Skip to content

[CLC-2041] Block signups for Classic PAYG sunset #21114

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 21, 2025
Merged

[CLC-2041] Block signups for Classic PAYG sunset #21114

merged 1 commit into from
Oct 21, 2025
+24 −0

Conversation

geropl
Copy link
Member

@geropl geropl commented Oct 20, 2025

Summary

Blocks new user signups when Classic PAYG sunset is enabled, complementing the existing login and workspace operation blocks from CLC-2032.

Changes

Backend (components/server/src/util/featureflags.ts)

  • Added isUserSignupBlockedBySunset() function
    • Checks if sunset feature flag is enabled
    • Exempts dedicated installations
    • Blocks all signups (new users don't have organizations or roles yet)

Backend (components/server/src/auth/generic-auth-provider.ts)

  • Added signup blocking check in OAuth callback flow
  • Blocks user creation when VerifyResult.WithIdentity is detected (new user signup)
  • Redirects blocked signups to https://app.ona.com/login
  • Logs blocked signup attempts for monitoring

Testing

The implementation follows the same pattern as CLC-2032:

  • Uses the same classic_payg_sunset_enabled feature flag
  • Exempts dedicated installations via isDedicatedInstallation check
  • Redirects to app.ona.com/login (consistent with login blocking)

Manual testing needed:

  • Verify new users cannot sign up when sunset is enabled on gitpod.io
  • Verify existing users can still log in (if not blocked by login checks)
  • Verify dedicated installations are not affected
  • Verify appropriate redirect to app.ona.com/login

Related

@geropl @ona-agent
[CLC-2041] Block signups for Classic PAYG sunset
d78fbb0 
Block new user signups when Classic PAYG sunset is enabled:

- Add isUserSignupBlockedBySunset() function in featureflags.ts
  - Checks if sunset is enabled for the installation
  - Exempts dedicated installations
  - Blocks all signups (new users don't have orgs/roles yet)

- Add signup blocking in generic-auth-provider.ts callback
  - Check before createNewUser() is called
  - Redirect blocked signups to https://app.ona.com/login
  - Log blocked signup attempts

This complements the existing login and workspace operation blocks
from CLC-2032, closing the signup path that was previously unblocked.

Co-authored-by: Ona <no-reply@ona.com>
@geropl geropl marked this pull request as ready for review October 20, 2025 14:06
@geropl geropl requested a review from a team as a code owner October 20, 2025 14:06
@geropl
Copy link
Member Author

geropl commented Oct 20, 2025

@corneliusludmann Would be great if you could review today/early tomorrow 🙏

@corneliusludmann
Copy link
Contributor

@geropl Approved to unblock.

There is a build error and my comment above.

@geropl
Copy link
Member Author

geropl commented Oct 20, 2025

There is a build error and my comment above.

Fixed already with a retry 👍

@geropl
Copy link
Member Author

geropl commented Oct 20, 2025

/unhold

@roboquat roboquat merged commit 8e02e09 into main Oct 21, 2025
48 of 50 checks passed
@roboquat roboquat deleted the gpl/2041-block-signups branch October 21, 2025 06:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@corneliusludmann corneliusludmann corneliusludmann approved these changes

Assignees

No one assigned

Labels

size/S team: team-enterprise

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@geropl @corneliusludmann @roboquat