Conversation
|
|
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
1 similar comment
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.
There was a problem hiding this comment.
Pull request overview
Fixes an SSO-login edge case where creating a default tenant could trigger createCollection with missing optional fields, causing pg-promise named-parameter formatting to throw and bubble up as an auth failure.
Changes:
- Ensure
logoUrl,imageUrl, andcolorparameters are always present (defaulting tonull) when inserting a collection. - Pass the normalized insert params object to the pg-promise query instead of the raw
collectioninput.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
Signed-off-by: Umberto Sgueglia <usgueglia@contractor.linuxfoundation.org>
Signed-off-by: Umberto Sgueglia <usgueglia@contractor.linuxfoundation.org>
Signed-off-by: Umberto Sgueglia <usgueglia@contractor.linuxfoundation.org>
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
Signed-off-by: Umberto Sgueglia <usgueglia@contractor.linuxfoundation.org>
Problem
When a new user logged in via SSO on a fresh database, the auth flow would create
a default tenant and trigger
createProjectGroup, which internally calledcreateCollectionwithoutlogoUrl,imageUrl, andcolorfields. Since theSQL query referenced those parameters via pg-promise's
$(field)syntax, theirabsence caused pg-promise to throw, propagating the error all the way up to
ssoCallback.tswhere it was caught and returned as a 401.The issue was invisible in staging/prod because existing users already have a
tenant, so the
createCollectioncode path is never hit on login.Fix
Added explicit
nulldefaults forlogoUrl,imageUrl, andcolorbeforepassing the data object to the pg-promise query, so all expected parameters are
always present.
Note
Low Risk
Low risk: small data-layer change that only affects
createCollectionparameter binding by ensuring optional fields are always present; main risk is unintended null insertion if callers relied on DB defaults.Overview
Fixes
createCollectionto always supply SQL parameters for optional collection fields by merging in explicitnulldefaults (description,slug,logoUrl,imageUrl,color) before executing theINSERT.This prevents pg-promise
$(field)binding errors when those properties are omitted (e.g., during first-time SSO provisioning on a fresh database).Reviewed by Cursor Bugbot for commit bff175c. Bugbot is set up for automated code reviews on this repo. Configure here.