From ba766a33e5929c4f943764edf9da27a44954fcda Mon Sep 17 00:00:00 2001 From: kira-1011 <86254335+kira-1011@users.noreply.github.com> Date: Mon, 6 Oct 2025 21:53:14 +0300 Subject: [PATCH] fix(organization): prevent empty name and slug in create/update (#5100) --- .../plugins/organization/organization.test.ts | 53 +++++++++++++++++++ .../plugins/organization/routes/crud-org.ts | 6 ++- 2 files changed, 57 insertions(+), 2 deletions(-) diff --git a/packages/better-auth/src/plugins/organization/organization.test.ts b/packages/better-auth/src/plugins/organization/organization.test.ts index 89a78c8d..c7a3bcfe 100644 --- a/packages/better-auth/src/plugins/organization/organization.test.ts +++ b/packages/better-auth/src/plugins/organization/organization.test.ts @@ -101,6 +101,31 @@ describe("organization", async (it) => { expect(existingSlug.error?.status).toBe(400); expect(existingSlug.error?.message).toBe("slug is taken"); }); + + it("should prevent creating organization with empty slug", async () => { + const { headers } = await signInWithTestUser(); + const organization = await client.organization.create({ + name: "test-empty-slug", + slug: "", + fetchOptions: { + headers, + }, + }); + expect(organization.error?.status).toBe(400); + }); + + it("should prevent creating organization with empty name", async () => { + const { headers } = await signInWithTestUser(); + const organization = await client.organization.create({ + name: "", + slug: "test-empty-name", + fetchOptions: { + headers, + }, + }); + expect(organization.error?.status).toBe(400); + }); + it("should create organization directly in the server without cookie", async () => { const session = await client.getSession({ fetchOptions: { @@ -160,6 +185,34 @@ describe("organization", async (it) => { expect(organization.data?.metadata?.test).toBe("test2"); }); + it("should prevent updating organization to empty slug", async () => { + const { headers } = await signInWithTestUser(); + const organization = await client.organization.update({ + organizationId, + data: { + slug: "", + }, + fetchOptions: { + headers, + }, + }); + expect(organization.error?.status).toBe(400); + }); + + it("should prevent updating organization to empty name", async () => { + const { headers } = await signInWithTestUser(); + const organization = await client.organization.update({ + organizationId, + data: { + name: "", + }, + fetchOptions: { + headers, + }, + }); + expect(organization.error?.status).toBe(400); + }); + it("should allow activating organization and set session", async () => { const organization = await client.organization.setActive({ organizationId, diff --git a/packages/better-auth/src/plugins/organization/routes/crud-org.ts b/packages/better-auth/src/plugins/organization/routes/crud-org.ts index 43a707f9..a9da2c48 100644 --- a/packages/better-auth/src/plugins/organization/routes/crud-org.ts +++ b/packages/better-auth/src/plugins/organization/routes/crud-org.ts @@ -29,10 +29,10 @@ export const createOrganization = ( isClientSide: true, }); const baseSchema = z.object({ - name: z.string().meta({ + name: z.string().min(1).meta({ description: "The name of the organization", }), - slug: z.string().meta({ + slug: z.string().min(1).meta({ description: "The slug of the organization", }), userId: z.coerce @@ -386,12 +386,14 @@ export const updateOrganization = ( ...additionalFieldsSchema.shape, name: z .string() + .min(1) .meta({ description: "The name of the organization", }) .optional(), slug: z .string() + .min(1) .meta({ description: "The slug of the organization", })