Skip to content

fix: validate owner email on platform org creation #26286

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
pedroccastro wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

fix: validate owner email on platform org creation #26286

pedroccastro wants to merge 2 commits into from
+108 −2

Conversation

@pedroccastro
Copy link
Contributor

@pedroccastro pedroccastro commented Dec 29, 2025

What does this PR do?

Enforces owner email validation for Platform organization creation. Previously, the isPlatform flag bypassed the owner verification check, allowing organizations to be created with a different user as owner.

Changes

  • Removed isPlatform bypass from owner email check in create.handler.ts
  • Removed isPlatform bypass from owner email check in intentToCreateOrg.handler.ts
  • Other isPlatform behaviors preserved (self-serve, company email validation)

How to test

  1. Login as a non-admin user
  2. Call /api/trpc/organizations/create with isPlatform: true and a different user's email as orgOwnerEmail
  3. Should return error: "You can only create organization where you are the owner"
  4. Verify Platform org creation still works when using your own email

Mandatory Tasks

  • I have self-reviewed the code
  • N/A I have updated the developer docs in /docs if this PR makes changes that would require a documentation change
  • N/A I confirm automated tests are in place that prove my fix is effective or that my feature works.

@pedroccastro
fix: enforce owner email check for platform orgs
5e59531 
Remove isPlatform bypass from owner verification to ensure users
can only create organizations where they are the designated owner
@pedroccastro
test: add organization ownership authorization tests
daafbec 
Add test coverage for create and intentToCreateOrg handlers:
- Regression tests for isPlatform bypass fix
- Happy path for admin creating org for another user
@vercel
Copy link

vercel bot commented Dec 29, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

3 Skipped Deployments
Project Deployment Review Updated (UTC)
cal Ignored Ignored Dec 29, 2025 6:47pm
cal-companion Ignored Ignored Preview Dec 29, 2025 6:47pm
cal-eu Ignored Ignored Dec 29, 2025 6:47pm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

size/L

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pedroccastro