refactor: update the code based on feedback

2026-03-22 05:37:20 +08:00 · 2026-03-20 00:23:17 +07:00
parent 19b1bf0ffd
commit d5b583e28f
1 changed files with 14 additions and 4 deletions
--- a/enterprise/server/routes/auth.py
+++ b/enterprise/server/routes/auth.py
@@ -175,10 +175,20 @@ async def keycloak_callback(
        # For duplicate_email errors, clean up the newly created Keycloak user
        # (only if they're not already in our UserStore, i.e., they're a new user)
        if authorization.error_detail == 'duplicate_email':
-            existing_user = await UserStore.get_user_by_id(user_info.sub)
-            if not existing_user:
-                # New user created during OAuth should be deleted from Keycloak
-                await token_manager.delete_keycloak_user(user_info.sub)
+            try:
+                existing_user = await UserStore.get_user_by_id(user_info.sub)
+                if not existing_user:
+                    # New user created during OAuth should be deleted from Keycloak
+                    await token_manager.delete_keycloak_user(user_info.sub)
+                    logger.info(
+                        f'Deleted orphaned Keycloak user {user_info.sub} '
+                        'after duplicate_email rejection'
+                    )
+            except Exception as e:
+                # Log but don't fail - user should still get 401 response
+                logger.warning(
+                    f'Failed to clean up orphaned Keycloak user {user_info.sub}: {e}'
+                )
        # Return unauthorized
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,