Fix UserSettings creation from Org tables (#12635)

Co-authored-by: openhands <openhands@all-hands.dev>
Co-authored-by: tofarr <tofarr@gmail.com>

enterprise/server/auth/saas_user_auth.py

@@ -216,9 +216,9 @@ class SaasUserAuth(UserAuth):
 
     async def get_mcp_api_key(self) -> str:
         api_key_store = ApiKeyStore.get_instance()
-        mcp_api_key = api_key_store.retrieve_mcp_api_key(self.user_id)
+        mcp_api_key = await api_key_store.retrieve_mcp_api_key(self.user_id)
         if not mcp_api_key:
-            mcp_api_key = api_key_store.create_api_key(
+            mcp_api_key = await api_key_store.create_api_key(
                 self.user_id, 'MCP_API_KEY', None
             )
         return mcp_api_key

enterprise/server/mcp/mcp_config.py

@@ -22,7 +22,7 @@ from openhands.core.logger import openhands_logger as logger
 # NOTE: these details are specific to the MCP protocol
 class SaaSOpenHandsMCPConfig(OpenHandsMCPConfig):
     @staticmethod
-    def create_default_mcp_server_config(
+    async def create_default_mcp_server_config(
         host: str, config: 'OpenHandsConfig', user_id: str | None = None
     ) -> tuple[MCPSHTTPServerConfig | None, list[MCPStdioServerConfig]]:
         """
@@ -38,10 +38,12 @@ class SaaSOpenHandsMCPConfig(OpenHandsMCPConfig):
 
         api_key_store = ApiKeyStore.get_instance()
         if user_id:
-            api_key = api_key_store.retrieve_mcp_api_key(user_id)
+            api_key = await api_key_store.retrieve_mcp_api_key(user_id)
 
             if not api_key:
-                api_key = api_key_store.create_api_key(user_id, 'MCP_API_KEY', None)
+                api_key = await api_key_store.create_api_key(
+                    user_id, 'MCP_API_KEY', None
+                )
 
             if not api_key:
                 logger.error(f'Could not provision MCP API Key for user: {user_id}')

enterprise/server/routes/api_keys.py

@@ -10,53 +10,44 @@ from storage.user_store import UserStore
 
 from openhands.core.logger import openhands_logger as logger
 from openhands.server.user_auth import get_user_id
-from openhands.utils.async_utils import call_sync_from_async
 
 
 # Helper functions for BYOR API key management
 async def get_byor_key_from_db(user_id: str) -> str | None:
     """Get the BYOR key from the database for a user."""
-
-    def _get_byor_key():
-        user = UserStore.get_user_by_id(user_id)
-        if not user:
-            return None
-
-        current_org_id = user.current_org_id
-        current_org_member: OrgMember = None
-        for org_member in user.org_members:
-            if org_member.org_id == current_org_id:
-                current_org_member = org_member
-                break
-        if not current_org_member:
-            return None
-        if current_org_member.llm_api_key_for_byor:
-            return current_org_member.llm_api_key_for_byor.get_secret_value()
+    user = await UserStore.get_user_by_id_async(user_id)
+    if not user:
         return None
 
-    return await call_sync_from_async(_get_byor_key)
+    current_org_id = user.current_org_id
+    current_org_member: OrgMember = None
+    for org_member in user.org_members:
+        if org_member.org_id == current_org_id:
+            current_org_member = org_member
+            break
+    if not current_org_member:
+        return None
+    if current_org_member.llm_api_key_for_byor:
+        return current_org_member.llm_api_key_for_byor.get_secret_value()
+    return None
 
 
 async def store_byor_key_in_db(user_id: str, key: str) -> None:
     """Store the BYOR key in the database for a user."""
+    user = await UserStore.get_user_by_id_async(user_id)
+    if not user:
+        return None
 
-    def _update_user_settings():
-        user = UserStore.get_user_by_id(user_id)
-        if not user:
-            return None
-
-        current_org_id = user.current_org_id
-        current_org_member: OrgMember = None
-        for org_member in user.org_members:
-            if org_member.org_id == current_org_id:
-                current_org_member = org_member
-                break
-        if not current_org_member:
-            return None
-        current_org_member.llm_api_key_for_byor = key
-        OrgMemberStore.update_org_member(current_org_member)
-
-    await call_sync_from_async(_update_user_settings)
+    current_org_id = user.current_org_id
+    current_org_member: OrgMember = None
+    for org_member in user.org_members:
+        if org_member.org_id == current_org_id:
+            current_org_member = org_member
+            break
+    if not current_org_member:
+        return None
+    current_org_member.llm_api_key_for_byor = key
+    OrgMemberStore.update_org_member(current_org_member)
 
 
 async def generate_byor_key(user_id: str) -> str | None:
@@ -161,11 +152,11 @@ class LlmApiKeyResponse(BaseModel):
 async def create_api_key(key_data: ApiKeyCreate, user_id: str = Depends(get_user_id)):
     """Create a new API key for the authenticated user."""
     try:
-        api_key = api_key_store.create_api_key(
+        api_key = await api_key_store.create_api_key(
             user_id, key_data.name, key_data.expires_at
         )
         # Get the created key details
-        keys = api_key_store.list_api_keys(user_id)
+        keys = await api_key_store.list_api_keys(user_id)
         for key in keys:
             if key['name'] == key_data.name:
                 return {
@@ -193,7 +184,7 @@ async def create_api_key(key_data: ApiKeyCreate, user_id: str = Depends(get_user
 async def list_api_keys(user_id: str = Depends(get_user_id)):
     """List all API keys for the authenticated user."""
     try:
-        keys = api_key_store.list_api_keys(user_id)
+        keys = await api_key_store.list_api_keys(user_id)
         return [
             {
                 **key,
@@ -222,7 +213,7 @@ async def delete_api_key(key_id: int, user_id: str = Depends(get_user_id)):
     """Delete an API key."""
     try:
         # First, verify the key belongs to the user
-        keys = api_key_store.list_api_keys(user_id)
+        keys = await api_key_store.list_api_keys(user_id)
         key_to_delete = None
 
         for key in keys:

enterprise/server/routes/oauth_device.py

@@ -272,7 +272,7 @@ async def device_verification_authenticated(
         try:
             # Create a unique API key for this device using user_code in the name
             device_key_name = f'{API_KEY_NAME} ({user_code})'
-            api_key_store.create_api_key(
+            await api_key_store.create_api_key(
                 user_id,
                 name=device_key_name,
                 expires_at=datetime.now(UTC) + KEY_EXPIRATION_TIME,

enterprise/server/saas_nested_conversation_manager.py

@@ -516,11 +516,13 @@ class SaasNestedConversationManager(ConversationManager):
                     )
                     raise
 
-    def _get_mcp_config(self, user_id: str) -> MCPConfig | None:
+    async def _get_mcp_config(self, user_id: str) -> MCPConfig | None:
         api_key_store = ApiKeyStore.get_instance()
-        mcp_api_key = api_key_store.retrieve_mcp_api_key(user_id)
+        mcp_api_key = await api_key_store.retrieve_mcp_api_key(user_id)
         if not mcp_api_key:
-            mcp_api_key = api_key_store.create_api_key(user_id, 'MCP_API_KEY', None)
+            mcp_api_key = await api_key_store.create_api_key(
+                user_id, 'MCP_API_KEY', None
+            )
         if not mcp_api_key:
             return None
         web_host = os.environ.get('WEB_HOST', 'app.all-hands.dev')
@@ -547,7 +549,7 @@ class SaasNestedConversationManager(ConversationManager):
             'conversation_id': sid,
         }
 
-        mcp_config = self._get_mcp_config(user_id)
+        mcp_config = await self._get_mcp_config(user_id)
         if mcp_config:
             # Merge with any MCP config from settings
             if settings.mcp_config: