Skip to content

fix: use correct valid property in license check response (#26610)#28858

Draft
ousamabenyounes wants to merge 1 commit intocalcom:mainfrom
ousamabenyounes:fix/issue-26610
Draft

fix: use correct valid property in license check response (#26610)#28858
ousamabenyounes wants to merge 1 commit intocalcom:mainfrom
ousamabenyounes:fix/issue-26610

Conversation

@ousamabenyounes
Copy link
Copy Markdown

@ousamabenyounes ousamabenyounes commented Apr 12, 2026

What does this PR do?

The checkLicense() method in DeploymentsService reads data.status from the Cal.com license API response, but the API actually returns { valid: boolean }. This causes the method to always return undefined (falsy), breaking API key authentication on all self-hosted instances with valid Enterprise licenses.

Root cause

// Before (broken) — reads non-existent property
type LicenseCheckResponse = { status: boolean };
return data.status; // always undefined

// After (fixed) — reads correct property
type LicenseCheckResponse = { valid: boolean };
return data.valid; // true or false as expected

The same bug affects both the fresh fetch path and the Redis cache read path.

Mandatory Tasks (DO NOT REMOVE)

  • I have self-reviewed the code (A decent size PR without self-review might be rejected).
  • I have updated the developer docs in /docs if this PR makes changes that would require a documentation change. N/A
  • I confirm automated tests are in place that prove my fix is effective or that my feature works.

How should this be tested?

  1. Deploy API v2 on a self-hosted instance with a valid CALCOM_LICENSE_KEY
  2. Create an API key from Settings > Security
  3. Make a request: curl -H "Authorization: Bearer cal_xxx" -H "cal-api-version: 2024-08-13" https://your-domain/api/v2/bookings
  4. Before fix: returns 401 "Invalid or missing CALCOM_LICENSE_KEY"
  5. After fix: returns 200 with bookings data

Unit tests added covering:

  • License API response with { valid: true } and { valid: false }
  • Cached data path (Redis hit)
  • e2e mode bypass
  • Missing license key fallback to DB
  • Redis caching of API response

Verification

  • Baseline tests: 6819 pass, 0 failures
  • Post-fix tests: no regressions
  • New tests: 9 added (Jest), all pass
  • Review agent: issue alignment verified

Files changed

File Change
apps/api/v2/src/modules/deployments/deployments.service.ts Fix LicenseCheckResponse type and property access from status to valid
apps/api/v2/src/modules/deployments/deployments.service.spec.ts New: 9 unit tests for checkLicense()

Generated by Claude Code
Vibe coded by ousamabenyounes

@ousamabenyounes @claude
fix: use correct valid property in license check response (calcom#2…
1673d2c 
…6610)

The Cal.com license API returns `{ valid: boolean }` but `checkLicense()` was
reading `data.status`, which always returned `undefined`. This broke API key
authentication on all self-hosted instances with valid Enterprise licenses.

Generated by Claude Code
Vibe coded by ousamabenyounes

Co-Authored-By: Claude <noreply@anthropic.com>
@github-actions github-actions bot added the 🐛 bug Something isn't working label Apr 12, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

🐛 bug Something isn't working size/L

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[API v2] License validation bug: checkLicense checks data.status but API returns data.valid

1 participant

@ousamabenyounes