fix(api): anchor OIDC-created user's Personal org to the default region#668
Conversation
JwtStrategy.validate auto-creates a user on first OIDC login. It passed personalOrganizationQuota but not personalOrganizationDefaultRegionId, so the downstream UserCreatedEvent -> OrganizationService.handleUserCreatedEvent created the Personal org with defaultRegionId=undefined. Downstream callers that read organization.defaultRegionId then fail for every OIDC-created user. AppService's admin-seed path already sets personalOrganizationDefaultRegionId; this brings the normal login path in line. Add jwt.strategy.spec.ts asserting the create DTO carries the configured defaultRegion.id (fails without the fix: create() called without the field). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Plus Run ID: 📒 Files selected for processing (2)
📝 WalkthroughWalkthroughJwtStrategy now anchors auto-created Personal organizations to the platform's configured default region by setting ChangesAuto-Created User Default Region Assignment
Estimated code review effort🎯 2 (Simple) | ⏱️ ~8 minutes Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
|
lile seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account. You have signed the CLA already but the status is still pending? Let us recheck it. |
1 similar comment
|
lile seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account. You have signed the CLA already but the status is still pending? Let us recheck it. |
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Anchors the auto-created Personal organization for OIDC/JWT-created users to the platform’s configured default region to prevent downstream access to organization.defaultRegionId from failing.
Changes:
- Pass
personalOrganizationDefaultRegionIdinto the new-user create DTO usingdefaultRegion.idfrom config. - Add a Jest spec verifying the create call includes the configured default region id.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| apps/api/src/auth/jwt.strategy.ts | Adds default region id to the new user creation payload so the Personal org is created with a non-undefined defaultRegionId. |
| apps/api/src/auth/jwt.strategy.spec.ts | Introduces a unit test asserting the strategy forwards the configured default region id into UserService.create(). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
Looks good to me. For MVP, covering the OIDC first-login/new-user path is enough. We are not live yet, so we do not need a backfill for existing org rows. Only remaining blocker is the CLA/email check before merge. @lilongen Please try this link: http://cla-assistant.io/boxlite-ai/boxlite |
…r infra-local Re-add the OIDC user-create default-region fix that was split to PR boxlite-ai#668. Removing it from this branch broke infra-local: a fresh Dex login creates a Personal org with defaultRegionId=NULL, and dashboard create-sandbox then fails with HTTP 428 "organization does not have a default region" (caught by E2E). Like the runner arm64 (boxlite-ai#671) and cron orderby (boxlite-ai#672) fixes, this is a general fix the local stack depends on, so it stays in-branch until boxlite-ai#668 lands on main; it drops from this PR's diff on the next rebase. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Summary
On first OIDC login,
JwtStrategy.validateauto-creates the user. It passedpersonalOrganizationQuotabut notpersonalOrganizationDefaultRegionId, so the downstream chain:UserService.create→UserCreatedEvent→OrganizationService.handleUserCreatedEventcreated the user's Personal organization with
defaultRegionId: undefined. Any downstream caller that readsorganization.defaultRegionIdthen fails for every OIDC-created user.AppService's admin-seed path already setspersonalOrganizationDefaultRegionId(app.service.ts); this just brings the normal login path in line — a one-field change mirroring existing, proven code.Why a separate PR
This was originally bundled into #595 (infra-local). Per @DorianZheng's review ("why change this in this PR?") it's been pulled out, since it's an app-behavior fix unrelated to the local-dev stack.
Test
Adds
apps/api/src/auth/jwt.strategy.spec.tsasserting the create DTO carries the configureddefaultRegion.id.Two-sided verification (CLAUDE.md reproduce-before-fix):
create()is called with the DTO missingpersonalOrganizationDefaultRegionId.🤖 Generated with Claude Code
Summary by CodeRabbit
Release Notes
Bug Fixes
Tests