[MISC] Create platform key before onboarding step at signup#1990
[MISC] Create platform key before onboarding step at signup#1990chandrasekharan-zipstack merged 5 commits intomainZipstack/unstract:mainfrom fix/platform-key-on-signupZipstack/unstract:fix/platform-key-on-signupCopy head branch name to clipboard
Conversation
Move create_initial_platform_key before frictionless_onboarding and out of the new_organization gate so a failed HTTP onboarding step no longer leaves an orphan org without an active platform key — and so existing orphan orgs heal on the next login. Made the helper idempotent and removed the silent except-Exception swallow so real failures surface. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
💤 Files with no reviewable changes (2)
Summary by CodeRabbit
WalkthroughThe pull request reorders the new organization initialization sequence in the authentication controller so that platform key creation executes before frictionless onboarding. Supporting updates clarify the helper's one-time signup use case and improve error logging to capture stack traces when key creation fails. ChangesPlatform Key Initialization Ordering
🎯 2 (Simple) | ⏱️ ~8 minutes 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Per review: the actual signup bug is the ordering, not the gate. Scope the helper back to a one-shot new-org call, just moved ahead of the HTTP onboarding step so a failure there can't strand the org without a key. Idempotency guard isn't needed in that flow and only obscured the intent. Existing orphan orgs from before the fix are a separate cleanup. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Restore the try/except around generate_platform_key but use logger.exception so the traceback lands in logs. Keeping signup unblocked on a transient DB failure is worth more than failing loud — the key can be recreated from settings. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
| Filename | Overview |
|---|---|
| backend/account_v2/authentication_controller.py | Platform key creation moved before frictionless_onboarding; ordering fix is correct and low-risk for existing orgs. |
| backend/account_v2/authentication_helper.py | logger.error → logger.exception for traceback preservation; docstring removed; no logic change. |
Sequence Diagram
sequenceDiagram
participant C as Client
participant AC as AuthenticationController
participant AH as AuthenticationHelper
participant DB as Database
participant LLMW as LLMW (frictionless_onboarding)
C->>AC: "POST /api/auth/set_organization/{id}"
AC->>DB: create_organization()
AC->>DB: create_tenant_user()
Note over AC,DB: new_organization = True
rect rgb(200, 255, 200)
Note over AC,AH: After this PR
AC->>AH: create_initial_platform_key()
AH->>DB: generate_platform_key() — committed
AC->>LLMW: frictionless_onboarding()
alt LLMW fails (non-MethodNotImplemented)
LLMW-->>AC: exception propagates
Note over DB: platform key already exists
else LLMW not implemented
LLMW-->>AC: MethodNotImplemented (logged, suppressed)
end
end
AC-->>C: HTTP 200
Reviews (3): Last reviewed commit: "Merge branch 'main' into fix/platform-ke..." | Re-trigger Greptile
Per review feedback. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
Test ResultsSummary
Runner Tests - Full Report
SDK1 Tests - Full Report
|
What
create_initial_platform_keyahead offrictionless_onboardinginset_user_organization(still gated onnew_organization=True), so the platform-key write runs before the HTTP onboarding step.AuthenticationHelper.create_initial_platform_keystill swallows exceptions so signup completes, but now logs withlogger.exceptionso the traceback is preserved.Why
set_user_organizationruns the org-row commit, thenfrictionless_onboarding(an HTTP call to LLMW), thencreate_initial_platform_key. OnlyMethodNotImplementedis caught around the HTTP call — any other exception (LLMW 4xx/5xx, missing onboarding template files, etc.) propagates out, so the platform-key write never happens.new_organization=Falseand skips the entire branch — including the platform-key write — permanently. The first internal call toget_active_platform_keythen 404s withActiveKeyNotFound.How
authentication_controller.py: callcreate_initial_platform_keyimmediately aftercreate_tenant_user, beforefrictionless_onboarding, inside the existingif new_organization:branch.authentication_helper.py: kept the failure-swallowing behaviour so signup is not blocked on a transient DB issue, but replacedlogger.errorwithlogger.exceptionto preserve the traceback for triage.Can this PR break any existing features. If yes, please list possible items. If no, please explain why. (PS: Admins do not merge the PR without this section filled)
new_organization=False) is unchanged. For new orgs the only change is ordering: the platform-key DB write now happens before the HTTP onboarding step.Database Migrations
Env Config
Notes on Testing
platform_keyrow exists for the new org immediately afterPOST /api/auth/set_organization/{id}returns, and that internal endpoints (workflow execution,InternalPlatformKeyView) succeed withoutActiveKeyNotFound.frictionless_onboardingfailure (e.g. LLMW unreachable) and confirm the platform key is still present afterwards — the signup response will still surface the onboarding error, but the account is no longer permanently broken.Related Issues or PRs
Checklist
I have read and understood the Contribution Guidelines.
🤖 Generated with Claude Code