From c1a6fac8e3f6cc3e1484c54afa5414550c6b38c4 Mon Sep 17 00:00:00 2001
From: pablodanswer <pablo@danswer.ai>
Date: Fri, 13 Dec 2024 19:06:48 -0800
Subject: [PATCH] additional validation for user auth

---
 backend/ee/onyx/server/tenants/billing.py            | 1 -
 backend/onyx/server/manage/users.py                  | 9 ++++++---
 web/src/components/admin/users/SignedUpUserTable.tsx | 3 ++-
 3 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/backend/ee/onyx/server/tenants/billing.py b/backend/ee/onyx/server/tenants/billing.py
index 55ce42de8aa..ec4ada922f3 100644
--- a/backend/ee/onyx/server/tenants/billing.py
+++ b/backend/ee/onyx/server/tenants/billing.py
@@ -46,7 +46,6 @@ def register_tenant_users(tenant_id: str, number_of_users: int) -> stripe.Subscr
     """
     Send a request to the control service to register the number of users for a tenant.
     """
-    return
     if not STRIPE_PRICE_ID:
         raise Exception("STRIPE_PRICE_ID is not set")
 
diff --git a/backend/onyx/server/manage/users.py b/backend/onyx/server/manage/users.py
index 486009a991e..46affa9ae42 100644
--- a/backend/onyx/server/manage/users.py
+++ b/backend/onyx/server/manage/users.py
@@ -349,7 +349,6 @@ def deactivate_user(
 def delete_user_from_db(
     user_to_delete: User,
     db_session: Session,
-    user_email: UserByEmail,
 ) -> None:
     for oauth_account in user_to_delete.oauth_accounts:
         db_session.delete(oauth_account)
@@ -379,7 +378,11 @@ def delete_user_from_db(
     # NOTE: edge case may exist with race conditions
     # with this `invited user` scheme generally.
     user_emails = get_invited_users()
-    remaining_users = [user for user in user_emails if user != user_email.user_email]
+    remaining_users = [
+        remaining_user_email
+        for remaining_user_email in user_emails
+        if remaining_user_email != user_to_delete.email
+    ]
     write_invited_users(remaining_users)
 
     logger.info(f"Deleted user {user_to_delete.email}")
@@ -409,7 +412,7 @@ async def delete_user(
     db_session.expunge(user_to_delete)
 
     try:
-        delete_user_from_db(user_to_delete, db_session, user_email)
+        delete_user_from_db(user_to_delete, db_session)
         logger.info(f"Deleted user {user_to_delete.email}")
 
     except Exception as e:
diff --git a/web/src/components/admin/users/SignedUpUserTable.tsx b/web/src/components/admin/users/SignedUpUserTable.tsx
index c500e66974d..4483006c8c2 100644
--- a/web/src/components/admin/users/SignedUpUserTable.tsx
+++ b/web/src/components/admin/users/SignedUpUserTable.tsx
@@ -31,9 +31,10 @@ const SignedUpUserTable = ({
   onPageChange,
   mutate,
 }: Props & PageSelectorProps) => {
-  if (!users.length) return null;
   const { user: currentUser } = useUser();
 
+  if (!users.length) return null;
+
   const handlePopup = (message: string, type: "success" | "error") => {
     if (type === "success") mutate();
     setPopup({ message, type });