Impersonation fix (#4521)

* Impersonation fix

* Update packages/features/ee/impersonation/lib/ImpersonationProvider.ts

Co-authored-by: Omar López <zomars@me.com>

* Fix zod schema

* Early returns

Co-authored-by: Omar López <zomars@me.com>
Co-authored-by: Leo Giovanetti <hello@leog.me>

apps/web/pages/api/auth/[...nextauth].tsx

@@ -115,7 +115,7 @@ const providers: Provider[] = [
       };
     },
   }),
-  // ImpersonationProvider,
+  ImpersonationProvider,
 ];
 
 if (IS_GOOGLE_LOGIN_ENABLED) {

packages/features/ee/impersonation/lib/ImpersonationProvider.ts

@@ -1,10 +1,13 @@
 import { User } from "@prisma/client";
 import CredentialsProvider from "next-auth/providers/credentials";
 import { getSession } from "next-auth/react";
+import { z } from "zod";
 
 import prisma from "@calcom/prisma";
 
-import { asNumberOrThrow } from "@lib/asStringOrNull";
+const teamIdschema = z.object({
+  teamId: z.number(),
+});
 
 const auditAndReturnNextUser = async (
   impersonatedUser: Pick<User, "id" | "username" | "email" | "name" | "role">,
@@ -50,7 +53,8 @@ const ImpersonationProvider = CredentialsProvider({
     // eslint-disable-next-line @typescript-eslint/ban-ts-comment
     // @ts-ignore need to figure out how to correctly type this
     const session = await getSession({ req });
-    const teamId = creds?.teamId ? asNumberOrThrow(creds.teamId) : undefined;
+    // If teamId is present -> parse the teamId and throw error itn ot number. If not present teamId is set to undefined
+    const teamId = creds?.teamId ? teamIdschema.parse(creds).teamId : undefined;
 
     if (session?.user.username === creds?.username) {
       throw new Error("You cannot impersonate yourself.");
@@ -102,6 +106,8 @@ const ImpersonationProvider = CredentialsProvider({
       return auditAndReturnNextUser(impersonatedUser, session?.user.id as number);
     }
 
+    if (!teamId) throw new Error("You do not have permission to do this.");
+
     // Check session
     const sessionUserFromDb = await prisma.user.findUnique({
       where: {