feat(auth): collect the workspace logo on the sign-up creation step

[FelixMalfait]

What & why

A single, consistent workspace-creation step for both multi-workspace and single-workspace self-host — collecting name + logo (and the subdomain in multi-workspace) — which removes the duplicate name/logo prompt that previously reappeared on the workspace subdomain (reported after #21641).

Changes

One creation form for both modes

• With 0 workspaces, both multi-workspace and single-workspace route to the shared SignInUpWorkspaceCreationForm; SignInUp renders it for the WorkspaceCreation step regardless of domain/scope.
• The subdomain field shows only in multi-workspace; single-workspace keeps its fixed address.

Logo on the creation step

• New scoped uploadNewWorkspaceLogo(workspaceId, file) mutation: the creator sets a logo on their just-created PENDING_CREATION workspace via the workspace-agnostic token (membership enforced — only the creator is a member at that point), reusing uploadWorkspacePicture. Upload size is capped via settings.storage.maxFileSize (also applied to the existing logo / profile-picture uploads).
• The picked file is held locally (object-URL preview, revoked on unmount) and uploaded right after creation (non-fatal on failure).

Onboarding step → pure activation loader

• The old "Create your workspace" form (name + logo) is removed. The onboarding step now activates the pending workspace on mount and shows the loader, with a Retry action on failure.

Testing

• typecheck (front + server) ✅; oxlint + oxfmt clean on changed files ✅
• Unit tests: auth.resolver.spec, useWorkspaceSubdomainField, SignInUpWorkspaceCreationForm (multi + single-workspace), useAuth ✅
• Metadata GraphQL + twenty-client-sdk schema regenerated.

Follow-up to #21641.

🤖 Generated with Claude Code

https://claude.ai/code/session_01Xw37hR5seiCyWnppG9z4op

[cubic-dev-ai]

4 issues found across 11 files

<sub>Reply with feedback, questions, or to request a fix.

Re-trigger cubic</sub>

[twenty-ci-bot-public]

Visual Regression Report (twenty-front)

• 2 changed
• 667 unchanged

Changed stories

Story	Diff %
pages-onboarding-createworkspace--default	6%
modules-settings-datamodel-objects-forms-settingsdatamodelobjectaboutform--default	0%

[twenty-ci-bot-public]

🚀 Preview Environment Ready!

Your preview environment is available at: https://athletes-prospects-northwest-betty.trycloudflare.com

This environment will automatically shut down after 5 hours.

[twenty-ci-bot-public]

🔍 Automated Pre-Review

✅ No issues detected - This PR is ready for human review.

---

View details

Automated pre-review — human approval still required.

[cubic-dev-ai]

3 issues found across 22 files

<sub>Reply with feedback, questions, or to request a fix.

Re-trigger cubic</sub>

[FelixMalfait]

Remove this comment

[FelixMalfait]

Remove comment. Should this step/file be renamed then?

[FelixMalfait]

Remove comment. Also I don't understand why we still need to send the display name?

[FelixMalfait]

Design notes for reviewers (keeping these here rather than as inline code comments):

Naming — required at creation, not at activation. signUpOnNewWorkspace now requires a non-empty displayName. Only the user can supply a name, whereas the subdomain is auto-generated from the work-email domain when omitted (and is fixed in single-workspace) — that's why the two are asymmetric. activateWorkspace no longer requires or rewrites the name; it just provisions the tenant (rename stays available as an optional override), which is why the onboarding loader now calls it with input: {}.

Invariant: a PENDING workspace always has a name. With naming enforced at creation, no path can create a nameless workspace, so the activation step can't be reached with an empty name (the original "Workspace creation failed" bug).

Single-workspace sign-up routing. isOnAWorkspace is always true in single-workspace mode, so sign-up is routed through the workspace-agnostic path → the shared creation form (name collected before the workspace exists). There's no subdomain to redirect to afterwards, so we authenticate in place via the login token and let onboarding take over on the same domain. SSO sign-ins with no target workspace/invite go through that same agnostic→form flow.

Logo upload. The picked file is held locally (object URL, revoked on unmount to avoid a blob leak) and uploaded only after the workspace exists; a logo failure is non-fatal. uploadNewWorkspaceLogo authorizes the caller against the pending workspace before reading the upload stream, so a rejected request never buffers an untrusted file into memory.

---

Generated by Claude Code

[sentry]

Bug: The uploadNewWorkspaceLogo resolver attempts to write file metadata to the workspace database before the corresponding schema has been created, leading to a database error.
_{Severity: HIGH}

Suggested Fix

Defer the logo upload until after the workspace has been successfully activated. Alternatively, ensure the workspace database schema is created before any file operations are attempted, possibly by creating it during the initial workspace creation step rather than during activation.

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI
agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's
not valid.

Location: packages/twenty-server/src/engine/core-modules/auth/auth.resolver.ts#L588-L592

Potential issue: When a user creates a new workspace and immediately uploads a logo, the
`uploadNewWorkspaceLogo` resolver is triggered. This calls
`fileStorageService.writeFile`, which attempts to save file metadata using
`fileRepository.upsert()`. However, the workspace's database schema is only created
during the `activateWorkspace` step, which occurs after the logo upload attempt. This
race condition results in an attempt to write to a non-existent database schema, causing
a database error and preventing the logo from being saved correctly.

Also affects:

• packages/twenty-server/src/engine/core-modules/file/file-core-picture/services/file-core-picture.service.ts:160~169