Merge pull request #26513 from overleaf/msm-fix-sso-disable-managed-group

[web] Fix disable managed users clears SSO enrollment

GitOrigin-RevId: 75742840b5cee98a203ad11e9213e2e31cf18985

services/web/test/acceptance/src/helpers/Subscription.mjs

@@ -88,6 +88,10 @@ class PromisifiedSubscription {
     await Modules.promises.hooks.fire('enableManagedUsers', this._id)
   }
 
+  async disableManagedUsers() {
+    await Modules.promises.hooks.fire('disableManagedUsers', this._id)
+  }
+
   async enableFeatureSSO() {
     await SubscriptionModel.findOneAndUpdate(
       { _id: new ObjectId(this._id) },

services/web/test/acceptance/src/helpers/groupSSO.mjs

@@ -187,6 +187,29 @@ export async function linkGroupMember(
   return userHelper
 }
 
+export async function checkUserHasSSOLinked(userId, groupId) {
+  const internalProviderId = getProviderId(groupId)
+  const user = await UserGetter.promises.getUser(
+    { _id: userId },
+    { samlIdentifiers: 1, enrollment: 1 }
+  )
+
+  const { enrollment, samlIdentifiers } = user
+  const linkedToGroupSSO = samlIdentifiers.some(
+    identifier => identifier.providerId === internalProviderId
+  )
+  if (!linkedToGroupSSO) {
+    throw new Error('user saml identifiers are not linked to subscription')
+  }
+
+  const userIsEnrolledInSSO = enrollment.sso.some(
+    sso => sso.groupId.toString() === groupId.toString()
+  )
+  if (!userIsEnrolledInSSO) {
+    throw new Error('user is not enrolled in subscription')
+  }
+}
+
 export async function setConfigAndEnableSSO(
   subscriptionHelper,
   adminEmailPassword,