fix: accept production enterprise keys in development environment#18611
fix: accept production enterprise keys in development environment#18611FelixMalfait merged 3 commits intomainfrom
Conversation
When NODE_ENV is development, the server was only using the dev public key to verify enterprise JWTs. Production keys are signed with the production private key, so they failed verification. Now try both production and dev public keys when in development, so production keys work when testing locally. Made-with: Cursor
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
Your free trial has ended. If you'd like to continue receiving code reviews, you can add a payment method here.
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
1 issue found across 2 files
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="packages/twenty-server/src/engine/core-modules/enterprise/services/__tests__/enterprise-plan.service.spec.ts">
<violation number="1" location="packages/twenty-server/src/engine/core-modules/enterprise/services/__tests__/enterprise-plan.service.spec.ts:365">
P2: This mock makes the new test pass for any key, so it does not actually verify the development fallback behavior introduced by the PR.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
...server/src/engine/core-modules/enterprise/services/__tests__/enterprise-plan.service.spec.ts
Outdated
Show resolved
Hide resolved
|
🚀 Preview Environment Ready! Your preview environment is available at: http://bore.pub:45102 This environment will automatically shut down after 5 hours. |
…ices/__tests__/enterprise-plan.service.spec.ts Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
There was a problem hiding this comment.
1 issue found across 1 file (changes from recent commits).
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="packages/twenty-server/src/engine/core-modules/enterprise/services/__tests__/enterprise-plan.service.spec.ts">
<violation number="1" location="packages/twenty-server/src/engine/core-modules/enterprise/services/__tests__/enterprise-plan.service.spec.ts:366">
P2: This test now exercises fallback to the second public key, not acceptance of the production key, so it can miss the regression it is meant to cover.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
| return undefined; | ||
| }); | ||
| mockCryptoVerify | ||
| .mockReturnValueOnce(false) |
There was a problem hiding this comment.
P2: This test now exercises fallback to the second public key, not acceptance of the production key, so it can miss the regression it is meant to cover.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At packages/twenty-server/src/engine/core-modules/enterprise/services/__tests__/enterprise-plan.service.spec.ts, line 366:
<comment>This test now exercises fallback to the second public key, not acceptance of the production key, so it can miss the regression it is meant to cover.</comment>
<file context>
@@ -362,10 +362,13 @@ describe('EnterprisePlanService', () => {
});
- mockCryptoVerify.mockReturnValue(true);
+ mockCryptoVerify
+ .mockReturnValueOnce(false)
+ .mockReturnValueOnce(true);
const productionKey = createFakeJwt(MOCK_KEY_PAYLOAD);
</file context>
|
@claude fix lint and push directly to this branch ❌ > nx run twenty-server:lint:ci
Checking formatting... NX Running targets lint, typecheck for project twenty-server and 4 tasks it depends on failed Failed tasks:
|
|
Claude finished @FelixMalfait's task in 1m 51s —— View job Fixing lint issues
Fixed the Prettier formatting issue — the chained |
Co-authored-by: Félix Malfait <FelixMalfait@users.noreply.github.com> Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
@ijreilly fyi merging since you aren't there today |
1 participant
Problem
When
NODE_ENVis development, the server was only using the dev public key to verify enterprise JWTs. Production keys are signed with the production private key, so they failed verification with the dev public key, resulting in "Invalid enterprise key" errors.Solution
Try both production and dev public keys when in development, so production keys work when testing locally. In production, only the production key is used (unchanged behavior).
Changes
enterprise-plan.service.ts: ReplacedgetPublicKey()withgetPublicKeysToTry()that returns both keys in development; updatedverifyJwt()to try each key until one succeedsenterprise-plan.service.spec.ts: Added test for production key acceptance whenNODE_ENVis developmentMade with Cursor