fix: oauth sync

[nikhilsinhaparseable]

current: user signs up using oauth, all queries fail with error - session expired or no longer valid
reason: user is not synced with other nodes in the cluster

fix: sync user+roles with all live nodes

Summary by CodeRabbit

• Bug Fixes
  • Improved sign-in behavior so newly created or updated users are more consistently synchronized across the cluster in non-multi-tenant setups.
  • If the background sync fails, login still completes normally and the issue is logged for later review.

[coderabbitai]

Walkthrough

In src/handlers/http/oidc.rs, the reply_login handler now imports and conditionally calls sync_user_creation after creating or updating an OIDC user. The sync is skipped in multi-tenant mode; errors are logged and swallowed.

Changes

OIDC Login Cluster Sync

Layer / File(s)	Summary
sync_user_creation import and post-login call src/handlers/http/oidc.rs	Adds cluster::sync_user_creation to imports and, when is_multi_tenant() is false, calls it with the request, user, roles, tenant id, and admin username after login; errors are logged and ignored.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

A rabbit hops through login's gate,
Syncing users — never late!
Multi-tenant? Skip the sync,
Otherwise, just log and wink.
Errors fade like morning dew 🐇✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title is concise and matches the OAuth cluster sync fix described in the changeset.
Description check	✅ Passed	The description states the problem, cause, and fix, but it omits the template headings, issue reference, and checklist items.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/handlers/http/oidc.rs`:
- Around line 243-253: The OIDC login flow in the `Users.new_session` path
should not continue issuing a session when cluster user sync fails or only logs
non-2xx responses. Update `sync_user_creation` to return an error whenever any
node response is non-2xx, and make the caller in `oidc.rs` fail closed by
propagating that error instead of just tracing and proceeding. Use the
`sync_user_creation` and `Users.new_session` flow to ensure cookies are only
issued after all required cluster sync work succeeds.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 5ee8691f-8a28-4df9-b197-5010b72f1e69

📥 Commits

Reviewing files that changed from the base of the PR and between f872abb and c10cc93.

📒 Files selected for processing (1)

• src/handlers/http/oidc.rs