Fix reset_password to handle wrapped API response #406
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The WorkOS API returns password reset responses in wrapped format
{"user": {...}} rather than a flat user object. This caused
reset_password to return a User object with all nil fields despite
successful API calls.
Changes:
- Updated reset_password to use UserResponse.new(response.body).user
to correctly unwrap the API response (line 872)
- Updated VCR cassette to match current API response format
Verified:
- Tested against real WorkOS API with local code changes
- User object now correctly populated with all fields
- All 119 user_management tests pass
- Response format matches Go and Node.js SDK implementations
- Resolves customer issue where password reset succeeded but
returned User object with all null fields
Greptile Summary
Confidence Score: 5/5
Important Files Changed
Sequence DiagramsequenceDiagram
participant User
participant SDK as "WorkOS SDK"
participant API as "WorkOS API"
participant UserResponse
participant UserObj as "User Object"
User->>SDK: "reset_password(token, new_password)"
SDK->>API: "POST /user_management/password_reset/confirm"
API-->>SDK: "{'user': {'id': '...', 'email': '...', ...}}"
SDK->>UserResponse: "UserResponse.new(response.body)"
UserResponse->>UserObj: "extract .user field"
UserObj-->>SDK: "User object with populated fields"
SDK-->>User: "return User object"
|
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
2 files reviewed, no comments
Edit Code Review Agent Settings | Greptile
React with 👍 or 👎 to share your feedback on this new summary format
nholden
approved these changes
Nov 19, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes issue where
reset_passwordreturned a User object with all nil fields despite successful API calls.Problem
Customer reported that after successfully resetting a password, the returned User object had all fields set to null:
Investigation revealed the WorkOS API returns password reset responses in wrapped format
{"user": {...}}, but the SDK was trying to parse it as a flat user object usingUser.new(response.body). This caused all fields to be nil because the User class looks for:id,:email, etc. at the top level, but they're nested under:user.Solution
Updated
reset_password(line 872) to useUserResponse.new(response.body).userto correctly unwrap the API response before extracting the User object.Testing & Verification
Changes
lib/workos/user_management.rb: Changed line 872 fromWorkOS::User.new(response.body)toWorkOS::UserResponse.new(response.body).userspec/support/fixtures/vcr_cassettes/user_management/reset_password/valid.yml: Updated response body to reflect wrapped format