fix(auth): set username at signup + bump owletto (new-user org routing)#1160
Conversation
The frontend resolves a user's home org synchronously from session.user.username (personalOrgSlug). It was never being set at signup, so currentOwner depended entirely on the /api/organizations fetch — exposing the home-route race for every new user (only ~6 legacy users with a username were immune). ensurePersonalOrganization now mirrors the personal-org slug onto username when it's null: set-when-null (idempotent), guarded by NOT EXISTS so it can't steal another user's username, non-fatal on error. Runs for both freshly created and pre-existing personal orgs, so legacy users self-heal on next login. Pairs with the owletto orgsReady gate (pointer bumped here). Tests: src/__tests__/integration/auth/personal-org-username.test.ts
|
Warning Review limit reached
More reviews will be available in 7 minutes and 52 seconds. Learn how PR review limits work. Your organization has run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available. Please see our Fair Usage Limits Policy for further information. 📝 WalkthroughWalkthroughensurePersonalOrganization now backfills a null user.username from the derived personal org slug (guarded against collisions). Adds exported findExistingPersonalOrg and integration tests for initialization, idempotency, and collision handling. Separately updates the Owletto submodule pointer. ChangesPersonal Org Username Backfill
Dependency Submodule Update
Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@packages/owletto`:
- Line 1: The packages/owletto submodule is pinned to an unreachable commit
(65ca050d...) from the owletto/main branch, which breaks the Submodule Drift
check and FluxCD deploy; to fix, merge the owletto#251 branch into owletto/main
(creating a reachable merge commit) and then update the packages/owletto
submodule reference to that merge commit SHA (or any SHA on owletto/main),
commit the updated submodule pointer (and .gitmodules if necessary), and push so
CI/Submodule Drift and FluxCD can resolve the submodule.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro Plus
Run ID: a57e1f1c-0c0e-4b4e-be50-1cf396f88a7d
📒 Files selected for processing (3)
packages/owlettopackages/server/src/__tests__/integration/auth/personal-org-username.test.tspackages/server/src/auth/personal-org-provisioning.ts
| @@ -1 +1 @@ | |||
| Subproject commit b579520a8767fd4daeea51a3a48d13465e501e57 | |||
| Subproject commit 65ca050d50babd0f8765a11c0419d413812b08e9 | |||
There was a problem hiding this comment.
Pinned owletto SHA is not on owletto/main — blocks CI and breaks FluxCD deploy.
The submodule now points to 65ca050d..., which appears to be a commit from the unmerged owletto#251 branch. The Submodule Drift / check-drift job hard-fails because this SHA is not reachable from owletto/main, and per the guardrail in .github/workflows/submodule-drift.yml, FluxCD reads charts from owletto/main, so an off-main pin breaks deploy.
Merge owletto#251 into owletto/main first, then re-pin packages/owletto to a SHA that is reachable from owletto/main (e.g. the resulting merge commit).
🧰 Tools
🪛 GitHub Actions: Submodule Drift / check-drift
[error] 1-999: CI hard rule failed: Pinned SHA ($PINNED) is not reachable from owletto/main. Error: "Pinned SHA is not reachable from owletto/main." (check performed with: git -C packages/owletto merge-base --is-ancestor "$PINNED" origin/main).
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@packages/owletto` at line 1, The packages/owletto submodule is pinned to an
unreachable commit (65ca050d...) from the owletto/main branch, which breaks the
Submodule Drift check and FluxCD deploy; to fix, merge the owletto#251 branch
into owletto/main (creating a reachable merge commit) and then update the
packages/owletto submodule reference to that merge commit SHA (or any SHA on
owletto/main), commit the updated submodule pointer (and .gitmodules if
necessary), and push so CI/Submodule Drift and FluxCD can resolve the submodule.
2 participants
Problem
New users couldn't reach their workspace after login — they landed on
/account/settingsand the sidebar showed "Pick an organization to continue." despite having a valid personal org.Root cause (two layers)
/api/organizationssettled, andreplace:trueunmounted the route so it never recovered.session.user.username(personalOrgSlug). That field was never set at signup, socurrentOwnerdepended entirely on the org fetch — exposing the race for every new user. Only ~6 legacy users (with a username from an older path) were immune.Fix
ensurePersonalOrganizationnow mirrors the personal-org slug ontouser.usernamewhen it's null:NOT EXISTSguard — can't steal another user's username.Submodule pointer bumped to the owletto fix.
Tests
src/__tests__/integration/auth/personal-org-username.test.ts(DB-backed): set-when-null + owner membership, idempotent (no overwrite), collision guard leaves username null. 3/3 green.tsc --noEmitclean.E2E / reproducer
The user-facing bug is the routing race; its red→green reproducer lives in owletto#251 (
src/app/index.test.tsx). Prod data for the ~12 accounts created during the broken window was backfilled out-of-band (personal orgs + usernames).Related: lobu-ai/owletto#251
Need help on this PR? Tag
@codesmithwith what you need. Autofix is disabled.Summary by CodeRabbit