Skip to content

fix: allow organizations to sign up with existing usernames #25941

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
sean-brydon merged 2 commits into from
Dec 16, 2025
Merged

fix: allow organizations to sign up with existing usernames #25941

sean-brydon merged 2 commits into from
Dec 16, 2025

Conversation

@Rakshit-gen
Copy link
Contributor

@Rakshit-gen Rakshit-gen commented Dec 16, 2025

Summary

Fixes username validation during organization signup to allow organizations to use usernames that exist in other organizations or the global namespace. Previously, org signups were incorrectly blocked by global username conflicts.

Changes

  • Updated usernameCheck function in packages/lib/server/username.ts to check organization context when currentOrgDomain is provided
  • Organizations now check username availability only within their specific organization
  • Username suggestions are also scoped to the organization context

Problem

Organizations have their own unique usernames (enforced by @@unique([username, organizationId]) in the schema), but the signup validation was checking the global namespace (organizationId: null), preventing org signups from using usernames that existed elsewhere.

Solution

When currentOrgDomain is provided:

  1. Resolve the organizationId from the org slug
  2. Check username availability only within that specific organization
  3. Scope similar username queries to the organization

This allows organizations to reuse usernames from other orgs or the global namespace, while still preventing duplicates within the same organization.

Testing

  • Code follows existing patterns (similar to checkRegularUsername)
  • Backward compatible - global namespace checks unchanged
  • Manual testing: Sign up an organization with a username that exists globally
  • Manual testing: Sign up an organization with a username that exists in another org

Related

Fixes #25800

@Rakshit-gen
fix: allow organizations to sign up with existing usernames
ec3ff3d 
- Update usernameCheck to check organization context when currentOrgDomain is provided
- Organizations can now use usernames that exist in other orgs or global namespace
- Only checks username availability within the specific organization
- Fixes issue where org signups were blocked by global username conflicts

Refs calcom#25800
@vercel
Copy link

vercel bot commented Dec 16, 2025

@Rakshit-gen is attempting to deploy a commit to the cal Team on Vercel.

A member of the Team first needs to authorize it.

@CLAassistant
Copy link

CLAassistant commented Dec 16, 2025
edited
Loading

CLA assistant check
All committers have signed the CLA.

@graphite-app graphite-app bot added the community Created by Linear-GitHub Sync label Dec 16, 2025
@graphite-app graphite-app bot requested a review from a team December 16, 2025 15:51
@Rakshit-gen Rakshit-gen mentioned this pull request Dec 16, 2025
Closed
@sean-brydon
Copy link
Member

sean-brydon commented Dec 16, 2025

Hey @Rakshit-gen - code looks good to me - would you be able to upload a before and after demo of the issue youre fixing here.

Thanks

cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Dec 16, 2025
View reviewed changes
Copy link
Contributor

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 issue found across 1 file

Prompt for AI agents (all 1 issues) 

Check if these issues are valid — if so, understand the root cause of each and fix them.


<file name="packages/lib/server/username.ts">

<violation number="1" location="packages/lib/server/username.ts:134">
P2: When `currentOrgDomain` is provided but the organization is not found, the code silently falls back to checking the global namespace. Consider returning early with an error or explicitly handling this case to avoid unexpected behavior where an invalid org domain causes global namespace checks instead of the intended org-specific check.</violation>
</file>

Reply to cubic to teach it or ask questions. Re-run a review with @cubic-dev-ai review this PR

@pull-request-size pull-request-size bot added size/M and removed size/S labels Dec 16, 2025
@Rakshit-gen
Copy link
Contributor Author

Rakshit-gen commented Dec 16, 2025

hey @sean-brydon i am trying to test it on local but the setup is having some issues, can you please check it on your local

@sean-brydon
Copy link
Member

sean-brydon commented Dec 16, 2025

hey @sean-brydon i am trying to test it on local but the setup is having some issues, can you please check it on your local

Sure i can test - can you write me the steps to reproduce the issue you are fixing?

@Rakshit-gen
Copy link
Contributor Author

Rakshit-gen commented Dec 16, 2025

hey @sean-brydon here are the steps for testing

Switch to branch: git checkout fix/allow-org-signup-with-existing-usernames
Start dev: yarn dx
Sign up user 1:
Go to http://localhost:3000
Sign up: [email protected] / username: testuser / password: Test1234!
Logout
Sign up user 2 (org owner):
Sign up: [email protected] / username: orgowner / password: Test1234!
Create organization:
Settings > Organizations > Create Organization
Name: Test Org
Username: testuser (same as step 3)
Expected: Should succeed. Organization can use testuser even though it exists globally.
Before fix (main branch): Step 5 fails with "Username already taken".
Verify: Check DB - both users exist with username='testuser' but different organizationId values.

@sean-brydon
Copy link
Member

sean-brydon commented Dec 16, 2025

hey @sean-brydon here are the steps for testing

Switch to branch: git checkout fix/allow-org-signup-with-existing-usernames Start dev: yarn dx Sign up user 1: Go to http://localhost:3000 Sign up: [email protected] / username: testuser / password: Test1234! Logout Sign up user 2 (org owner): Sign up: [email protected] / username: orgowner / password: Test1234! Create organization: Settings > Organizations > Create Organization Name: Test Org Username: testuser (same as step 3) Expected: Should succeed. Organization can use testuser even though it exists globally. Before fix (main branch): Step 5 fails with "Username already taken". Verify: Check DB - both users exist with username='testuser' but different organizationId values.

Oh sweet okay - testing this!

@Rakshit-gen
Copy link
Contributor Author

Rakshit-gen commented Dec 16, 2025

Yes @sean-brydon thanks!!

@sean-brydon sean-brydon enabled auto-merge (squash) December 16, 2025 17:15
@diffray-bot
Copy link

diffray-bot commented Dec 16, 2025

diffray Changes Summary

Changes Summary

This PR fixes a bug in username validation during organization signup. Previously, users signing up to an organization were incorrectly blocked if their username existed in the global namespace or another organization. The fix properly scopes username checks to the specific organization context when currentOrgDomain is provided.

Type: bugfix

Components Affected: packages/lib/server/username.ts, username validation, organization signup

Architecture Impact
  • Dependencies: added: @calcom/lib/errorCodes, added: @calcom/lib/errors
  • Coupling: Added dependency on ErrorWithCode for proper error handling when organization is not found

Risk Areas: Organization lookup may fail or return incorrect results if slug/requestedSlug matching is inconsistent, Additional database query (Team lookup) adds latency to username checks for organization signups, Edge case: If organization exists but is not marked as isOrganization=true, lookup will fail, The similar usernames query now uses conditional scoping which could behave differently than expected

Suggestions
  • Add index on Team.slug for better query performance if not already indexed
  • Consider caching organization ID lookups to reduce database round trips
  • Add unit tests for edge cases: non-existent org, org without isOrganization flag, username collision within same org

Full review in progress... | Powered by diffray

@sean-brydon sean-brydon merged commit 47a5fc7 into calcom:main Dec 16, 2025
74 of 82 checks passed
@github-actions
Copy link
Contributor

github-actions bot commented Dec 16, 2025

E2E results are ready!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

@sean-brydon sean-brydon sean-brydon approved these changes

Assignees

No one assigned

Labels

community Created by Linear-GitHub Sync consumer ready-for-e2e size/M

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Sign up with existing usernames (Orgs)

4 participants

@Rakshit-gen @CLAassistant @sean-brydon @diffray-bot