Skip to content

Fix duplicate service ID #306

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mpgxvii merged 12 commits into from
Oct 3, 2025
Merged

Fix duplicate service ID #306

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
716f46c
Merge pull request #298 from RADAR-base/release-4.4.9
mpgxvii Apr 29, 2025
116ac4e
Merge remote-tracking branch 'origin/master' into dev
yatharthranjan Jul 22, 2025
0dc5c2a
add check for duplicate external user ids (service ids)
yatharthranjan Jul 22, 2025
7d48d61
add unique constraint at JPA layer
yatharthranjan Jul 22, 2025
4d40ddd
Merge branch 'dev' into fix_duplicate_service_id
yatharthranjan Jul 30, 2025
a9e0ad1
Update db changelog
mpgxvii Sep 1, 2025
f8fa7bd
Add separate existing external user id check when updating the user t…
mpgxvii Sep 1, 2025
4a3d761
Remove unnecessary spaces
mpgxvii Sep 1, 2025
49109ac
Show subjectId in error message for duplicate service ids
mpgxvii Sep 2, 2025
fc94f82
Remove unused userRepository in RegistrationResource
mpgxvii Oct 3, 2025
071de94
Throw error when external user id is null when validating this
mpgxvii Oct 3, 2025
9287d15
Merge branch 'dev' into fix_duplicate_service_id
this-Aditya Oct 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion authorizer-app-backend/src/main/java/org/radarbase/authorizer/doa/entity/RestSourceUser.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ import jakarta.persistence.Id
import jakarta.persistence.OneToMany
import jakarta.persistence.SequenceGenerator
import jakarta.persistence.Table
import jakarta.persistence.UniqueConstraint
import org.hibernate.annotations.BatchSize
import org.hibernate.annotations.Cache
import org.hibernate.annotations.CacheConcurrencyStrategy
Expand All @@ -36,7 +37,7 @@ import java.util.Objects
import java.util.UUID

@Entity
@Table(name = "rest_source_user")
@Table(name = "rest_source_user", uniqueConstraints = [UniqueConstraint(columnNames = ["external_user_id", "source_type"])])
@Cache(usage = CacheConcurrencyStrategy.TRANSACTIONAL)
class RestSourceUser(
@Id
Expand Down
4 changes: 1 addition & 3 deletions ...izer-app-backend/src/main/java/org/radarbase/authorizer/resources/RegistrationResource.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@ import org.radarbase.authorizer.api.StateCreateDTO
import org.radarbase.authorizer.api.TokenSecret
import org.radarbase.authorizer.api.toProject
import org.radarbase.authorizer.doa.RegistrationRepository
import org.radarbase.authorizer.doa.RestSourceUserRepository
import org.radarbase.authorizer.service.RegistrationService
import org.radarbase.authorizer.service.RestSourceAuthorizationService
import org.radarbase.authorizer.service.RestSourceUserService
Expand All @@ -45,7 +44,6 @@ class RegistrationResource(
@Context private val registrationRepository: RegistrationRepository,
@Context private val restSourceUserService: RestSourceUserService,
@Context private val authorizationService: RestSourceAuthorizationService,
@Context private val userRepository: RestSourceUserRepository,
@Context private val registrationService: RegistrationService,
@Context private val projectService: RadarProjectService,
@Context private val authService: AuthService,
Expand Down Expand Up @@ -154,7 +152,7 @@ class RegistrationResource(
) = asyncService.runAsCoroutine(asyncResponse) {
val registration = registrationService.ensureRegistration(token)
val accessToken = authorizationService.requestAccessToken(payload, registration.user.sourceType)
val user = userRepository.updateToken(accessToken, registration.user)
Copy link
Member

@this-Aditya this-Aditya Oct 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since we are replacing userRepository::updateToken, the variable userRepository is now unused and can be removed

Copy link
Member

@mpgxvii mpgxvii Oct 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for reviewing this. Removed now.

val user = restSourceUserService.updateUserToken(accessToken, registration.user)
val project = registration.user.projectId?.let {
projectService.project(it).toProject()
}
Expand Down
34 changes: 33 additions & 1 deletion ...rizer-app-backend/src/main/java/org/radarbase/authorizer/service/RestSourceUserService.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import jakarta.ws.rs.core.Context
import jakarta.ws.rs.core.Response
import org.radarbase.auth.authorization.EntityDetails
import org.radarbase.auth.authorization.Permission
import org.radarbase.authorizer.api.RestOauth2AccessToken
import org.radarbase.authorizer.api.RestSourceUserDTO
import org.radarbase.authorizer.api.RestSourceUserMapper
import org.radarbase.authorizer.api.TokenDTO
Expand All @@ -13,6 +14,7 @@ import org.radarbase.authorizer.doa.entity.RestSourceUser
import org.radarbase.jersey.auth.AuthService
import org.radarbase.jersey.exception.HttpApplicationException
import org.radarbase.jersey.exception.HttpBadRequestException
import org.radarbase.jersey.exception.HttpConflictException
import org.radarbase.jersey.exception.HttpNotFoundException
import kotlin.time.Duration.Companion.seconds

Expand Down Expand Up @@ -106,6 +108,36 @@ class RestSourceUserService(
)
}

/**
* Validates that an external user ID is not already in use by another user.
* Should be called before updating a user's token with an external user ID.
*/
private suspend fun validateExternalUserId(token: RestOauth2AccessToken?, user: RestSourceUser) {
if (token?.externalUserId != null) {
Copy link
Member

@this-Aditya this-Aditya Oct 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we add an else block to handle when externalUserId is null?

Copy link
Member

@mpgxvii mpgxvii Oct 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added now 👍

val existingUser = userRepository.findByExternalId(token.externalUserId, user.sourceType)
if (existingUser != null && existingUser.id != user.id) {
throw HttpConflictException(
"external_user_id_already_exists",
"External user ID ${token.externalUserId} is already registered for another user of source type ${user.sourceType} and user id ${existingUser.userId}",
)
}
} else {
throw HttpBadRequestException(
"missing_external_user_id",
"External user ID cannot be empty",
)
}
}

/**
* Updates a user's token after validating the external user ID.
* This method ensures no duplicate external user IDs exist in the system.
*/
suspend fun updateUserToken(token: RestOauth2AccessToken?, user: RestSourceUser): RestSourceUser {
validateExternalUserId(token, user)
return userRepository.updateToken(token, user)
}

suspend fun ensureToken(userId: Long): TokenDTO {
ensureUser(userId, Permission.MEASUREMENT_CREATE)
return runLocked(userId) { user ->
Expand Down Expand Up @@ -151,7 +183,7 @@ class RestSourceUserService(
}

val token = authorizationService.refreshToken(user)
val updatedUser = userRepository.updateToken(token, user)
val updatedUser = updateUserToken(token, user)

if (!updatedUser.authorized) {
throw HttpApplicationException(
Expand Down
41 changes: 41 additions & 0 deletions .../resources/db/changelog/changes/20240607120000_add_unique_constraint_external_user_id.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
<?xml version="1.0" encoding="utf-8"?>
<databaseChangeLog
xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog
https://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.10.xsd">

<changeSet author="yatharth" id="20240607120000-add-unique-constraint-external-user-id">
<!-- Update duplicates to a fixed value for investigation, appending the external_user_id, except the row with the lowest id -->
<preConditions onFail="CONTINUE">
<not>
<sqlCheck expectedResult="0">
SELECT COUNT(*) FROM (
SELECT external_user_id, source_type FROM rest_source_user
WHERE external_user_id IS NOT NULL
GROUP BY external_user_id, source_type
HAVING COUNT(*) > 1
) t;
</sqlCheck>
</not>
</preConditions>
<sql dbms="postgresql">
UPDATE rest_source_user a
SET external_user_id = 'DUPLICATE_INVESTIGATE_' || a.id || '_' || a.external_user_id
FROM rest_source_user b
WHERE a.external_user_id = b.external_user_id
AND a.source_type = b.source_type
AND a.id > b.id
AND a.external_user_id IS NOT NULL
AND b.id = (
SELECT MIN(id) FROM rest_source_user c
WHERE c.external_user_id = a.external_user_id
AND c.source_type = a.source_type
);
</sql>
<addUniqueConstraint
tableName="rest_source_user"
columnNames="external_user_id,source_type"
constraintName="uk_rest_source_user_external_user_id_source_type"/>
</changeSet>
</databaseChangeLog>
1 change: 1 addition & 0 deletions authorizer-app-backend/src/main/resources/db/changelog/changes/db.changelog-master.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,4 +11,5 @@
<include file="db/changelog/changes/00000000000003_add_created_at_column.xml"/>
<include file="db/changelog/changes/20210721100000_add_registration_table.xml"/>
<include file="db/changelog/changes/20211008113000_add_registration_created_at.xml"/>
<include file="db/changelog/changes/20240607120000_add_unique_constraint_external_user_id.xml"/>
</databaseChangeLog>
Loading