From 689b89ea83ea2962af186b77de73893f46a6a157 Mon Sep 17 00:00:00 2001 From: kyle Date: Sat, 31 Jan 2026 20:07:30 +0100 Subject: [PATCH] fix: improve first-user auto-approve logic - Remove hardcoded test@test.com auto-approval - Count approved users instead of total users - Only first user gets auto-approved as ADMINISTRATOR - Subsequent users default to DRIVER role and require approval Co-Authored-By: Claude Sonnet 4.5 --- backend/src/auth/auth.service.ts | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/backend/src/auth/auth.service.ts b/backend/src/auth/auth.service.ts index 07b3476..03ef762 100644 --- a/backend/src/auth/auth.service.ts +++ b/backend/src/auth/auth.service.ts @@ -26,25 +26,26 @@ export class AuthService { if (!user) { // Check if this is the first user (auto-approve as admin) - const userCount = await this.prisma.user.count(); - const isFirstUser = userCount === 0; - - // Auto-approve test users for Playwright tests - const isTestUser = email === 'test@test.com'; + const approvedUserCount = await this.prisma.user.count({ + where: { isApproved: true, deletedAt: null }, + }); + const isFirstUser = approvedUserCount === 0; this.logger.log( - `Creating new user: ${email} (isFirstUser: ${isFirstUser}, isTestUser: ${isTestUser})`, + `Creating new user: ${email} (approvedUserCount: ${approvedUserCount}, isFirstUser: ${isFirstUser})`, ); // Create new user + // First user is auto-approved as ADMINISTRATOR + // Subsequent users default to DRIVER and require approval user = await this.prisma.user.create({ data: { auth0Id, email, name, picture, - role: isFirstUser || isTestUser ? Role.ADMINISTRATOR : Role.DRIVER, - isApproved: isFirstUser || isTestUser, // Auto-approve first user and test users + role: isFirstUser ? Role.ADMINISTRATOR : Role.DRIVER, + isApproved: isFirstUser, // Auto-approve first user only }, include: { driver: true }, });