refactor(core): update organization invitation apis

packages/core/src/libraries/organization-invitation.ts

@@ -14,8 +14,6 @@
 
 import { type ConnectorLibrary } from './connector.js';
 
-const invitationLinkPath = '/invitation';
-
 /**
  * The ending statuses of an organization invitation per RFC 0003. It means that the invitation
  * status cannot be changed anymore.
@@ -58,6 +56,14 @@
   ) {
     const { inviterId, invitee, organizationId, expiresAt, organizationRoleIds } = data;
 
+    if (await this.queries.organizations.relations.users.isMember(organizationId, invitee)) {
+      throw new RequestError({
+        status: 422,
+        code: 'request.invalid_input',
+        details: 'The invitee is already a member of the organization.',
+      });
+    }
+
     return this.queries.pool.transaction(async (connection) => {
       const organizationQueries = new OrganizationQueries(connection);
       const invitation = await organizationQueries.invitations.insert({
@@ -117,7 +123,7 @@
     status: OrganizationInvitationStatus.Accepted,
     acceptedUserId: string
   ): Promise<OrganizationInvitationEntity>;
   // TODO: Error i18n
   async updateStatus(
     id: string,
     status: OrganizationInvitationStatus,
@@ -186,7 +192,8 @@
     });
   }
 
-  protected async sendEmail(to: string, payload: SendMessagePayload) {
+  /** Send an organization invitation email. */
+  async sendEmail(to: string, payload: SendMessagePayload) {
     const emailConnector = await this.connector.getMessageConnector(ConnectorType.Email);
     return emailConnector.sendMessage({
       to,

packages/core/src/queries/organization/index.ts

@@ -88,32 +88,34 @@ class OrganizationRolesQueries extends SchemaQueries<
   }
 }
 
+type OrganizationInvitationSearchOptions = {
+  invitationId?: string;
+  organizationId?: string;
+  inviterId?: string;
+};
+
 class OrganizationInvitationsQueries extends SchemaQueries<
   OrganizationInvitationKeys,
   CreateOrganizationInvitation,
   OrganizationInvitation
 > {
-  override async findById(id: string): Promise<Readonly<OrganizationInvitationEntity>> {
-    return this.pool.one(this.#findEntity(id));
+  override async findById(invitationId: string): Promise<Readonly<OrganizationInvitationEntity>> {
+    return this.pool.one(this.#findEntity({ invitationId }));
   }
 
-  override async findAll(
-    limit: number,
-    offset: number,
-    search?: SearchOptions<OrganizationInvitationKeys>
-  ): Promise<[totalNumber: number, rows: Readonly<OrganizationInvitationEntity[]>]> {
-    return Promise.all([
-      this.findTotalNumber(search),
-      this.pool.any(this.#findEntity(undefined, limit, offset, search)),
-    ]);
+  /** @deprecated Use `findEntities` instead. */
+  override async findAll(): Promise<never> {
+    throw new Error('Use `findEntities` instead.');
   }
 
-  #findEntity(
-    invitationId?: string,
-    limit = 1,
-    offset = 0,
-    search?: SearchOptions<OrganizationInvitationKeys>
-  ) {
+  // We don't override `.findAll()` since the function signature is different from the base class.
+  async findEntities(
+    options: Omit<OrganizationInvitationSearchOptions, 'invitationId'>
+  ): Promise<Readonly<OrganizationInvitationEntity[]>> {
+    return this.pool.any(this.#findEntity({ ...options, invitationId: undefined }));
+  }
+
+  #findEntity({ invitationId, organizationId, inviterId }: OrganizationInvitationSearchOptions) {
     const { table, fields } = convertToIdentifiers(OrganizationInvitations, true);
     const roleRelations = convertToIdentifiers(OrganizationInvitationRoleRelations, true);
     const roles = convertToIdentifiers(OrganizationRoles, true);
@@ -147,16 +149,20 @@ class OrganizationInvitationsQueries extends SchemaQueries<
         on ${roleRelations.fields.organizationInvitationId} = ${fields.id}
       left join ${roles.table}
         on ${roles.fields.id} = ${roleRelations.fields.organizationRoleId}
+      where true
       ${conditionalSql(invitationId, (id) => {
-        return sql`where ${fields.id} = ${id}`;
+        return sql`and ${fields.id} = ${id}`;
+      })}
+      ${conditionalSql(organizationId, (id) => {
+        return sql`and ${fields.organizationId} = ${id}`;
+      })}
+      ${conditionalSql(inviterId, (id) => {
+        return sql`and ${fields.inviterId} = ${id}`;
       })}
-      ${buildSearchSql(OrganizationInvitations, search)}
       group by ${fields.id}
       ${conditionalSql(this.orderBy, ({ field, order }) => {
         return sql`order by ${fields[field]} ${order === 'desc' ? sql`desc` : sql`asc`}`;
       })}
-      limit ${limit}
-      offset ${offset}
     `;
   }
 }

packages/core/src/queries/organization/relations.ts

@@ -28,6 +28,20 @@ export class UserRelationQueries extends TwoRelationsQueries<typeof Organization
     super(pool, OrganizationUserRelations.table, Organizations, Users);
   }
 
+  async isMember(organizationId: string, email: string): Promise<boolean> {
+    const users = convertToIdentifiers(Users, true);
+    const relations = convertToIdentifiers(OrganizationUserRelations, true);
+
+    return this.pool.exists(sql`
+      select 1
+      from ${relations.table}
+      join ${users.table}
+        on ${relations.fields.userId} = ${users.fields.id}
+      where ${relations.fields.organizationId} = ${organizationId}
+      and ${users.fields.primaryEmail} = ${email}
+    `);
+  }
+
   async getFeatured(
     organizationId: string
   ): Promise<[totalNumber: number, users: readonly FeaturedUser[]]> {

packages/core/src/routes/organization/invitations.openapi.json

@@ -114,6 +114,21 @@
           }
         }
       }
+    },
+    "/api/organization-invitations/{id}/message": {
+      "post": {
+        "summary": "Resend invitation message",
+        "description": "Resend the invitation message to the invitee.",
+        "requestBody": {
+          "description": "The message payload for the \"OrganizationInvitation\" template to use when sending the invitation via email.",
+          "required": true
+        },
+        "responses": {
+          "204": {
+            "description": "The invitation message was resent successfully."
+          }
+        }
+      }
     }
   }
 }

packages/core/src/routes/organization/invitations.ts

@@ -29,12 +29,26 @@
   const router = new SchemaRouter(OrganizationInvitations, invitations, {
     errorHandler,
     disabled: {
+      get: true,
       post: true,
       patchById: true,
     },
     entityGuard: organizationInvitationEntityGuard,
   });
 
+  router.get(
+    '/',
+    koaGuard({
+      query: z.object({ organizationId: z.string().optional(), inviterId: z.string().optional() }),
+      response: organizationInvitationEntityGuard.array(),
+      status: [200],
+    }),
+    async (ctx, next) => {
+      ctx.body = await invitations.findEntities(ctx.guard.query);
+      return next();
+    }
+  );
+
   router.post(
     '/',
     koaGuard({
@@ -51,7 +65,7 @@
           messagePayload: sendMessagePayloadGuard.or(z.literal(false)).default(false),
         }),
       response: organizationInvitationEntityGuard,
-      status: [201, 400, 501],
+      status: [201, 400, 422, 501],
     }),
     async (ctx, next) => {
       const {
@@ -72,6 +86,26 @@
     }
   );
 
+  router.post(
+    '/:id/message',
+    koaGuard({
+      params: z.object({ id: z.string() }),
+      body: sendMessagePayloadGuard,
+      status: [204],
+    }),
+    async (ctx, next) => {
+      const {
+        params: { id },
+        body,
+      } = ctx.guard;
+      const { invitee } = await invitations.findById(id);
+
+      await organizationInvitations.sendEmail(invitee, body);
+      ctx.status = 204;
+      return next();
+    }
+  );
+
   router.put(
     '/:id/status',
     koaGuard({
@@ -100,7 +134,7 @@
         return next();
       }
 
       // TODO: Error i18n
       assertThat(
         acceptedUserId,
         new RequestError({

packages/integration-tests/src/api/api.ts

@@ -1,14 +1,15 @@
+import { appendPath } from '@silverhand/essentials';
 import { got } from 'got';
 
 import { logtoConsoleUrl, logtoUrl, logtoCloudUrl } from '#src/constants.js';
 
 const api = got.extend({
-  prefixUrl: new URL('/api', logtoUrl),
+  prefixUrl: appendPath(new URL(logtoUrl), 'api'),
 });
 
 export default api;
 
 // TODO: @gao rename
 export const authedAdminApi = api.extend({
   headers: {
     'development-user-id': 'integration-test-admin-user',
@@ -16,7 +17,7 @@
 });
 
 export const adminTenantApi = got.extend({
-  prefixUrl: new URL('/api', logtoConsoleUrl),
+  prefixUrl: appendPath(new URL(logtoConsoleUrl), 'api'),
 });
 
 export const authedAdminTenantApi = adminTenantApi.extend({
@@ -26,9 +27,9 @@
 });
 
 export const cloudApi = got.extend({
-  prefixUrl: new URL('/api', logtoCloudUrl),
+  prefixUrl: appendPath(new URL(logtoCloudUrl), 'api'),
 });
 
 export const oidcApi = got.extend({
-  prefixUrl: new URL('/oidc', logtoUrl),
+  prefixUrl: appendPath(new URL(logtoUrl), 'oidc'),
 });

packages/integration-tests/src/api/organization-invitation.ts

@@ -38,4 +38,12 @@ export class OrganizationInvitationApi extends ApiFactory<
       })
       .json<OrganizationInvitationEntity>();
   }
+
+  async resendMessage(id: string, messagePayload: SendMessagePayload) {
+    return authedAdminApi
+      .post(`${this.path}/${id}/message`, {
+        json: messagePayload,
+      })
+      .json();
+  }
 }

packages/integration-tests/src/tests/api/organization/organization-invitation.creation.test.ts

@@ -4,6 +4,7 @@ import { ConnectorType } from '@logto/connector-kit';
 import { generateStandardId } from '@logto/shared';
 import { HTTPError } from 'got';
 
+import { createUser } from '#src/api/admin-user.js';
 import { clearConnectorsByTypes, setEmailConnector } from '#src/helpers/connector.js';
 import { readConnectorMessage } from '#src/helpers/index.js';
 import { OrganizationApiTest, OrganizationInvitationApiTest } from '#src/helpers/organization.js';
@@ -59,6 +60,37 @@ describe('organization invitation creation', () => {
     });
   });
 
+  it('should be able to resend an email after creating an invitation', async () => {
+    await setEmailConnector();
+
+    const organization = await organizationApi.create({ name: 'test' });
+    const email = `${randomId()}@example.com`;
+    const invitation = await invitationApi.create({
+      organizationId: organization.id,
+      invitee: email,
+      expiresAt: Date.now() + 1_000_000,
+      messagePayload: {
+        link: 'https://example.com',
+      },
+    });
+    expect(await readConnectorMessage('Email')).toMatchObject({
+      type: 'OrganizationInvitation',
+      payload: {
+        link: 'https://example.com',
+      },
+    });
+
+    await invitationApi.resendMessage(invitation.id, {
+      link: 'https://example1.com',
+    });
+    expect(await readConnectorMessage('Email')).toMatchObject({
+      type: 'OrganizationInvitation',
+      payload: {
+        link: 'https://example1.com',
+      },
+    });
+  });
+
   it('should throw error if email connector is not set', async () => {
     await clearConnectorsByTypes([ConnectorType.Email]);
     const organization = await organizationApi.create({ name: 'test' });
@@ -128,6 +160,23 @@ describe('organization invitation creation', () => {
     expectErrorResponse(error, 400, 'request.invalid_input');
   });
 
+  it('should not be able to create invitations if the invitee is already a member of the organization', async () => {
+    const organization = await organizationApi.create({ name: 'test' });
+    const email = `${randomId()}@example.com`;
+    const user = await createUser({ primaryEmail: email });
+    await organizationApi.addUsers(organization.id, [user.id]);
+
+    const error = await invitationApi
+      .create({
+        organizationId: organization.id,
+        invitee: email,
+        expiresAt: Date.now() + 1_000_000,
+      })
+      .catch((error: unknown) => error);
+
+    expectErrorResponse(error, 422, 'request.invalid_input');
+  });
+
   it('should not be able to create invitations with an invalid email', async () => {
     const organization = await organizationApi.create({ name: 'test' });
     const error = await invitationApi