e2b-dev
diff --git a/‎spec/openapi.dashboard-api.yaml‎
Lines changed: 63 additions & 1 deletion b/‎spec/openapi.dashboard-api.yaml‎
Lines changed: 63 additions & 1 deletion
diff --git a/‎src/__test__/integration/auth-callback-route.test.ts‎
Lines changed: 99 additions & 0 deletions b/‎src/__test__/integration/auth-callback-route.test.ts‎
Lines changed: 99 additions & 0 deletions
diff --git a/‎src/__test__/integration/dashboard-route.test.ts‎
Lines changed: 5 additions & 2 deletions b/‎src/__test__/integration/dashboard-route.test.ts‎
Lines changed: 5 additions & 2 deletions
@@ -6,6 +6,10 @@ info:
 
 components:
   securitySchemes:
+    AdminTokenAuth:
+      type: apiKey
+      in: header
+      name: X-Admin-Token
     Supabase1TokenAuth:
       type: apiKey
       in: header
@@ -210,7 +214,7 @@ components:
         nextCursor:
           type: string
           nullable: true
-          description: Cursor to pass to the next list request, or `null` if there is no next page. 
+          description: Cursor to pass to the next list request, or `null` if there is no next page.
 
     BuildStatusItem:
       type: object
@@ -386,6 +390,7 @@ components:
         - blockedReason
         - isDefault
         - limits
+        - createdAt
       properties:
         id:
           type: string
@@ -412,6 +417,9 @@ components:
           type: boolean
         limits:
           $ref: "#/components/schemas/UserTeamLimits"
+        createdAt:
+          type: string
+          format: date-time
 
     UserTeamsResponse:
       type: object
@@ -493,6 +501,16 @@ components:
           type: string
           format: email
 
+    CreateTeamRequest:
+      type: object
+      required:
+        - name
+      properties:
+        name:
+          type: string
+          minLength: 1
+          maxLength: 255
+
     DefaultTemplateAlias:
       type: object
       required:
@@ -714,6 +732,50 @@ paths:
           $ref: "#/components/responses/401"
         "500":
           $ref: "#/components/responses/500"
+    post:
+      summary: Create team
+      tags: [teams]
+      security:
+        - Supabase1TokenAuth: []
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: "#/components/schemas/CreateTeamRequest"
+      responses:
+        "200":
+          description: Successfully created team.
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/TeamResolveResponse"
+        "400":
+          $ref: "#/components/responses/400"
+        "401":
+          $ref: "#/components/responses/401"
+        "500":
+          $ref: "#/components/responses/500"
+
+  /admin/users/{userId}/bootstrap:
+    post:
+      summary: Bootstrap user
+      tags: [teams]
+      security:
+        - AdminTokenAuth: []
+      parameters:
+        - $ref: "#/components/parameters/userId"
+      responses:
+        "200":
+          description: Successfully bootstrapped user.
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/TeamResolveResponse"
+        "401":
+          $ref: "#/components/responses/401"
+        "500":
+          $ref: "#/components/responses/500"
 
   /teams/resolve:
     get:
 
@@ -0,0 +1,99 @@
+import { redirect } from 'next/navigation'
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+import { AUTH_URLS } from '@/configs/urls'
+
+const {
+  mockFlags,
+  mockCreateAdminUsersRepository,
+  mockBootstrapUser,
+  mockSupabaseClient,
+} = vi.hoisted(() => ({
+  mockFlags: {
+    enableUserBootstrap: true,
+  },
+  mockCreateAdminUsersRepository: vi.fn(),
+  mockBootstrapUser: vi.fn(),
+  mockSupabaseClient: {
+    auth: {
+      exchangeCodeForSession: vi.fn(),
+    },
+  },
+}))
+
+vi.mock('next/navigation', () => ({
+  redirect: vi.fn((url) => ({ destination: url })),
+}))
+
+vi.mock('@/configs/flags', () => ({
+  get ENABLE_USER_BOOTSTRAP() {
+    return mockFlags.enableUserBootstrap
+  },
+}))
+
+vi.mock('@/core/shared/clients/supabase/server', () => ({
+  createClient: vi.fn(() => mockSupabaseClient),
+}))
+
+vi.mock('@/core/modules/users/admin-repository.server', () => ({
+  createAdminUsersRepository: mockCreateAdminUsersRepository,
+}))
+
+vi.mock('@/lib/utils/auth', () => ({
+  encodedRedirect: vi.fn((type, url, message) => ({
+    type,
+    destination: `${url}?${type}=${encodeURIComponent(message)}`,
+    message,
+  })),
+}))
+
+import { GET } from '@/app/api/auth/callback/route'
+
+describe('Auth Callback Route', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+    mockFlags.enableUserBootstrap = true
+    mockCreateAdminUsersRepository.mockReturnValue({
+      bootstrapUser: mockBootstrapUser,
+    })
+  })
+
+  it('continues login when bootstrap fails', async () => {
+    mockSupabaseClient.auth.exchangeCodeForSession.mockResolvedValue({
+      data: {
+        user: { id: 'user-123' },
+        session: { access_token: 'access-token' },
+      },
+      error: null,
+    })
+    mockBootstrapUser.mockResolvedValue({
+      ok: false,
+      error: new Error('DASHBOARD_API_ADMIN_TOKEN is not configured'),
+    })
+
+    const result = await GET(
+      new Request('https://dashboard.e2b.dev/api/auth/callback?code=test')
+    )
+
+    expect(mockBootstrapUser).toHaveBeenCalledWith('user-123')
+    expect(redirect).toHaveBeenCalledWith('/dashboard')
+    expect(result).toEqual({ destination: '/dashboard' })
+  })
+
+  it('redirects cleanly when the exchanged session has no user id', async () => {
+    mockSupabaseClient.auth.exchangeCodeForSession.mockResolvedValue({
+      data: {
+        user: null,
+        session: { access_token: 'access-token' },
+      },
+      error: null,
+    })
+
+    await expect(
+      GET(new Request('https://dashboard.e2b.dev/api/auth/callback?code=test'))
+    ).rejects.toEqual({
+      type: 'error',
+      destination: `${AUTH_URLS.SIGN_IN}?error=${encodeURIComponent('Missing session after auth callback')}`,
+      message: 'Missing session after auth callback',
+    })
+  })
+})
@@ -121,8 +121,11 @@ describe('Dashboard Route - Team Resolution Integration Tests', () => {
       // execute
       const response = await GET(request)
 
-      // verify: resolveUserTeam was called with session access token
-      expect(mockResolveUserTeam).toHaveBeenCalledWith('session-token')
+      // verify: resolveUserTeam was called with authenticated user id and session access token
+      expect(mockResolveUserTeam).toHaveBeenCalledWith(
+        'user-123',
+        'session-token'
+      )
 
       // verify: redirects to sandboxes page
       expect(response.status).toBe(307) // temporary redirect