f

kathiekiwi · kathiekiwi · commit ad7a7d4aefa6 · 2026-06-26T18:31:08.000Z
diff --git a/apps/webapp/app/models/member.server.ts b/apps/webapp/app/models/member.server.ts
@@ -8,7 +8,7 @@ import { rbac } from "~/services/rbac.server";
 
 export const INVITE_NOT_FOUND = "Invite not found";
 export const ENV_SETUP_INCOMPLETE =
-  "You joined the organization, but we couldn't finish setting up your development environments. Please try again or contact support if this persists.";
+  "You joined the organization, but we couldn't finish setting up your development environments. Please try accepting the invite again, or contact support if this persists.";
 
 export function isAcceptInviteFormError(error: unknown): error is Error {
   return (
@@ -190,6 +190,33 @@ export async function getUsersInvites({ email }: { email: string }) {
   });
 }
 
+async function getProjectsMissingMemberDevelopmentEnvironments({
+  memberId,
+  organizationId,
+  projects,
+}: {
+  memberId: string;
+  organizationId: string;
+  projects: Pick<Project, "id">[];
+}) {
+  if (projects.length === 0) {
+    return [];
+  }
+
+  const existingEnvs = await prisma.runtimeEnvironment.findMany({
+    where: {
+      orgMemberId: memberId,
+      organizationId,
+      type: "DEVELOPMENT",
+      projectId: { in: projects.map((project) => project.id) },
+    },
+    select: { projectId: true },
+  });
+  const existingProjectIds = new Set(existingEnvs.map((env) => env.projectId));
+
+  return projects.filter((project) => !existingProjectIds.has(project.id));
+}
+
 export async function provisionMemberDevelopmentEnvironments({
   inviteId,
   user,
@@ -205,13 +232,18 @@ export async function provisionMemberDevelopmentEnvironments({
   projects: Pick<Project, "id">[];
   maximumConcurrencyLimit: number;
 }) {
-  const projectIds = projects.map((p) => p.id);
+  const projectsNeedingEnvs = await getProjectsMissingMemberDevelopmentEnvironments({
+    memberId: member.id,
+    organizationId: organization.id,
+    projects,
+  });
+  const projectIds = projects.map((project) => project.id);
   const createdProjectIds: string[] = [];
   let failedProjectId: string | undefined;
   let failedProjectIndex: number | undefined;
 
   try {
-    for (const [index, project] of projects.entries()) {
+    for (const [index, project] of projectsNeedingEnvs.entries()) {
       failedProjectId = project.id;
       failedProjectIndex = index;
 
@@ -239,7 +271,7 @@ export async function provisionMemberDevelopmentEnvironments({
       projectIds,
       failedProjectId,
       failedProjectIndex,
-      totalProjects: projects.length,
+      totalProjects: projectsNeedingEnvs.length,
       createdProjectIds,
       error:
         error instanceof Error
@@ -251,113 +283,208 @@ export async function provisionMemberDevelopmentEnvironments({
   }
 }
 
+async function assignInviteRbacRole({
+  userId,
+  organizationId,
+  rbacRoleId,
+}: {
+  userId: string;
+  organizationId: string;
+  rbacRoleId: string;
+}) {
+  try {
+    const roleResult = await rbac.setUserRole({
+      userId,
+      organizationId,
+      roleId: rbacRoleId,
+    });
+    if (!roleResult.ok) {
+      logger.error("acceptInvite: skipped RBAC role assignment", {
+        organizationId,
+        userId,
+        rbacRoleId,
+        reason: roleResult.error,
+      });
+    }
+  } catch (error) {
+    logger.error("acceptInvite: RBAC role assignment threw", {
+      organizationId,
+      userId,
+      rbacRoleId,
+      error:
+        error instanceof Error
+          ? { name: error.name, message: error.message, stack: error.stack }
+          : String(error),
+    });
+  }
+}
+
+async function tryRecoverIncompleteInviteAccept({ user }: { user: { id: string; email: string } }) {
+  const members = await prisma.orgMember.findMany({
+    where: {
+      userId: user.id,
+      organization: { deletedAt: null },
+    },
+    include: {
+      organization: {
+        include: {
+          projects: { where: { deletedAt: null } },
+        },
+      },
+    },
+  });
+
+  const incompleteMemberships = [];
+  for (const member of members) {
+    const missingProjects = await getProjectsMissingMemberDevelopmentEnvironments({
+      memberId: member.id,
+      organizationId: member.organizationId,
+      projects: member.organization.projects,
+    });
+    if (missingProjects.length > 0) {
+      incompleteMemberships.push({
+        member,
+        organization: member.organization,
+        missingProjects,
+      });
+    }
+  }
+
+  if (incompleteMemberships.length === 0) {
+    return null;
+  }
+
+  for (const { member, organization, missingProjects } of incompleteMemberships) {
+    const maximumConcurrencyLimit = await getDefaultEnvironmentConcurrencyLimit(
+      organization.id,
+      "DEVELOPMENT"
+    );
+
+    await provisionMemberDevelopmentEnvironments({
+      inviteId: "recovery",
+      user,
+      member,
+      organization,
+      projects: missingProjects,
+      maximumConcurrencyLimit,
+    });
+  }
+
+  return {
+    remainingInvites: await getUsersInvites({ email: user.email }),
+    organization: incompleteMemberships[0].organization,
+  };
+}
+
 export async function acceptInvite({
   user,
   inviteId,
 }: {
   user: { id: string; email: string };
   inviteId: string;
 }) {
-  const pendingInvite = await prisma.orgMemberInvite.findFirst({
+  const invite = await prisma.orgMemberInvite.findFirst({
     where: { id: inviteId, email: user.email },
-    select: { id: true, organizationId: true },
+    include: {
+      organization: {
+        include: {
+          projects: { where: { deletedAt: null } },
+        },
+      },
+    },
   });
-  if (!pendingInvite) {
+
+  if (!invite) {
+    const recovered = await tryRecoverIncompleteInviteAccept({ user });
+    if (recovered) {
+      return recovered;
+    }
     throw new Error(INVITE_NOT_FOUND);
   }
 
   const maximumConcurrencyLimit = await getDefaultEnvironmentConcurrencyLimit(
-    pendingInvite.organizationId,
+    invite.organizationId,
     "DEVELOPMENT"
   );
 
-  let result;
-  try {
-    result = await prisma.$transaction(async (tx) => {
-      const invite = await tx.orgMemberInvite.delete({
-        where: {
-          id: inviteId,
-          email: user.email,
-        },
-        include: {
-          organization: {
-            include: {
-              projects: { where: { deletedAt: null } },
-            },
-          },
-        },
-      });
+  let member = await prisma.orgMember.findFirst({
+    where: {
+      organizationId: invite.organizationId,
+      userId: user.id,
+    },
+  });
 
-      const member = await tx.orgMember.create({
+  if (!member) {
+    try {
+      member = await prisma.orgMember.create({
         data: {
           organizationId: invite.organizationId,
           userId: user.id,
           role: invite.role,
         },
       });
-
-      return {
-        member,
-        organization: invite.organization,
-        rbacRoleId: invite.rbacRoleId,
-      };
-    });
-  } catch (error) {
-    if (error instanceof PrismaNamespace.PrismaClientKnownRequestError && error.code === "P2025") {
-      throw new Error(INVITE_NOT_FOUND);
+    } catch (error) {
+      if (
+        error instanceof PrismaNamespace.PrismaClientKnownRequestError &&
+        error.code === "P2002"
+      ) {
+        member = await prisma.orgMember.findFirst({
+          where: {
+            organizationId: invite.organizationId,
+            userId: user.id,
+          },
+        });
+        if (!member) {
+          throw error;
+        }
+      } else {
+        throw error;
+      }
     }
-    throw error;
   }
 
   await provisionMemberDevelopmentEnvironments({
     inviteId,
     user,
-    member: result.member,
-    organization: result.organization,
-    projects: result.organization.projects,
+    member,
+    organization: invite.organization,
+    projects: invite.organization.projects,
     maximumConcurrencyLimit,
   });
 
-  const remainingInvites = await prisma.orgMemberInvite.findMany({
-    where: {
-      email: user.email,
-    },
-  });
+  // Consume the invite only after development environments are provisioned so
+  // a failed setup can be retried from /invites.
+  try {
+    await prisma.orgMemberInvite.delete({
+      where: {
+        id: inviteId,
+        email: user.email,
+      },
+    });
+  } catch (error) {
+    if (
+      !(error instanceof PrismaNamespace.PrismaClientKnownRequestError && error.code === "P2025")
+    ) {
+      throw error;
+    }
+  }
+
+  const remainingInvites = await getUsersInvites({ email: user.email });
 
   // If the invite carried an explicit RBAC role, assign it. Best-effort: the
   // invite is already consumed and membership created above, so a failure here
   // — a returned {ok:false} or a thrown error from the plugin — must not block
   // joining the org. Swallow and log either way; without the catch a plugin
   // throw escapes and turns the whole invite-accept into a 400.
-  if (result.rbacRoleId) {
-    try {
-      const roleResult = await rbac.setUserRole({
-        userId: user.id,
-        organizationId: result.organization.id,
-        roleId: result.rbacRoleId,
-      });
-      if (!roleResult.ok) {
-        logger.error("acceptInvite: skipped RBAC role assignment", {
-          organizationId: result.organization.id,
-          userId: user.id,
-          rbacRoleId: result.rbacRoleId,
-          reason: roleResult.error,
-        });
-      }
-    } catch (error) {
-      logger.error("acceptInvite: RBAC role assignment threw", {
-        organizationId: result.organization.id,
-        userId: user.id,
-        rbacRoleId: result.rbacRoleId,
-        error:
-          error instanceof Error
-            ? { name: error.name, message: error.message, stack: error.stack }
-            : String(error),
-      });
-    }
+  if (invite.rbacRoleId) {
+    await assignInviteRbacRole({
+      userId: user.id,
+      organizationId: invite.organization.id,
+      rbacRoleId: invite.rbacRoleId,
+    });
   }
 
-  return { remainingInvites, organization: result.organization };
+  return { remainingInvites, organization: invite.organization };
 }
 
 export async function declineInvite({
diff --git a/apps/webapp/app/routes/invites.tsx b/apps/webapp/app/routes/invites.tsx
@@ -89,9 +89,9 @@ export const action: ActionFunction = async ({ request }) => {
     }
   } catch (error) {
     if (isAcceptInviteFormError(error)) {
-      // Membership was created and the invite deleted before env provisioning
-      // failed. With no invites left, the loader would redirect and discard
-      // a 400 FormError — send the user to orgs with a toast instead.
+      // Membership may already exist while the invite is still present if env
+      // provisioning failed. With no invites left, the loader would redirect
+      // and discard a 400 FormError — send the user to orgs with a toast instead.
       if (error.message === ENV_SETUP_INCOMPLETE) {
         const remainingInvites = await getUsersInvites({ email: user.email });
         if (remainingInvites.length === 0) {
diff --git a/apps/webapp/test/member.server.test.ts b/apps/webapp/test/member.server.test.ts
