fix: improve first-user auto-approve logic

- Remove hardcoded test@test.com auto-approval - Count approved users instead of total users - Only first user gets auto-approved as ADMINISTRATOR - Subsequent users default to DRIVER role and require approval Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-31 20:07:30 +01:00
parent b8fac5de23
commit 689b89ea83
1 changed files with 9 additions and 8 deletions
--- a/backend/src/auth/auth.service.ts
+++ b/backend/src/auth/auth.service.ts
@@ -26,25 +26,26 @@ export class AuthService {

    if (!user) {
      // Check if this is the first user (auto-approve as admin)
-      const userCount = await this.prisma.user.count();
-      const isFirstUser = userCount === 0;
-
-      // Auto-approve test users for Playwright tests
-      const isTestUser = email === 'test@test.com';
+      const approvedUserCount = await this.prisma.user.count({
+        where: { isApproved: true, deletedAt: null },
+      });
+      const isFirstUser = approvedUserCount === 0;

      this.logger.log(
-        `Creating new user: ${email} (isFirstUser: ${isFirstUser}, isTestUser: ${isTestUser})`,
+        `Creating new user: ${email} (approvedUserCount: ${approvedUserCount}, isFirstUser: ${isFirstUser})`,
      );

      // Create new user
+      // First user is auto-approved as ADMINISTRATOR
+      // Subsequent users default to DRIVER and require approval
      user = await this.prisma.user.create({
        data: {
          auth0Id,
          email,
          name,
          picture,
-          role: isFirstUser || isTestUser ? Role.ADMINISTRATOR : Role.DRIVER,
-          isApproved: isFirstUser || isTestUser, // Auto-approve first user and test users
+          role: isFirstUser ? Role.ADMINISTRATOR : Role.DRIVER,
+          isApproved: isFirstUser, // Auto-approve first user only
        },
        include: { driver: true },
      });