeleteIntegrationAuthByIdDTO) => {
+  const deleteIntegrationAuthById = async ({ id, actorId, actor, actorOrgId }: TDeleteIntegrationAuthByIdDTO) => {
     const integrationAuth = await integrationAuthDAL.findById(id);
     if (!integrationAuth) throw new BadRequestError({ message: "Failed to find integration" });
 
@@ -1106,7 +908,6 @@ export const integrationAuthServiceFactory = ({
       actor,
       actorId,
       integrationAuth.projectId,
-      actorAuthMethod,
       actorOrgId
     );
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Delete, ProjectPermissionSub.Integrations);
@@ -1133,8 +934,6 @@ export const integrationAuthServiceFactory = ({
     getIntegrationApps,
     getVercelBranches,
     getApps,
-    getGithubOrgs,
-    getGithubEnvs,
     getChecklyGroups,
     getQoveryApps,
     getQoveryEnvs,

backend/src/services/integration-auth/integration-auth-types.ts

@@ -44,16 +44,6 @@ export type TIntegrationAuthChecklyGroupsDTO = {
   accountId: string;
 } & Omit<TProjectPermission, "projectId">;
 
-export type TIntegrationAuthGithubOrgsDTO = {
-  id: string;
-} & Omit<TProjectPermission, "projectId">;
-
-export type TIntegrationAuthGithubEnvsDTO = {
-  id: string;
-  repoName: string;
-  repoOwner: string;
-} & Omit<TProjectPermission, "projectId">;
-
 export type TIntegrationAuthQoveryOrgsDTO = {
   id: string;
 } & Omit<TProjectPermission, "projectId">;

backend/src/services/integration-auth/integration-sync-secret.ts

@@ -1110,176 +1110,98 @@ const syncSecretsGitHub = async ({
   interface GitHubRepoKey {
     key_id: string;
     key: string;
-    id?: number | undefined;
-    url?: string | undefined;
-    title?: string | undefined;
-    created_at?: string | undefined;
   }
 
   interface GitHubSecret {
     name: string;
     created_at: string;
     updated_at: string;
-    visibility?: "all" | "private" | "selected";
-    selected_repositories_url?: string | undefined;
+  }
+
+  interface GitHubSecretRes {
+    [index: string]: GitHubSecret;
   }
 
   const octokit = new Octokit({
     auth: accessToken
   });
 
-  enum GithubScope {
-    Repo = "github-repo",
-    Org = "github-org",
-    Env = "github-env"
-  }
-
-  let repoPublicKey: GitHubRepoKey;
-
-  switch (integration.scope) {
-    case GithubScope.Org: {
-      const { data } = await octokit.request("GET /orgs/{org}/actions/secrets/public-key", {
-        org: integration.owner as string
-      });
-      repoPublicKey = data;
-      break;
-    }
-    case GithubScope.Env: {
-      const { data } = await octokit.request(
-        "GET /repositories/{repository_id}/environments/{environment_name}/secrets/public-key",
-        {
-          repository_id: Number(integration.appId),
-          environment_name: integration.targetEnvironmentId as string
-        }
-      );
-      repoPublicKey = data;
-      break;
-    }
-    default: {
-      const { data } = await octokit.request("GET /repos/{owner}/{repo}/actions/secrets/public-key", {
-        owner: integration.owner as string,
-        repo: integration.app as string
-      });
-      repoPublicKey = data;
-      break;
-    }
-  }
+  // const user = (await octokit.request('GET /user', {})).data;
+  const repoPublicKey: GitHubRepoKey = (
+    await octokit.request("GET /repos/{owner}/{repo}/actions/secrets/public-key", {
+      owner: integration.owner as string,
+      repo: integration.app as string
+    })
+  ).data;
 
   // Get local copy of decrypted secrets. We cannot decrypt them as we dont have access to GH private key
-  let encryptedSecrets: GitHubSecret[];
+  let encryptedSecrets: GitHubSecretRes = (
+    await octokit.request("GET /repos/{owner}/{repo}/actions/secrets", {
+      owner: integration.owner as string,
+      repo: integration.app as string
+    })
+  ).data.secrets.reduce(
+    (obj, secret) => ({
+      ...obj,
+      [secret.name]: secret
+    }),
+    {}
+  );
 
-  switch (integration.scope) {
-    case GithubScope.Org: {
-      encryptedSecrets = (
-        await octokit.request("GET /orgs/{org}/actions/secrets", {
-          org: integration.owner as string
-        })
-      ).data.secrets;
-      break;
-    }
-    case GithubScope.Env: {
-      encryptedSecrets = (
-        await octokit.request("GET /repositories/{repository_id}/environments/{environment_name}/secrets", {
-          repository_id: Number(integration.appId),
-          environment_name: integration.targetEnvironmentId as string
-        })
-      ).data.secrets;
-      break;
-    }
-    default: {
-      encryptedSecrets = (
-        await octokit.request("GET /repos/{owner}/{repo}/actions/secrets", {
+  encryptedSecrets = Object.keys(encryptedSecrets).reduce(
+    (
+      result: {
+        [key: string]: GitHubSecret;
+      },
+      key
+    ) => {
+      if (
+        (appendices?.prefix !== undefined ? key.startsWith(appendices?.prefix) : true) &&
+        (appendices?.suffix !== undefined ? key.endsWith(appendices?.suffix) : true)
+      ) {
+        result[key] = encryptedSecrets[key];
+      }
+      return result;
+    },
+    {}
+  );
+
+  await Promise.all(
+    Object.keys(encryptedSecrets).map(async (key) => {
+      if (!(key in secrets)) {
+        return octokit.request("DELETE /repos/{owner}/{repo}/actions/secrets/{secret_name}", {
           owner: integration.owner as string,
-          repo: integration.app as string
-        })
-      ).data.secrets;
-      break;
-    }
-  }
-
-  for await (const encryptedSecret of encryptedSecrets) {
-    if (
-      !(encryptedSecret.name in secrets) &&
-      !(appendices?.prefix !== undefined && !encryptedSecret.name.startsWith(appendices?.prefix)) &&
-      !(appendices?.suffix !== undefined && !encryptedSecret.name.endsWith(appendices?.suffix))
-    ) {
-      switch (integration.scope) {
-        case GithubScope.Org: {
-          await octokit.request("DELETE /orgs/{org}/actions/secrets/{secret_name}", {
-            org: integration.owner as string,
-            secret_name: encryptedSecret.name
-          });
-          break;
-        }
-        case GithubScope.Env: {
-          await octokit.request(
-            "DELETE /repositories/{repository_id}/environments/{environment_name}/secrets/{secret_name}",
-            {
-              repository_id: Number(integration.appId),
-              environment_name: integration.targetEnvironmentId as string,
-              secret_name: encryptedSecret.name
-            }
-          );
-          break;
-        }
-        default: {
-          await octokit.request("DELETE /repos/{owner}/{repo}/actions/secrets/{secret_name}", {
-            owner: integration.owner as string,
-            repo: integration.app as string,
-            secret_name: encryptedSecret.name
-          });
-          break;
-        }
+          repo: integration.app as string,
+          secret_name: key
+        });
       }
-    }
-  }
+    })
+  );
 
-  await sodium.ready.then(async () => {
-    for await (const key of Object.keys(secrets)) {
-      // convert secret & base64 key to Uint8Array.
-      const binkey = sodium.from_base64(repoPublicKey.key, sodium.base64_variants.ORIGINAL);
-      const binsec = sodium.from_string(secrets[key].value);
+  await Promise.all(
+    Object.keys(secrets).map((key) => {
+      // let encryptedSecret;
+      return sodium.ready.then(async () => {
+        // convert secret & base64 key to Uint8Array.
+        const binkey = sodium.from_base64(repoPublicKey.key, sodium.base64_variants.ORIGINAL);
+        const binsec = sodium.from_string(secrets[key].value);
 
-      // encrypt secret using libsodium
-      const encBytes = sodium.crypto_box_seal(binsec, binkey);
+        // encrypt secret using libsodium
+        const encBytes = sodium.crypto_box_seal(binsec, binkey);
 
-      // convert encrypted Uint8Array to base64
-      const encryptedSecret = sodium.to_base64(encBytes, sodium.base64_variants.ORIGINAL);
+        // convert encrypted Uint8Array to base64
+        const encryptedSecret = sodium.to_base64(encBytes, sodium.base64_variants.ORIGINAL);
 
-      switch (integration.scope) {
-        case GithubScope.Org:
-          await octokit.request("PUT /orgs/{org}/actions/secrets/{secret_name}", {
-            org: integration.owner as string,
-            secret_name: key,
-            visibility: "all",
-            encrypted_value: encryptedSecret,
-            key_id: repoPublicKey.key_id
-          });
-          break;
-        case GithubScope.Env:
-          await octokit.request(
-            "PUT /repositories/{repository_id}/environments/{environment_name}/secrets/{secret_name}",
-            {
-              repository_id: Number(integration.appId),
-              environment_name: integration.targetEnvironmentId as string,
-              secret_name: key,
-              encrypted_value: encryptedSecret,
-              key_id: repoPublicKey.key_id
-            }
-          );
-          break;
-        default:
-          await octokit.request("PUT /repos/{owner}/{repo}/actions/secrets/{secret_name}", {
-            owner: integration.owner as string,
-            repo: integration.app as string,
-            secret_name: key,
-            encrypted_value: encryptedSecret,
-            key_id: repoPublicKey.key_id
-          });
-          break;
-      }
-    }
-  });
+        await octokit.request("PUT /repos/{owner}/{repo}/actions/secrets/{secret_name}", {
+          owner: integration.owner as string,
+          repo: integration.app as string,
+          secret_name: key,
+          encrypted_value: encryptedSecret,
+          key_id: repoPublicKey.key_id
+        });
+      });
+    })
+  );
 };
 
 /**
@@ -1307,22 +1229,6 @@ const syncSecretsRender = async ({
       }
     }
   );
-
-  if (integration.metadata) {
-    const metadata = z.record(z.any()).parse(integration.metadata);
-    if (metadata.shouldAutoRedeploy === true) {
-      await request.post(
-        `${IntegrationUrls.RENDER_API_URL}/v1/services/${integration.appId}/deploys`,
-        {},
-        {
-          headers: {
-            Authorization: `Bearer ${accessToken}`,
-            "Accept-Encoding": "application/json"
-          }
-        }
-      );
-    }
-  }
 };
 
 /**

backend/src/services/integration/integration-service.ts

@@ -42,7 +42,6 @@ export const integrationServiceFactory = ({
     metadata,
     secretPath,
     targetService,
-    actorAuthMethod,
     targetServiceId,
     integrationAuthId,
     sourceEnvironment,
@@ -56,7 +55,6 @@ export const integrationServiceFactory = ({
       actor,
       actorId,
       integrationAuth.projectId,
-      actorAuthMethod,
       actorOrgId
     );
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Create, ProjectPermissionSub.Integrations);
@@ -95,7 +93,6 @@ export const integrationServiceFactory = ({
     actorId,
     actor,
     actorOrgId,
-    actorAuthMethod,
     targetEnvironment,
     app,
     id,
@@ -112,7 +109,6 @@ export const integrationServiceFactory = ({
       actor,
       actorId,
       integration.projectId,
-      actorAuthMethod,
       actorOrgId
     );
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Edit, ProjectPermissionSub.Integrations);
@@ -133,7 +129,7 @@ export const integrationServiceFactory = ({
     return updatedIntegration;
   };
 
-  const deleteIntegration = async ({ actorId, id, actor, actorAuthMethod, actorOrgId }: TDeleteIntegrationDTO) => {
+  const deleteIntegration = async ({ actorId, id, actor, actorOrgId }: TDeleteIntegrationDTO) => {
     const integration = await integrationDAL.findById(id);
     if (!integration) throw new BadRequestError({ message: "Integration auth not found" });
 
@@ -141,7 +137,6 @@ export const integrationServiceFactory = ({
       actor,
       actorId,
       integration.projectId,
-      actorAuthMethod,
       actorOrgId
     );
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Delete, ProjectPermissionSub.Integrations);
@@ -150,20 +145,8 @@ export const integrationServiceFactory = ({
     return { ...integration, ...deletedIntegration };
   };
 
-  const listIntegrationByProject = async ({
-    actor,
-    actorId,
-    actorOrgId,
-    actorAuthMethod,
-    projectId
-  }: TProjectPermission) => {
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+  const listIntegrationByProject = async ({ actor, actorId, actorOrgId, projectId }: TProjectPermission) => {
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, projectId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
 
     const integrations = await integrationDAL.findByProjectId(projectId);

backend/src/services/org/org-role-service.ts

@@ -12,7 +12,6 @@ import {
 import { TPermissionServiceFactory } from "@app/ee/services/permission/permission-service";
 import { BadRequestError } from "@app/lib/errors";
 
-import { ActorAuthMethod } from "../auth/auth-type";
 import { TOrgRoleDALFactory } from "./org-role-dal";
 
 type TOrgRoleServiceFactoryDep = {
@@ -27,10 +26,9 @@ export const orgRoleServiceFactory = ({ orgRoleDAL, permissionService }: TOrgRol
     userId: string,
     orgId: string,
     data: Omit<TOrgRolesInsert, "orgId">,
-    actorAuthMethod: ActorAuthMethod,
-    actorOrgId: string | undefined
+    actorOrgId?: string
   ) => {
-    const { permission } = await permissionService.getUserOrgPermission(userId, orgId, actorAuthMethod, actorOrgId);
+    const { permission } = await permissionService.getUserOrgPermission(userId, orgId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Create, OrgPermissionSubjects.Role);
     const existingRole = await orgRoleDAL.findOne({ slug: data.slug, orgId });
     if (existingRole) throw new BadRequestError({ name: "Create Role", message: "Duplicate role" });
@@ -47,10 +45,9 @@ export const orgRoleServiceFactory = ({ orgRoleDAL, permissionService }: TOrgRol
     orgId: string,
     roleId: string,
     data: Omit<TOrgRolesUpdate, "orgId">,
-    actorAuthMethod: ActorAuthMethod,
-    actorOrgId: string | undefined
+    actorOrgId?: string
   ) => {
-    const { permission } = await permissionService.getUserOrgPermission(userId, orgId, actorAuthMethod, actorOrgId);
+    const { permission } = await permissionService.getUserOrgPermission(userId, orgId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Edit, OrgPermissionSubjects.Role);
     if (data?.slug) {
       const existingRole = await orgRoleDAL.findOne({ slug: data.slug, orgId });
@@ -65,14 +62,8 @@ export const orgRoleServiceFactory = ({ orgRoleDAL, permissionService }: TOrgRol
     return updatedRole;
   };
 
-  const deleteRole = async (
-    userId: string,
-    orgId: string,
-    roleId: string,
-    actorAuthMethod: ActorAuthMethod,
-    actorOrgId: string | undefined
-  ) => {
-    const { permission } = await permissionService.getUserOrgPermission(userId, orgId, actorAuthMethod, actorOrgId);
+  const deleteRole = async (userId: string, orgId: string, roleId: string, actorOrgId?: string) => {
+    const { permission } = await permissionService.getUserOrgPermission(userId, orgId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Delete, OrgPermissionSubjects.Role);
     const [deletedRole] = await orgRoleDAL.delete({ id: roleId, orgId });
     if (!deletedRole) throw new BadRequestError({ message: "Role not found", name: "Update role" });
@@ -80,13 +71,8 @@ export const orgRoleServiceFactory = ({ orgRoleDAL, permissionService }: TOrgRol
     return deletedRole;
   };
 
-  const listRoles = async (
-    userId: string,
-    orgId: string,
-    actorAuthMethod: ActorAuthMethod,
-    actorOrgId: string | undefined
-  ) => {
-    const { permission } = await permissionService.getUserOrgPermission(userId, orgId, actorAuthMethod, actorOrgId);
+  const listRoles = async (userId: string, orgId: string, actorOrgId?: string) => {
+    const { permission } = await permissionService.getUserOrgPermission(userId, orgId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Read, OrgPermissionSubjects.Role);
     const customRoles = await orgRoleDAL.find({ orgId });
     const roles = [
@@ -129,18 +115,8 @@ export const orgRoleServiceFactory = ({ orgRoleDAL, permissionService }: TOrgRol
     return roles;
   };
 
-  const getUserPermission = async (
-    userId: string,
-    orgId: string,
-    actorAuthMethod: ActorAuthMethod,
-    actorOrgId: string | undefined
-  ) => {
-    const { permission, membership } = await permissionService.getUserOrgPermission(
-      userId,
-      orgId,
-      actorAuthMethod,
-      actorOrgId
-    );
+  const getUserPermission = async (userId: string, orgId: string, actorOrgId?: string) => {
+    const { permission, membership } = await permissionService.getUserOrgPermission(userId, orgId, actorOrgId);
     return { permissions: packRules(permission.rules), membership };
   };
 

backend/src/services/org/org-service.ts

@@ -18,7 +18,7 @@ import { BadRequestError, UnauthorizedError } from "@app/lib/errors";
 import { alphaNumericNanoId } from "@app/lib/nanoid";
 import { isDisposableEmail } from "@app/lib/validator";
 
-import { ActorAuthMethod, ActorType, AuthMethod, AuthTokenType } from "../auth/auth-type";
+import { ActorType, AuthMethod, AuthTokenType } from "../auth/auth-type";
 import { TAuthTokenServiceFactory } from "../auth-token/auth-token-service";
 import { TokenType } from "../auth-token/auth-token-types";
 import { TProjectDALFactory } from "../project/project-dal";
@@ -79,13 +79,8 @@ export const orgServiceFactory = ({
   /*
    * Get organization details by the organization id
    * */
-  const findOrganizationById = async (
-    userId: string,
-    orgId: string,
-    actorAuthMethod: ActorAuthMethod,
-    actorOrgId: string | undefined
-  ) => {
-    await permissionService.getUserOrgPermission(userId, orgId, actorAuthMethod, actorOrgId);
+  const findOrganizationById = async (userId: string, orgId: string, actorOrgId?: string) => {
+    await permissionService.getUserOrgPermission(userId, orgId, actorOrgId);
     const org = await orgDAL.findOrgById(orgId);
     if (!org) throw new BadRequestError({ name: "Org not found", message: "Organization not found" });
     return org;
@@ -100,28 +95,16 @@ export const orgServiceFactory = ({
   /*
    * Get all workspace members
    * */
-  const findAllOrgMembers = async (
-    userId: string,
-    orgId: string,
-    actorAuthMethod: ActorAuthMethod,
-    actorOrgId: string | undefined
-  ) => {
-    const { permission } = await permissionService.getUserOrgPermission(userId, orgId, actorAuthMethod, actorOrgId);
+  const findAllOrgMembers = async (userId: string, orgId: string, actorOrgId?: string) => {
+    const { permission } = await permissionService.getUserOrgPermission(userId, orgId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Read, OrgPermissionSubjects.Member);
 
     const members = await orgDAL.findAllOrgMembers(orgId);
     return members;
   };
 
-  const findOrgMembersByUsername = async ({
-    actor,
-    actorId,
-    actorOrgId,
-    actorAuthMethod,
-    orgId,
-    emails
-  }: TFindOrgMembersByEmailDTO) => {
-    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorAuthMethod, actorOrgId);
+  const findOrgMembersByUsername = async ({ actor, actorId, orgId, emails }: TFindOrgMembersByEmailDTO) => {
+    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Read, OrgPermissionSubjects.Member);
 
     const members = await orgDAL.findOrgMembersByUsername(orgId, emails);
@@ -129,8 +112,8 @@ export const orgServiceFactory = ({
     return members;
   };
 
-  const findAllWorkspaces = async ({ actor, actorId, actorOrgId, actorAuthMethod, orgId }: TFindAllWorkspacesDTO) => {
-    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorAuthMethod, actorOrgId);
+  const findAllWorkspaces = async ({ actor, actorId, actorOrgId, orgId }: TFindAllWorkspacesDTO) => {
+    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Read, OrgPermissionSubjects.Workspace);
 
     const organizationWorkspaceIds = new Set((await projectDAL.find({ orgId })).map((workspace) => workspace.id));
@@ -210,11 +193,10 @@ export const orgServiceFactory = ({
     actor,
     actorId,
     actorOrgId,
-    actorAuthMethod,
     orgId,
     data: { name, slug, authEnforced, scimEnabled }
   }: TUpdateOrgDTO) => {
-    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorAuthMethod, actorOrgId);
+    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Edit, OrgPermissionSubjects.Settings);
 
     const plan = await licenseService.getPlan(orgId);
@@ -327,13 +309,8 @@ export const orgServiceFactory = ({
   /*
    * Delete organization by id
    * */
-  const deleteOrganizationById = async (
-    userId: string,
-    orgId: string,
-    actorAuthMethod: ActorAuthMethod,
-    actorOrgId: string | undefined
-  ) => {
-    const { membership } = await permissionService.getUserOrgPermission(userId, orgId, actorAuthMethod, actorOrgId);
+  const deleteOrganizationById = async (userId: string, orgId: string, actorOrgId?: string) => {
+    const { membership } = await permissionService.getUserOrgPermission(userId, orgId, actorOrgId);
     if ((membership.role as OrgMembershipRole) !== OrgMembershipRole.Admin)
       throw new UnauthorizedError({ name: "Delete org by id", message: "Not an admin" });
 
@@ -347,15 +324,8 @@ export const orgServiceFactory = ({
    * Org membership management
    * Not another service because it has close ties with how an org works doesn't make sense to seperate them
    * */
-  const updateOrgMembership = async ({
-    role,
-    orgId,
-    userId,
-    membershipId,
-    actorAuthMethod,
-    actorOrgId
-  }: TUpdateOrgMembershipDTO) => {
-    const { permission } = await permissionService.getUserOrgPermission(userId, orgId, actorAuthMethod, actorOrgId);
+  const updateOrgMembership = async ({ role, orgId, userId, membershipId, actorOrgId }: TUpdateOrgMembershipDTO) => {
+    const { permission } = await permissionService.getUserOrgPermission(userId, orgId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Edit, OrgPermissionSubjects.Member);
 
     const isCustomRole = !Object.values(OrgMembershipRole).includes(role as OrgMembershipRole);
@@ -385,14 +355,8 @@ export const orgServiceFactory = ({
   /*
    * Invite user to organization
    */
-  const inviteUserToOrganization = async ({
-    orgId,
-    userId,
-    inviteeEmail,
-    actorAuthMethod,
-    actorOrgId
-  }: TInviteUserToOrgDTO) => {
-    const { permission } = await permissionService.getUserOrgPermission(userId, orgId, actorAuthMethod, actorOrgId);
+  const inviteUserToOrganization = async ({ orgId, userId, inviteeEmail, actorOrgId }: TInviteUserToOrgDTO) => {
+    const { permission } = await permissionService.getUserOrgPermission(userId, orgId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Create, OrgPermissionSubjects.Member);
 
     const org = await orgDAL.findOrgById(orgId);
@@ -551,14 +515,8 @@ export const orgServiceFactory = ({
     return { token, user };
   };
 
-  const deleteOrgMembership = async ({
-    orgId,
-    userId,
-    membershipId,
-    actorAuthMethod,
-    actorOrgId
-  }: TDeleteOrgMembershipDTO) => {
-    const { permission } = await permissionService.getUserOrgPermission(userId, orgId, actorAuthMethod, actorOrgId);
+  const deleteOrgMembership = async ({ orgId, userId, membershipId, actorOrgId }: TDeleteOrgMembershipDTO) => {
+    const { permission } = await permissionService.getUserOrgPermission(userId, orgId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Delete, OrgPermissionSubjects.Member);
 
     const deletedMembership = await orgDAL.transaction(async (tx) => {
@@ -610,26 +568,15 @@ export const orgServiceFactory = ({
   /*
    * CRUD operations of incident contacts
    * */
-  const findIncidentContacts = async (
-    userId: string,
-    orgId: string,
-    actorAuthMethod: ActorAuthMethod,
-    actorOrgId: string | undefined
-  ) => {
-    const { permission } = await permissionService.getUserOrgPermission(userId, orgId, actorAuthMethod, actorOrgId);
+  const findIncidentContacts = async (userId: string, orgId: string, actorOrgId?: string) => {
+    const { permission } = await permissionService.getUserOrgPermission(userId, orgId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Read, OrgPermissionSubjects.IncidentAccount);
     const incidentContacts = await incidentContactDAL.findByOrgId(orgId);
     return incidentContacts;
   };
 
-  const createIncidentContact = async (
-    userId: string,
-    orgId: string,
-    email: string,
-    actorAuthMethod: ActorAuthMethod,
-    actorOrgId: string | undefined
-  ) => {
-    const { permission } = await permissionService.getUserOrgPermission(userId, orgId, actorAuthMethod, actorOrgId);
+  const createIncidentContact = async (userId: string, orgId: string, email: string, actorOrgId?: string) => {
+    const { permission } = await permissionService.getUserOrgPermission(userId, orgId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Create, OrgPermissionSubjects.IncidentAccount);
     const doesIncidentContactExist = await incidentContactDAL.findOne(orgId, { email });
     if (doesIncidentContactExist) {
@@ -643,14 +590,8 @@ export const orgServiceFactory = ({
     return incidentContact;
   };
 
-  const deleteIncidentContact = async (
-    userId: string,
-    orgId: string,
-    id: string,
-    actorAuthMethod: ActorAuthMethod,
-    actorOrgId: string | undefined
-  ) => {
-    const { permission } = await permissionService.getUserOrgPermission(userId, orgId, actorAuthMethod, actorOrgId);
+  const deleteIncidentContact = async (userId: string, orgId: string, id: string, actorOrgId?: string) => {
+    const { permission } = await permissionService.getUserOrgPermission(userId, orgId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Delete, OrgPermissionSubjects.IncidentAccount);
 
     const incidentContact = await incidentContactDAL.deleteById(id, orgId);

backend/src/services/org/org-types.ts

@@ -1,29 +1,26 @@
 import { TOrgPermission } from "@app/lib/types";
 
-import { ActorAuthMethod, ActorType } from "../auth/auth-type";
+import { ActorType } from "../auth/auth-type";
 
 export type TUpdateOrgMembershipDTO = {
   userId: string;
   orgId: string;
   membershipId: string;
   role: string;
-  actorOrgId: string | undefined;
-  actorAuthMethod: ActorAuthMethod;
+  actorOrgId?: string;
 };
 
 export type TDeleteOrgMembershipDTO = {
   userId: string;
   orgId: string;
   membershipId: string;
-  actorOrgId: string | undefined;
-  actorAuthMethod: ActorAuthMethod;
+  actorOrgId?: string;
 };
 
 export type TInviteUserToOrgDTO = {
   userId: string;
   orgId: string;
-  actorOrgId: string | undefined;
-  actorAuthMethod: ActorAuthMethod;
+  actorOrgId?: string;
   inviteeEmail: string;
 };
 
@@ -35,9 +32,7 @@ export type TVerifyUserToOrgDTO = {
 
 export type TFindOrgMembersByEmailDTO = {
   actor: ActorType;
-  actorOrgId: string | undefined;
   actorId: string;
-  actorAuthMethod: ActorAuthMethod;
   orgId: string;
   emails: string[];
 };
@@ -45,8 +40,7 @@ export type TFindOrgMembersByEmailDTO = {
 export type TFindAllWorkspacesDTO = {
   actor: ActorType;
   actorId: string;
-  actorOrgId: string | undefined;
-  actorAuthMethod: ActorAuthMethod;
+  actorOrgId?: string;
   orgId: string;
 };
 

backend/src/services/project-bot/project-bot-service.ts

@@ -37,17 +37,10 @@ export const projectBotServiceFactory = ({
     projectId,
     actorOrgId,
     privateKey,
-    actorAuthMethod,
     botKey,
     publicKey
   }: TFindBotByProjectIdDTO) => {
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, projectId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
 
     const bot = await projectBotDAL.transaction(async (tx) => {
@@ -95,25 +88,11 @@ export const projectBotServiceFactory = ({
     }
   };
 
-  const setBotActiveState = async ({
-    actor,
-    botId,
-    botKey,
-    actorId,
-    actorOrgId,
-    actorAuthMethod,
-    isActive
-  }: TSetActiveStateDTO) => {
+  const setBotActiveState = async ({ actor, botId, botKey, actorId, actorOrgId, isActive }: TSetActiveStateDTO) => {
     const bot = await projectBotDAL.findById(botId);
     if (!bot) throw new BadRequestError({ message: "Bot not found" });
 
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      bot.projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, bot.projectId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Edit, ProjectPermissionSub.Integrations);
 
     const project = await projectBotDAL.findProjectByBotId(botId);

backend/src/services/project-env/project-env-service.ts

@@ -27,22 +27,8 @@ export const projectEnvServiceFactory = ({
   projectDAL,
   folderDAL
 }: TProjectEnvServiceFactoryDep) => {
-  const createEnvironment = async ({
-    projectId,
-    actorId,
-    actor,
-    actorOrgId,
-    actorAuthMethod,
-    name,
-    slug
-  }: TCreateEnvDTO) => {
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+  const createEnvironment = async ({ projectId, actorId, actor, actorOrgId, name, slug }: TCreateEnvDTO) => {
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, projectId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Create, ProjectPermissionSub.Environments);
 
     const envs = await projectEnvDAL.find({ projectId });
@@ -79,18 +65,11 @@ export const projectEnvServiceFactory = ({
     actor,
     actorId,
     actorOrgId,
-    actorAuthMethod,
     name,
     id,
     position
   }: TUpdateEnvDTO) => {
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, projectId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Edit, ProjectPermissionSub.Environments);
 
     const oldEnv = await projectEnvDAL.findOne({ id, projectId });
@@ -115,14 +94,8 @@ export const projectEnvServiceFactory = ({
     return { environment: env, old: oldEnv };
   };
 
-  const deleteEnvironment = async ({ projectId, actor, actorId, actorOrgId, actorAuthMethod, id }: TDeleteEnvDTO) => {
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+  const deleteEnvironment = async ({ projectId, actor, actorId, actorOrgId, id }: TDeleteEnvDTO) => {
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, projectId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Delete, ProjectPermissionSub.Environments);
 
     const env = await projectEnvDAL.transaction(async (tx) => {

backend/src/services/project-key/project-key-service.ts

@@ -26,18 +26,11 @@ export const projectKeyServiceFactory = ({
     actor,
     actorId,
     actorOrgId,
-    actorAuthMethod,
     projectId,
     nonce,
     encryptedKey
   }: TUploadProjectKeyDTO) => {
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, projectId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Edit, ProjectPermissionSub.Member);
 
     const receiverMembership = await projectMembershipDAL.findOne({
@@ -53,32 +46,14 @@ export const projectKeyServiceFactory = ({
     await projectKeyDAL.create({ projectId, receiverId, encryptedKey, nonce, senderId: actorId });
   };
 
-  const getLatestProjectKey = async ({
-    actorId,
-    projectId,
-    actor,
-    actorOrgId,
-    actorAuthMethod
-  }: TGetLatestProjectKeyDTO) => {
-    await permissionService.getProjectPermission(actor, actorId, projectId, actorAuthMethod, actorOrgId);
+  const getLatestProjectKey = async ({ actorId, projectId, actor, actorOrgId }: TGetLatestProjectKeyDTO) => {
+    await permissionService.getProjectPermission(actor, actorId, projectId, actorOrgId);
     const latestKey = await projectKeyDAL.findLatestProjectKey(actorId, projectId);
     return latestKey;
   };
 
-  const getProjectPublicKeys = async ({
-    actor,
-    actorId,
-    actorOrgId,
-    actorAuthMethod,
-    projectId
-  }: TGetLatestProjectKeyDTO) => {
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+  const getProjectPublicKeys = async ({ actor, actorId, actorOrgId, projectId }: TGetLatestProjectKeyDTO) => {
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, projectId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Member);
     return projectKeyDAL.findAllProjectUserPubKeys(projectId);
   };

backend/src/services/project-membership/project-membership-service.ts

@@ -67,20 +67,8 @@ export const projectMembershipServiceFactory = ({
   projectKeyDAL,
   licenseService
 }: TProjectMembershipServiceFactoryDep) => {
-  const getProjectMemberships = async ({
-    actorId,
-    actor,
-    actorOrgId,
-    actorAuthMethod,
-    projectId
-  }: TGetProjectMembershipDTO) => {
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+  const getProjectMemberships = async ({ actorId, actor, actorOrgId, projectId }: TGetProjectMembershipDTO) => {
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, projectId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Member);
 
     return projectMembershipDAL.findAllProjectMembers(projectId);
@@ -91,20 +79,13 @@ export const projectMembershipServiceFactory = ({
     actorId,
     actor,
     actorOrgId,
-    actorAuthMethod,
     members,
     sendEmails = true
   }: TAddUsersToWorkspaceDTO) => {
     const project = await projectDAL.findById(projectId);
     if (!project) throw new BadRequestError({ message: "Project not found" });
 
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, projectId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Create, ProjectPermissionSub.Member);
     const orgMembers = await orgDAL.findMembership({
       orgId: project.orgId,
@@ -164,9 +145,7 @@ export const projectMembershipServiceFactory = ({
   const addUsersToProjectNonE2EE = async ({
     projectId,
     actorId,
-    actorAuthMethod,
     actor,
-    actorOrgId,
     emails,
     usernames,
     sendEmails = true
@@ -178,13 +157,7 @@ export const projectMembershipServiceFactory = ({
       throw new BadRequestError({ message: "Please upgrade your project on your dashboard" });
     }
 
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, projectId);
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Create, ProjectPermissionSub.Member);
 
     const usernamesAndEmails = [...emails, ...usernames];
@@ -300,18 +273,11 @@ export const projectMembershipServiceFactory = ({
     actorId,
     actor,
     actorOrgId,
-    actorAuthMethod,
     projectId,
     membershipId,
     roles
   }: TUpdateProjectMembershipDTO) => {
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, projectId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Edit, ProjectPermissionSub.Member);
 
     const membershipUser = await userDAL.findUserByProjectMembershipId(membershipId);
@@ -381,17 +347,10 @@ export const projectMembershipServiceFactory = ({
     actorId,
     actor,
     actorOrgId,
-    actorAuthMethod,
     projectId,
     membershipId
   }: TDeleteProjectMembershipOldDTO) => {
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, projectId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Delete, ProjectPermissionSub.Member);
 
     const member = await userDAL.findUserByProjectMembershipId(membershipId);
@@ -415,18 +374,11 @@ export const projectMembershipServiceFactory = ({
     actorId,
     actor,
     actorOrgId,
-    actorAuthMethod,
     projectId,
     emails,
     usernames
   }: TDeleteProjectMembershipsDTO) => {
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, projectId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Delete, ProjectPermissionSub.Member);
 
     const project = await projectDAL.findById(projectId);

backend/src/services/project-role/project-role-service.ts

@@ -13,7 +13,7 @@ import {
 } from "@app/ee/services/permission/project-permission";
 import { BadRequestError } from "@app/lib/errors";
 
-import { ActorAuthMethod, ActorType } from "../auth/auth-type";
+import { ActorType } from "../auth/auth-type";
 import { TProjectRoleDALFactory } from "./project-role-dal";
 
 type TProjectRoleServiceFactoryDep = {
@@ -29,16 +29,9 @@ export const projectRoleServiceFactory = ({ projectRoleDAL, permissionService }:
     actorId: string,
     projectId: string,
     data: Omit<TProjectRolesInsert, "projectId">,
-    actorAuthMethod: ActorAuthMethod,
-    actorOrgId: string | undefined
+    actorOrgId?: string
   ) => {
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, projectId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Create, ProjectPermissionSub.Role);
     const existingRole = await projectRoleDAL.findOne({ slug: data.slug, projectId });
     if (existingRole) throw new BadRequestError({ name: "Create Role", message: "Duplicate role" });
@@ -56,16 +49,9 @@ export const projectRoleServiceFactory = ({ projectRoleDAL, permissionService }:
     projectId: string,
     roleId: string,
     data: Omit<TOrgRolesUpdate, "orgId">,
-    actorAuthMethod: ActorAuthMethod,
-    actorOrgId: string | undefined
+    actorOrgId?: string
   ) => {
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, projectId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Edit, ProjectPermissionSub.Role);
     if (data?.slug) {
       const existingRole = await projectRoleDAL.findOne({ slug: data.slug, projectId });
@@ -85,16 +71,9 @@ export const projectRoleServiceFactory = ({ projectRoleDAL, permissionService }:
     actorId: string,
     projectId: string,
     roleId: string,
-    actorAuthMethod: ActorAuthMethod,
-    actorOrgId: string | undefined
+    actorOrgId?: string
   ) => {
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, projectId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Delete, ProjectPermissionSub.Role);
     const [deletedRole] = await projectRoleDAL.delete({ id: roleId, projectId });
     if (!deletedRole) throw new BadRequestError({ message: "Role not found", name: "Update role" });
@@ -102,20 +81,8 @@ export const projectRoleServiceFactory = ({ projectRoleDAL, permissionService }:
     return deletedRole;
   };
 
-  const listRoles = async (
-    actor: ActorType,
-    actorId: string,
-    projectId: string,
-    actorAuthMethod: ActorAuthMethod,
-    actorOrgId: string | undefined
-  ) => {
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+  const listRoles = async (actor: ActorType, actorId: string, projectId: string, actorOrgId?: string) => {
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, projectId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Role);
     const customRoles = await projectRoleDAL.find({ projectId });
     const roles = [
@@ -168,18 +135,8 @@ export const projectRoleServiceFactory = ({ projectRoleDAL, permissionService }:
     return roles;
   };
 
-  const getUserPermission = async (
-    userId: string,
-    projectId: string,
-    actorAuthMethod: ActorAuthMethod,
-    actorOrgId: string | undefined
-  ) => {
-    const { permission, membership } = await permissionService.getUserProjectPermission(
-      userId,
-      projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+  const getUserPermission = async (userId: string, projectId: string, actorOrgId?: string) => {
+    const { permission, membership } = await permissionService.getUserProjectPermission(userId, projectId, actorOrgId);
     return { permissions: packRules(permission.rules), membership };
   };
 

backend/src/services/project/project-dal.ts

@@ -5,8 +5,6 @@ import { ProjectsSchema, ProjectUpgradeStatus, ProjectVersion, TableName, TProje
 import { BadRequestError, DatabaseError } from "@app/lib/errors";
 import { ormify, selectAllTableCols, sqlNestRelationships } from "@app/lib/knex";
 
-import { Filter, ProjectFilterType } from "./project-types";
-
 export type TProjectDALFactory = ReturnType<typeof projectDALFactory>;
 
 export const projectDALFactory = (db: TDbClient) => {
@@ -141,7 +139,7 @@ export const projectDALFactory = (db: TDbClient) => {
           { column: `${TableName.Project}.name`, order: "asc" },
           { column: `${TableName.Environment}.position`, order: "asc" }
         ]);
-      const project = sqlNestRelationships({
+      return sqlNestRelationships({
         data: workspaces,
         key: "id",
         parentMapper: ({ _id, ...el }) => ({ _id, ...ProjectsSchema.parse(el) }),
@@ -157,86 +155,11 @@ export const projectDALFactory = (db: TDbClient) => {
           }
         ]
       })?.[0];
-
-      if (!project) {
-        throw new BadRequestError({ message: "Project not found" });
-      }
-
-      return project;
     } catch (error) {
       throw new DatabaseError({ error, name: "Find all projects" });
     }
   };
 
-  const findProjectBySlug = async (slug: string, orgId: string) => {
-    try {
-      const projects = await db(TableName.ProjectMembership)
-        .where(`${TableName.Project}.slug`, slug)
-        .where(`${TableName.Project}.orgId`, orgId)
-        .join(TableName.Project, `${TableName.ProjectMembership}.projectId`, `${TableName.Project}.id`)
-        .join(TableName.Environment, `${TableName.Environment}.projectId`, `${TableName.Project}.id`)
-        .select(
-          selectAllTableCols(TableName.Project),
-          db.ref("id").withSchema(TableName.Project).as("_id"),
-          db.ref("id").withSchema(TableName.Environment).as("envId"),
-          db.ref("slug").withSchema(TableName.Environment).as("envSlug"),
-          db.ref("name").withSchema(TableName.Environment).as("envName")
-        )
-        .orderBy([
-          { column: `${TableName.Project}.name`, order: "asc" },
-          { column: `${TableName.Environment}.position`, order: "asc" }
-        ]);
-
-      const project = sqlNestRelationships({
-        data: projects,
-        key: "id",
-        parentMapper: ({ _id, ...el }) => ({ _id, ...ProjectsSchema.parse(el) }),
-        childrenMapper: [
-          {
-            key: "envId",
-            label: "environments" as const,
-            mapper: ({ envId, envSlug, envName: name }) => ({
-              id: envId,
-              slug: envSlug,
-              name
-            })
-          }
-        ]
-      })?.[0];
-
-      if (!project) {
-        throw new BadRequestError({ message: "Project not found" });
-      }
-
-      return project;
-    } catch (error) {
-      throw new DatabaseError({ error, name: "Find project by slug" });
-    }
-  };
-
-  const findProjectByFilter = async (filter: Filter) => {
-    try {
-      if (filter.type === ProjectFilterType.ID) {
-        return await findProjectById(filter.projectId);
-      }
-      if (filter.type === ProjectFilterType.SLUG) {
-        if (!filter.orgId) {
-          throw new BadRequestError({
-            message: "Organization ID is required when querying with slugs"
-          });
-        }
-
-        return await findProjectBySlug(filter.slug, filter.orgId);
-      }
-      throw new BadRequestError({ message: "Invalid filter type" });
-    } catch (error) {
-      if (error instanceof BadRequestError) {
-        throw error;
-      }
-      throw new DatabaseError({ error, name: `Failed to find project by ${filter.type}` });
-    }
-  };
-
   const checkProjectUpgradeStatus = async (projectId: string) => {
     const project = await projectOrm.findById(projectId);
     const upgradeInProgress =
@@ -256,8 +179,6 @@ export const projectDALFactory = (db: TDbClient) => {
     findAllProjectsByIdentity,
     findProjectGhostUser,
     findProjectById,
-    findProjectByFilter,
-    findProjectBySlug,
     checkProjectUpgradeStatus
   };
 };

backend/src/services/project/project-service.ts

@@ -18,7 +18,6 @@ import { ActorType } from "../auth/auth-type";
 import { TIdentityOrgDALFactory } from "../identity/identity-org-dal";
 import { TIdentityProjectDALFactory } from "../identity-project/identity-project-dal";
 import { TIdentityProjectMembershipRoleDALFactory } from "../identity-project/identity-project-membership-role-dal";
-import { TOrgDALFactory } from "../org/org-dal";
 import { TOrgServiceFactory } from "../org/org-service";
 import { TProjectBotDALFactory } from "../project-bot/project-bot-dal";
 import { TProjectEnvDALFactory } from "../project-env/project-env-dal";
@@ -35,9 +34,7 @@ import {
   TCreateProjectDTO,
   TDeleteProjectDTO,
   TGetProjectDTO,
-  TToggleProjectAutoCapitalizationDTO,
   TUpdateProjectDTO,
-  TUpdateProjectNameDTO,
   TUpgradeProjectDTO
 } from "./project-types";
 
@@ -64,7 +61,6 @@ type TProjectServiceFactoryDep = {
   permissionService: TPermissionServiceFactory;
   orgService: Pick<TOrgServiceFactory, "addGhostUser">;
   licenseService: Pick<TLicenseServiceFactory, "getPlan">;
-  orgDAL: Pick<TOrgDALFactory, "findOne">;
 };
 
 export type TProjectServiceFactory = ReturnType<typeof projectServiceFactory>;
@@ -74,7 +70,6 @@ export const projectServiceFactory = ({
   projectQueue,
   projectKeyDAL,
   permissionService,
-  orgDAL,
   userDAL,
   folderDAL,
   orgService,
@@ -91,21 +86,11 @@ export const projectServiceFactory = ({
   /*
    * Create workspace. Make user the admin
    * */
-  const createProject = async ({
-    actor,
-    actorId,
-    actorOrgId,
-    actorAuthMethod,
-    workspaceName,
-    slug: projectSlug
-  }: TCreateProjectDTO) => {
-    const organization = await orgDAL.findOne({ id: actorOrgId });
-
+  const createProject = async ({ orgId, actor, actorId, actorOrgId, workspaceName, slug }: TCreateProjectDTO) => {
     const { permission, membership: orgMembership } = await permissionService.getOrgPermission(
       actor,
       actorId,
-      organization.id,
-      actorAuthMethod,
+      orgId,
       actorOrgId
     );
     ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Create, OrgPermissionSubjects.Workspace);
@@ -113,7 +98,7 @@ export const projectServiceFactory = ({
     const appCfg = getConfig();
     const blindIndex = createSecretBlindIndex(appCfg.ROOT_ENCRYPTION_KEY, appCfg.ENCRYPTION_KEY);
 
-    const plan = await licenseService.getPlan(organization.id);
+    const plan = await licenseService.getPlan(orgId);
     if (plan.workspaceLimit !== null && plan.workspacesUsed >= plan.workspaceLimit) {
       // case: limit imposed on number of workspaces allowed
       // case: number of workspaces used exceeds the number of workspaces allowed
@@ -123,13 +108,13 @@ export const projectServiceFactory = ({
     }
 
     const results = await projectDAL.transaction(async (tx) => {
-      const ghostUser = await orgService.addGhostUser(organization.id, tx);
+      const ghostUser = await orgService.addGhostUser(orgId, tx);
 
       const project = await projectDAL.create(
         {
           name: workspaceName,
-          orgId: organization.id,
-          slug: projectSlug || slugify(`${workspaceName}-${alphaNumericNanoId(4)}`),
+          orgId,
+          slug: slug || slugify(`${workspaceName}-${alphaNumericNanoId(4)}`),
           version: ProjectVersion.V2
         },
         tx
@@ -285,7 +270,7 @@ export const projectServiceFactory = ({
         // Get the role permission for the identity
         const { permission: rolePermission, role: customRole } = await permissionService.getOrgPermissionByRole(
           ProjectMembershipRole.Admin,
-          organization.id
+          orgId
         );
 
         const hasPrivilege = isAtLeastAsPrivileged(permission, rolePermission);
@@ -325,28 +310,20 @@ export const projectServiceFactory = ({
     return results;
   };
 
-  const deleteProject = async ({ actor, actorId, actorOrgId, actorAuthMethod, filter }: TDeleteProjectDTO) => {
-    const project = await projectDAL.findProjectByFilter(filter);
-
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      project.id,
-      actorAuthMethod,
-      actorOrgId
-    );
+  const deleteProject = async ({ actor, actorId, actorOrgId, projectId }: TDeleteProjectDTO) => {
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, projectId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Delete, ProjectPermissionSub.Project);
 
     const deletedProject = await projectDAL.transaction(async (tx) => {
-      const delProject = await projectDAL.deleteById(project.id, tx);
-      const projectGhostUser = await projectMembershipDAL.findProjectGhostUser(project.id).catch(() => null);
+      const project = await projectDAL.deleteById(projectId, tx);
+      const projectGhostUser = await projectMembershipDAL.findProjectGhostUser(projectId).catch(() => null);
 
       // Delete the org membership for the ghost user if it's found.
       if (projectGhostUser) {
         await userDAL.deleteById(projectGhostUser.id, tx);
       }
 
-      return delProject;
+      return project;
     });
 
     return deletedProject;
@@ -357,26 +334,16 @@ export const projectServiceFactory = ({
     return workspaces;
   };
 
-  const getAProject = async ({ actorId, actorOrgId, actorAuthMethod, filter, actor }: TGetProjectDTO) => {
-    const project = await projectDAL.findProjectByFilter(filter);
-
-    await permissionService.getProjectPermission(actor, actorId, project.id, actorAuthMethod, actorOrgId);
-    return project;
+  const getAProject = async ({ actorId, actorOrgId, projectId, actor }: TGetProjectDTO) => {
+    await permissionService.getProjectPermission(actor, actorId, projectId, actorOrgId);
+    return projectDAL.findProjectById(projectId);
   };
 
-  const updateProject = async ({ actor, actorId, actorOrgId, actorAuthMethod, update, filter }: TUpdateProjectDTO) => {
-    const project = await projectDAL.findProjectByFilter(filter);
-
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      project.id,
-      actorAuthMethod,
-      actorOrgId
-    );
+  const updateProject = async ({ projectId, actor, actorId, actorOrgId, update }: TUpdateProjectDTO) => {
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, projectId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Edit, ProjectPermissionSub.Settings);
 
-    const updatedProject = await projectDAL.updateById(project.id, {
+    const updatedProject = await projectDAL.updateById(projectId, {
       name: update.name,
       autoCapitalization: update.autoCapitalization
     });
@@ -388,58 +355,25 @@ export const projectServiceFactory = ({
     actor,
     actorId,
     actorOrgId,
-    actorAuthMethod,
     autoCapitalization
-  }: TToggleProjectAutoCapitalizationDTO) => {
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+  }: TGetProjectDTO & { autoCapitalization: boolean }) => {
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, projectId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Edit, ProjectPermissionSub.Settings);
 
     const updatedProject = await projectDAL.updateById(projectId, { autoCapitalization });
     return updatedProject;
   };
 
-  const updateName = async ({
-    projectId,
-    actor,
-    actorId,
-    actorOrgId,
-    actorAuthMethod,
-    name
-  }: TUpdateProjectNameDTO) => {
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+  const updateName = async ({ projectId, actor, actorId, actorOrgId, name }: TGetProjectDTO & { name: string }) => {
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, projectId, actorOrgId);
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Edit, ProjectPermissionSub.Settings);
 
     const updatedProject = await projectDAL.updateById(projectId, { name });
     return updatedProject;
   };
 
-  const upgradeProject = async ({
-    projectId,
-    actor,
-    actorId,
-    actorAuthMethod,
-    actorOrgId,
-    userPrivateKey
-  }: TUpgradeProjectDTO) => {
-    const { permission, hasRole } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+  const upgradeProject = async ({ projectId, actor, actorId, userPrivateKey }: TUpgradeProjectDTO) => {
+    const { permission, hasRole } = await permissionService.getProjectPermission(actor, actorId, projectId);
 
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Delete, ProjectPermissionSub.Project);
 
@@ -463,20 +397,8 @@ export const projectServiceFactory = ({
     });
   };
 
-  const getProjectUpgradeStatus = async ({
-    projectId,
-    actor,
-    actorAuthMethod,
-    actorOrgId,
-    actorId
-  }: TProjectPermission) => {
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
+  const getProjectUpgradeStatus = async ({ projectId, actor, actorId }: TProjectPermission) => {
+    const { permission } = await permissionService.getProjectPermission(actor, actorId, projectId);
     ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Secrets);
 
     const project = await projectDAL.findProjectById(projectId);