Skip to content

injiweb-1733-no-userid-in-session used utils to add a check#1036

Open
cyber-titan wants to merge 1 commit intoinji:developfrom
cyber-titan:injiweb-1733-no-userid-in-session
Open

injiweb-1733-no-userid-in-session used utils to add a check#1036
cyber-titan wants to merge 1 commit intoinji:developfrom
cyber-titan:injiweb-1733-no-userid-in-session

Conversation

@cyber-titan
Copy link
Contributor

@cyber-titan cyber-titan commented Mar 2, 2026
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • New Features
    • Strengthened user authentication for wallet operations. The system now enforces mandatory user ID validation during wallet creation to prevent unauthorized access and enhance account security. Invalid or missing user credentials trigger appropriate security responses, protecting user wallets from unauthorized creation attempts.

@cyber-titan
injiweb-1733-no-userid-in-session used utils to add a check
821d8c6 
Signed-off-by: cyber-titan <saiabhi2309@gmail.com>
@coderabbitai
Copy link

coderabbitai bot commented Mar 2, 2026
edited
Loading

Walkthrough

The changes add user ID validation to the wallet creation process by introducing a WalletValidator dependency into WalletsController. The validator is invoked before wallet creation to ensure the user ID is present and valid.

Changes

Cohort / File(s) Summary
Controller Enhancement
src/main/java/io/mosip/mimoto/controller/WalletsController.java		 Added WalletValidator dependency via constructor injection. Invokes walletValidator.validateUserId(userId) in createWallet method before proceeding with wallet creation.
Test Coverage
src/test/java/io/mosip/mimoto/controller/WalletsControllerTest.java		 Added WalletValidator mock bean and two test cases: one for invalid user ID returning 401 Unauthorized, and one for valid user ID with successful wallet creation.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 A wallet blooms with care so bright,
Validator guards with all its might,
Each user checked before they play,
Security hops the rightful way! 🎩✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 20.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title references adding a check for missing user ID in session, which aligns with the core change: introducing WalletValidator to validate userId before wallet creation.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Mar 2, 2026
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (3)
src/test/java/io/mosip/mimoto/controller/WalletsControllerTest.java (2)

510-513: Explicit doNothing() is redundant for Mockito mocks.

Mockito mocks default to doing nothing for void methods. This call can be removed for cleaner test code.

🧹 Suggested cleanup 
    `@Test`
    public void shouldCreateWalletWhenUserIdIsValidAndValidatorPasses() throws Exception {
-        // validator is void -> use doNothing()
-        org.mockito.Mockito.doNothing()
-                .when(walletValidator)
-                .validateUserId(userId);
-
        when(walletService.createWallet(userId, walletName, walletPin, confirmWalletPin))
                .thenReturn(new WalletResponseDto(walletId, walletName, null));
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@src/test/java/io/mosip/mimoto/controller/WalletsControllerTest.java` around
lines 510 - 513, Remove the unnecessary explicit Mockito.doNothing() setup in
WalletsControllerTest: delete the
org.mockito.Mockito.doNothing().when(walletValidator).validateUserId(userId);
line because mocks already do nothing for void methods; leave any other
stubbing/verification for walletValidator and keep validateUserId untouched so
the test behavior remains the same.

131-146: Existing test may be testing an unrealistic scenario after this PR.

With the new validation flow, walletValidator.validateUserId(null) is called before walletService.createWallet(). This test doesn't configure the mock for walletValidator, so it silently passes (does nothing), and then expects walletService to throw.

In production, walletValidator would throw first, making the walletService mock configuration unreachable. Consider updating this test to set up walletValidator mock or removing it since the new test shouldReturnUnauthorizedWhenUserIdIsInvalidForCreateWallet covers the correct flow.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@src/test/java/io/mosip/mimoto/controller/WalletsControllerTest.java` around
lines 131 - 146, The test should mock the validator instead of relying on
walletService to throw; update
shouldReturnUnauthorizedWhenUserIdIsMissingForCreateWallet to configure
walletValidator.validateUserId(null) to throw the UnauthorizedAccessException
(same error code/message used now) so the controller's validation path is
exercised (or remove this test and rely on
shouldReturnUnauthorizedWhenUserIdIsInvalidForCreateWallet), and remove or
adjust the walletService.createWallet(null, walletName, walletPin,
confirmWalletPin) stubbing because it is unreachable once
walletValidator.validateUserId throws.
src/main/java/io/mosip/mimoto/controller/WalletsController.java (1)

92-93: Validation is already consistent at the service layer across all endpoints.

The validateUserId() check is performed in WalletServiceImpl for all wallet operations (createWallet, getWallets, unlockWallet, deleteWallet). However, the createWallet controller adds an additional layer of validation before calling the service, which is redundant since the service layer validates again. For consistency, either remove the controller-level validation in createWallet or apply it uniformly across all controller endpoints. Since validation already occurs at the service layer for all operations, the current code functions correctly but the pattern could be simplified.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@src/main/java/io/mosip/mimoto/controller/WalletsController.java` around lines
92 - 93, Remove the redundant controller-level userId validation in
WalletsController.createWallet to match the existing pattern where
WalletServiceImpl performs validateUserId for all wallet operations;
specifically, delete the call to walletValidator.validateUserId(userId) in the
createWallet method so the controller delegates validation responsibility to
WalletServiceImpl (createWallet, getWallets, unlockWallet, deleteWallet) and
avoid duplicating logic.
🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@src/main/java/io/mosip/mimoto/controller/WalletsController.java`:
- Around line 92-93: Remove the redundant controller-level userId validation in
WalletsController.createWallet to match the existing pattern where
WalletServiceImpl performs validateUserId for all wallet operations;
specifically, delete the call to walletValidator.validateUserId(userId) in the
createWallet method so the controller delegates validation responsibility to
WalletServiceImpl (createWallet, getWallets, unlockWallet, deleteWallet) and
avoid duplicating logic.

In `@src/test/java/io/mosip/mimoto/controller/WalletsControllerTest.java`:
- Around line 510-513: Remove the unnecessary explicit Mockito.doNothing() setup
in WalletsControllerTest: delete the
org.mockito.Mockito.doNothing().when(walletValidator).validateUserId(userId);
line because mocks already do nothing for void methods; leave any other
stubbing/verification for walletValidator and keep validateUserId untouched so
the test behavior remains the same.
- Around line 131-146: The test should mock the validator instead of relying on
walletService to throw; update
shouldReturnUnauthorizedWhenUserIdIsMissingForCreateWallet to configure
walletValidator.validateUserId(null) to throw the UnauthorizedAccessException
(same error code/message used now) so the controller's validation path is
exercised (or remove this test and rely on
shouldReturnUnauthorizedWhenUserIdIsInvalidForCreateWallet), and remove or
adjust the walletService.createWallet(null, walletName, walletPin,
confirmWalletPin) stubbing because it is unreachable once
walletValidator.validateUserId throws.
ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 792a7f6 and 821d8c6.

📒 Files selected for processing (2)
  • src/main/java/io/mosip/mimoto/controller/WalletsController.java
  • src/test/java/io/mosip/mimoto/controller/WalletsControllerTest.java

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cyber-titan