Skip to content

fix: validate UUID in user Enable and Disable RPCs#1439

Merged
whoAbhishekSah merged 1 commit intomainfrom
fix/validate-uuid-in-user-state-change
Mar 5, 2026
Merged

fix: validate UUID in user Enable and Disable RPCs#1439
whoAbhishekSah merged 1 commit intomainfrom
fix/validate-uuid-in-user-state-change

Conversation

@whoAbhishekSah
Copy link
Member

@whoAbhishekSah whoAbhishekSah commented Mar 5, 2026

Summary

  • Add UUID validation in user.Service.Enable() and user.Service.Disable() before calling the repository, returning ErrInvalidID for invalid UUIDs
  • Previously, invalid IDs were passed directly to PostgreSQL, resulting in confusing "not found" errors instead of proper "invalid argument" errors
  • Consistent with existing validation in GetByID and Update methods in the same service
  • Add unit tests for both methods covering valid UUID, non-UUID string, empty string, and user-not-found cases

Test plan

  • Unit tests pass for TestService_Disable and TestService_Enable (8 new test cases)
  • Existing handler tests pass for TestConnectHandler_DisableUser and TestConnectHandler_EnableUser
  • Full core/user test suite passes
  • Manually verified with a running server — invalid UUID now returns invalid_argument:
2026-03-05T13:22:38.879+0530    error    DisableUser.Disable operation failed    {"operation": "DisableUser.Disable", "request_id": "", "error_type": "*errors.errorString", "error": "user id is invalid", "user_id": "abcd"}
2026-03-05T13:22:38.879+0530    warn    finished call    {"system": "connect_rpc", "start_time": "2026-03-05T13:22:38.813+0530", "method": "/raystack.frontier.v1beta1.FrontierService/DisableUser", "time_ms": 65, "code": "invalid_argument", "request_id": "", "error": "invalid_argument: invalid syntax in body"}

2026-03-05T13:23:49.271+0530    error    EnableUser operation failed    {"operation": "EnableUser", "request_id": "", "error_type": "*errors.errorString", "error": "user id is invalid", "user_id": "abcd"}
2026-03-05T13:23:49.271+0530    warn    finished call    {"system": "connect_rpc", "start_time": "2026-03-05T13:23:49.194+0530", "method": "/raystack.frontier.v1beta1.FrontierService/EnableUser", "time_ms": 76, "code": "invalid_argument", "request_id": "", "error": "invalid_argument: invalid syntax in body"}

🤖 Generated with Claude Code

@whoAbhishekSah @claude
fix: validate UUID in user Enable and Disable APIs
35aea1a 
The Enable and Disable methods in the user service were passing the
user ID directly to the repository without validating it is a valid
UUID. This caused invalid IDs to reach PostgreSQL and return confusing
"not found" errors instead of proper "invalid ID" errors.

Add UUID validation using utils.IsValidUUID() at the start of both
methods, consistent with how GetByID and Update already validate.
The handlers already map ErrInvalidID to CodeInvalidArgument, so
callers now correctly receive a 400 Bad Request for invalid UUIDs.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@vercel
Copy link

vercel bot commented Mar 5, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
frontier Ready Ready Preview, Comment Mar 5, 2026 7:55am

@coderabbitai
Copy link

coderabbitai bot commented Mar 5, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 2bdd36a8-0d20-4d86-966e-99c86a02a924

📥 Commits

Reviewing files that changed from the base of the PR and between 6677199 and 35aea1a.

📒 Files selected for processing (2)
  • core/user/service.go
  • core/user/service_test.go
📝 Walkthrough

Summary by CodeRabbit

  • Bug Fixes

    • Enhanced validation for user enable/disable operations to properly reject invalid identifiers.

  • Tests

    • Added comprehensive test coverage for user enable/disable operations including edge cases.

Walkthrough

UUID validation was added to the Enable and Disable methods in the user service to reject invalid IDs early. Corresponding test suites with multiple scenarios—valid UUIDs, invalid/empty IDs, and not-found users—were added to cover both methods.

Changes

Cohort / File(s) Summary
Service Implementation
core/user/service.go		 Added UUID validation to Enable and Disable methods; invalid IDs now return ErrInvalidID before proceeding with state changes.
Service Tests
core/user/service_test.go		 Added TestService_Disable and TestService_Enable test suites with table-driven cases covering valid UUIDs, invalid/empty IDs, and not-found user scenarios.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~15 minutes

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@whoAbhishekSah whoAbhishekSah changed the title fix: validate UUID in user Enable and Disable APIs fix: validate UUID in user Enable and Disable RPCs Mar 5, 2026
@coveralls
Copy link

coveralls commented Mar 5, 2026

Pull Request Test Coverage Report for Build 22707974817

Details

  • 6 of 6 (100.0%) changed or added relevant lines in 1 file are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage increased (+0.03%) to 39.873%
Totals Coverage Status
Change from base Build 22707411071: 0.03%
Covered Lines: 13605
Relevant Lines: 34121
💛 - Coveralls

@whoAbhishekSah whoAbhishekSah merged commit 86340f8 into main Mar 5, 2026
8 checks passed
@whoAbhishekSah whoAbhishekSah deleted the fix/validate-uuid-in-user-state-change branch March 5, 2026 08:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rohilsurana rohilsurana rohilsurana approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@whoAbhishekSah @coveralls @rohilsurana