BA
Better Auth7d ago
Hakai

authClient.organization.getFullOrganization() has some issues when using the membersLimit query

1. What's the issue? authClient.organization.getFullOrganization() currently has some issues when we try to use the membersLimit query parameter. authClient.organization.getFullOrganization() works completely fine as is. In my use case I do not want to retrieve the member's list so I use the query option in getFullOrganization() as such: 
await authClient.organization.getFullOrganization({
    query: {
      membersLimit: 0,
    },
  })
await authClient.organization.getFullOrganization({
    query: {
      membersLimit: 0,
    },
  })
We would expect this to return members as an empty array or no members at all right? Instead returns all the members. And by setting the membersLimit: 1 throws an error as mentioned below. Another key point - after this request is made the session object's activeOrganizationId is returned as null after making the request even though before making the getFullOrganization() request the session object has an activeOrganizationId. 2. Error Messages 
403 Forbidden
{
    "code": "USER_IS_NOT_A_MEMBER_OF_THE_ORGANIZATION",
    "message": "User is not a member of the organization"
}
403 Forbidden
{
    "code": "USER_IS_NOT_A_MEMBER_OF_THE_ORGANIZATION",
    "message": "User is not a member of the organization"
}
3. How to Reproduce? This request returns all the members regardless of the query parameter set to 0: 
await authClient.organization.getFullOrganization({
    query: {
      membersLimit: 0,
    },
  })
await authClient.organization.getFullOrganization({
    query: {
      membersLimit: 0,
    },
  })

 This one throw a 403 error as mentioned above and also sets the activeOrganizationId in the session object as null: 
await authClient.organization.getFullOrganization({
    query: {
      membersLimit: 1,
    },
  })
await authClient.organization.getFullOrganization({
    query: {
      membersLimit: 1,
    },
  })
2 Replies
Hakai
HakaiOP7d ago
Apparently it's a known issue and I did some research so probably these are some places where the code might be not working as intended? 1. feat: Add Membership Validation to getFullOrganization Endpoint closes #1166 2. feat(organization): add membersLimit param to allow to fetch more or less members than the membership limit #3580
GitHub
feat: Add Membership Validation to getFullOrganization Endpoint clo...
This PR adds membership validation to the getFullOrganization endpoint by checking if the requesting user is a member of the specified organization. This change enhances security by ensuring that o...
GitHub
feat(organization): add membersLimit param to allow to fetch more o...
closes #3467 Summary by cubic Added a membersLimit parameter to the getFullOrganization API, allowing clients to control how many organization members are returned. New Features Supports custom...
Hakai
HakaiOP7d ago
A nice to have additional feature (?) to also add invitationsLimit similar to the intended behavior of membersLimit

Did you find this page helpful?