Skip to content

Disable automatic tenant registration by default#891

Merged
nevil-mathew merged 2 commits into
ELEVATE-Project:developfrom
Vinod-V3:login-enhancement
Jul 15, 2026
Merged

Disable automatic tenant registration by default#891
nevil-mathew merged 2 commits into
ELEVATE-Project:developfrom
Vinod-V3:login-enhancement

Conversation

@Vinod-V3

@Vinod-V3 Vinod-V3 commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

Summary by CodeRabbit

  • Bug Fixes
    • Updated tenant configuration defaults so automatic registration is disabled by default.
    • Updated existing tenant records to match the new default settings.
    • Adjusted environment-based configuration to default automatic registration to disabled when no value is provided.

@coderabbitai

coderabbitai Bot commented Jul 13, 2026

Copy link
Copy Markdown

Review Change Stack

Walkthrough

Automatic tenant registration is changed from enabled to disabled by default. A migration updates existing tenant configuration values and defines rollback behavior, while the environment fallback is changed to false.

Changes

Tenant auto-registration defaults

Layer / File(s) Summary
Update tenant auto-registration defaults
src/database/migrations/..., src/envVariables.js
The migration sets existing tenants to auto_register: false with password authentication, restores the previous values on rollback, and changes the environment default to false.

Estimated code review effort: 2 (Simple) | ~10 minutes

Possibly related PRs

Poem

A bunny hops through tenant land,
With auto-register close at hand.
Passwords guide the way,
False is the default today.
Rollback keeps the old flow bright—
Configuration tucked in tight.

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Title Check ✅ Passed Title check skipped as CodeRabbit has written the PR title.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot changed the title @coderabbitai Disable automatic tenant registration by default Jul 13, 2026

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (1)
src/database/migrations/20260713122708-update-auto-register-tenant-configuration.js (1)

7-11: 🗄️ Data Integrity & Integration | 🔵 Trivial | ⚡ Quick win

Consider hardcoding the up migration default for determinism.

The up migration uses common.DEFAULT_TENANT_CONFIGURATION as the column defaultValue, which is environment-dependent (process.env.DEFAULT_AUTO_REGISTER === 'true'). If DEFAULT_AUTO_REGISTER=true is explicitly set in the environment at migration time, the column default would have auto_register: true, contradicting the migration's intent. The down migration already hardcodes its default — the up should follow the same pattern for consistency and determinism.

♻️ Proposed fix to hardcode the `up` default
 	up: async (queryInterface, Sequelize) => {
 		await queryInterface.changeColumn('tenants', 'configuration', {
 			type: Sequelize.JSONB,
 			allowNull: false,
-			defaultValue: common.DEFAULT_TENANT_CONFIGURATION,
+			defaultValue: {
+				allowed_auth_mode: process.env.DEFAULT_ALLOWED_AUTH_MODES.split(','),
+				auto_register: false,
+			},
 		})
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@src/database/migrations/20260713122708-update-auto-register-tenant-configuration.js`
around lines 7 - 11, Update the up migration’s changeColumn call for
tenants.configuration to use a hardcoded default configuration with
auto_register set to false instead of common.DEFAULT_TENANT_CONFIGURATION. Keep
the existing JSONB type and non-null constraint unchanged, matching the
deterministic default used by the down migration.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@src/database/migrations/20260713122708-update-auto-register-tenant-configuration.js`:
- Around line 20-27: Update the down migration’s changeColumn default
configuration to source allowed_auth_mode from
common.DEFAULT_TENANT_CONFIGURATION, matching the up migration and preserving
the environment-dependent DEFAULT_ALLOWED_AUTH_MODES value; keep the existing
auto_register setting unchanged.

---

Nitpick comments:
In
`@src/database/migrations/20260713122708-update-auto-register-tenant-configuration.js`:
- Around line 7-11: Update the up migration’s changeColumn call for
tenants.configuration to use a hardcoded default configuration with
auto_register set to false instead of common.DEFAULT_TENANT_CONFIGURATION. Keep
the existing JSONB type and non-null constraint unchanged, matching the
deterministic default used by the down migration.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: f3ba2f83-26ba-4ba1-a710-c66d2b3c82a3

📥 Commits

Reviewing files that changed from the base of the PR and between 29d62b7 and e33a5ae.

📒 Files selected for processing (2)
  • src/database/migrations/20260713122708-update-auto-register-tenant-configuration.js
  • src/envVariables.js

Comment on lines +20 to +27
await queryInterface.changeColumn('tenants', 'configuration', {
type: Sequelize.JSONB,
allowNull: false,
defaultValue: {
allowed_auth_mode: ['otp', 'password'],
auto_register: true,
},
})

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🗄️ Data Integrity & Integration | 🟠 Major | ⚡ Quick win

down migration hardcodes allowed_auth_mode instead of using the env-dependent source.

The up migration sets defaultValue: common.DEFAULT_TENANT_CONFIGURATION, where allowed_auth_mode comes from process.env.DEFAULT_ALLOWED_AUTH_MODES.split(','). The down migration hardcodes ['otp', 'password'] instead. If the environment configures different allowed auth modes, the rollback will set an incorrect column default, breaking the contract validated by src/validators/v1/tenant.js:31-42.

Use the same source for allowed_auth_mode in both directions:

♻️ Proposed fix for `down` migration default
 	down: async (queryInterface, Sequelize) => {
 		await queryInterface.changeColumn('tenants', 'configuration', {
 			type: Sequelize.JSONB,
 			allowNull: false,
 			defaultValue: {
-				allowed_auth_mode: ['otp', 'password'],
+				allowed_auth_mode: process.env.DEFAULT_ALLOWED_AUTH_MODES.split(','),
 				auto_register: true,
 			},
 		})
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
await queryInterface.changeColumn('tenants', 'configuration', {
type: Sequelize.JSONB,
allowNull: false,
defaultValue: {
allowed_auth_mode: ['otp', 'password'],
auto_register: true,
},
})
await queryInterface.changeColumn('tenants', 'configuration', {
type: Sequelize.JSONB,
allowNull: false,
defaultValue: {
allowed_auth_mode: process.env.DEFAULT_ALLOWED_AUTH_MODES.split(','),
auto_register: true,
},
})
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@src/database/migrations/20260713122708-update-auto-register-tenant-configuration.js`
around lines 20 - 27, Update the down migration’s changeColumn default
configuration to source allowed_auth_mode from
common.DEFAULT_TENANT_CONFIGURATION, matching the up migration and preserving
the environment-dependent DEFAULT_ALLOWED_AUTH_MODES value; keep the existing
auto_register setting unchanged.

`UPDATE tenants
SET configuration = jsonb_set(configuration, '{auto_register}', 'true'::jsonb)`
)
},

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why do we need this here?

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@src/database/migrations/20260713122708-update-auto-register-tenant-configuration.js`:
- Around line 7-19: Update the up migration in
src/database/migrations/20260713122708-update-auto-register-tenant-configuration.js:7-19
to use common.DEFAULT_TENANT_CONFIGURATION as the column default and modify only
auto_register, preserving each tenant’s allowed_auth_mode. Update the down
migration at
src/database/migrations/20260713122708-update-auto-register-tenant-configuration.js:23-34
to use a default based on common.DEFAULT_TENANT_CONFIGURATION with auto_register
set to true and likewise modify only auto_register.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 1f042e32-afde-46d6-904b-94becda2f4d1

📥 Commits

Reviewing files that changed from the base of the PR and between e33a5ae and 30b6f26.

📒 Files selected for processing (2)
  • src/database/migrations/20260713122708-update-auto-register-tenant-configuration.js
  • src/envVariables.js
🚧 Files skipped from review as they are similar to previous changes (1)
  • src/envVariables.js

Comment on lines +7 to +19
await queryInterface.changeColumn('tenants', 'configuration', {
type: Sequelize.JSONB,
allowNull: false,
defaultValue: null,
})

await queryInterface.sequelize.query(
`UPDATE tenants
SET configuration = jsonb_set(
jsonb_set(configuration, '{auto_register}', 'false'::jsonb),
'{allowed_auth_mode}', '["password"]'::jsonb
)`
)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🗄️ Data Integrity & Integration | 🔴 Critical | ⚡ Quick win

Data corruption risk and incorrect schema defaults.

The UPDATE queries forcefully overwrite allowed_auth_mode for all existing tenants in both directions. This will silently wipe out any custom authentication settings, potentially locking users out. Furthermore, the column defaults are misconfigured: the up migration sets null (violating allowNull: false and the model definition in src/database/models/Tenant.js), while the down migration relies on the new environment defaults instead of properly rolling back to the old auto_register: true state.

  • src/database/migrations/20260713122708-update-auto-register-tenant-configuration.js#L7-L19: In the up migration, set defaultValue: common.DEFAULT_TENANT_CONFIGURATION and simplify the raw query to strictly modify auto_register.
  • src/database/migrations/20260713122708-update-auto-register-tenant-configuration.js#L23-L34: In the down migration, set defaultValue: { ...common.DEFAULT_TENANT_CONFIGURATION, auto_register: true } and simplify the raw query to strictly modify auto_register.
🛡️ Proposed fixes for the migrations

For the up migration:

 		await queryInterface.changeColumn('tenants', 'configuration', {
 			type: Sequelize.JSONB,
 			allowNull: false,
-			defaultValue: null,
+			defaultValue: common.DEFAULT_TENANT_CONFIGURATION,
 		})
 
 		await queryInterface.sequelize.query(
 			`UPDATE tenants
-			 SET configuration = jsonb_set(
-        jsonb_set(configuration, '{auto_register}', 'false'::jsonb),
-        '{allowed_auth_mode}', '["password"]'::jsonb
-      )`
+			 SET configuration = jsonb_set(configuration, '{auto_register}', 'false'::jsonb)`
 		)

For the down migration:

 		await queryInterface.changeColumn('tenants', 'configuration', {
 			type: Sequelize.JSONB,
 			allowNull: false,
-			defaultValue: common.DEFAULT_TENANT_CONFIGURATION,
+			defaultValue: { ...common.DEFAULT_TENANT_CONFIGURATION, auto_register: true },
 		})
 
 		await queryInterface.sequelize.query(
 			`UPDATE tenants
-			 SET configuration = jsonb_set(
-        jsonb_set(configuration, '{auto_register}', 'true'::jsonb),
-        '{allowed_auth_mode}', '["otp","password"]'::jsonb)`
+			 SET configuration = jsonb_set(configuration, '{auto_register}', 'true'::jsonb)`
 		)
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
await queryInterface.changeColumn('tenants', 'configuration', {
type: Sequelize.JSONB,
allowNull: false,
defaultValue: null,
})
await queryInterface.sequelize.query(
`UPDATE tenants
SET configuration = jsonb_set(
jsonb_set(configuration, '{auto_register}', 'false'::jsonb),
'{allowed_auth_mode}', '["password"]'::jsonb
)`
)
await queryInterface.changeColumn('tenants', 'configuration', {
type: Sequelize.JSONB,
allowNull: false,
defaultValue: common.DEFAULT_TENANT_CONFIGURATION,
})
await queryInterface.sequelize.query(
`UPDATE tenants
SET configuration = jsonb_set(configuration, '{auto_register}', 'false'::jsonb)`
)
await queryInterface.changeColumn('tenants', 'configuration', {
type: Sequelize.JSONB,
allowNull: false,
defaultValue: { ...common.DEFAULT_TENANT_CONFIGURATION, auto_register: true },
})
await queryInterface.sequelize.query(
`UPDATE tenants
SET configuration = jsonb_set(configuration, '{auto_register}', 'true'::jsonb)`
)
📍 Affects 1 file
  • src/database/migrations/20260713122708-update-auto-register-tenant-configuration.js#L7-L19 (this comment)
  • src/database/migrations/20260713122708-update-auto-register-tenant-configuration.js#L23-L34
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@src/database/migrations/20260713122708-update-auto-register-tenant-configuration.js`
around lines 7 - 19, Update the up migration in
src/database/migrations/20260713122708-update-auto-register-tenant-configuration.js:7-19
to use common.DEFAULT_TENANT_CONFIGURATION as the column default and modify only
auto_register, preserving each tenant’s allowed_auth_mode. Update the down
migration at
src/database/migrations/20260713122708-update-auto-register-tenant-configuration.js:23-34
to use a default based on common.DEFAULT_TENANT_CONFIGURATION with auto_register
set to true and likewise modify only auto_register.

@nevil-mathew
nevil-mathew merged commit ebcd662 into ELEVATE-Project:develop Jul 15, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants