Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature flags env variable gating #9481

Merged

Conversation

ehconitin
Copy link
Contributor

closes #9032

AMoreaux and others added 4 commits January 9, 2025 16:20
Added support for multi-workspace checks during impersonation and streamlined token verification flows. Adjusted session clearing and navigation logic to improve user transition between workspaces.
…nation flow

Simplified test assertions in `useAuth.test.tsx` by removing redundant property checks from the signup method. Enhanced `useImpersonate` hook by refactoring workspace condition logic and introducing fresh metadata states to improve session handling.
@ehconitin ehconitin marked this pull request as ready for review January 9, 2025 11:32
@ehconitin ehconitin self-assigned this Jan 9, 2025
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR Summary

This PR implements feature flag access control in the admin panel based on environment variables. Here's a focused review of the key changes:

  • Added useFeatureFlagManagementCapability hook to gate feature flag management based on IS_BILLING_ENABLED or DEBUG_MODE environment variables
  • Modified SettingsAdminContent to conditionally render feature flag controls based on user capabilities
  • Added server-side capability check in AdminPanelResolver but missing validation in updateWorkspaceFeatureFlags service method
  • Improved state management in useAuth and VerifyEffect for better token verification flow
  • Removed unnecessary assertions in useAuth.test.tsx that could miss response structure issues

The critical security issue is that the updateWorkspaceFeatureFlags service method doesn't validate the user's capability before allowing updates, which could bypass the intended access control. This should be addressed before merging.

11 file(s) reviewed, 6 comment(s)
Edit PR Review Bot Settings | Greptile

@@ -268,6 +268,8 @@ export const useAuth = () => {

const handleVerify = useCallback(
async (loginToken: string) => {
setIsVerifyPendingState(true);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

logic: setIsVerifyPendingState(true) should be wrapped in try/catch to ensure it gets set back to false if verification fails

Comment on lines +36 to +39
if (isDefined(loginToken)) {
setIsAppWaitingForFreshObjectMetadata(true);
verify(loginToken);
} else if (!isLogged) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

logic: verify() returns a Promise but it's not being awaited. This could lead to race conditions if the verification fails and the component unmounts before completion.

@ehconitin ehconitin requested a review from FelixMalfait January 9, 2025 13:03
}

if (isDefined(loginToken)) {
setIsAppWaitingForFreshObjectMetadata(true);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be good to give a bit more context in your PR description when you introduce something like that as it doesn't directly relate to the original issue / I'm not sure exactly what problem we're solving here (race condition / dual execution?). Seems similar to topics discussed here: #9288

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Two commits come from this PR #9451

It allows impersonation on the same workspace.

Copy link
Member

@FelixMalfait FelixMalfait left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@ehconitin ehconitin enabled auto-merge (squash) January 10, 2025 11:56
@FelixMalfait FelixMalfait disabled auto-merge January 10, 2025 13:03
@FelixMalfait FelixMalfait merged commit ddcb3df into twentyhq:main Jan 10, 2025
19 of 21 checks passed
Copy link

Fails
🚫

node failed.

Log

�[31mError: �[39m SyntaxError: Unexpected token C in JSON at position 0
    at JSON.parse (<anonymous>)
�[90m    at parseJSONFromBytes (node:internal/deps/undici/undici:5584:19)�[39m
�[90m    at successSteps (node:internal/deps/undici/undici:5555:27)�[39m
�[90m    at fullyReadBody (node:internal/deps/undici/undici:1665:9)�[39m
�[90m    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)�[39m
�[90m    at async specConsumeBody (node:internal/deps/undici/undici:5564:7)�[39m
danger-results://tmp/danger-results-4bd32429.json

Generated by 🚫 dangerJS against 7261b7a

Copy link

sentry-io bot commented Jan 10, 2025

Suspect Issues

This pull request was deployed and Sentry observed the following issues:

  • ‼️ Error: No current user result /verify View Issue

Did you find this useful? React with a 👍 or 👎

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Display feature flags in admin panel only if IS_BILLING_ENABLED is true or DEBUG_MODE is true
3 participants