Upgrade to ds-spring-user-framework 5.0.1#74
Merged
Conversation
Migrate to the 5.0.0 (breaking) API: - UserPreDeleteEvent now carries (Object, Long userId, String userEmail) instead of a User - UserProfileDeletionListener uses event.getUserId() (event no longer exposes getUser()) - CustomUserEmailService super-constructor takes the new UserRepository parameter - registration E2E: existing-email now returns a uniform 200 (anti-enumeration); test updated to assert no account-existence leak instead of the old error banner Validated: app boots on 5.0.0-SNAPSHOT; Playwright chromium suite 103/103 green.
Update the demo's integration/API tests for the 5.0.x library changes and bump the dependency to 5.0.1-SNAPSHOT (validated; flip to 5.0.1 once released). - Events: OnRegistrationCompleteEvent / UserPreDeleteEvent now carry ids/scalars and UserEmailService.sendRegistrationVerificationEmail(Long, String); update EventSystemIntegrationTest and the profile-deletion listener usages. - Unique role/privilege names: flush deleted rows before the framework's seeded roles are re-inserted so the new UNIQUE(role.name)/UNIQUE(privilege.name) indexes aren't tripped (DSUserDetailsServiceIntegrationTest, SecurityConfigurationTest, AuthorityServiceIntegrationTest). - Anti-enumeration: registration now returns a uniform 200 + generic message for both new and duplicate emails; update UserApiSimpleTest and UserApiIntegrationTestFixed to assert the non-enumerating response. - Make the committed test-user cleanup race-proof: the @async registration listener can write the verification token after cleanup runs, tripping FK_VERIFY_USER under full-suite load; retry the committed delete until the token settles. Full ./gradlew test green 3/3.
Contributor
There was a problem hiding this comment.
Pull request overview
This PR upgrades the demo app to ds-spring-user-framework 5.0.1 and updates application code plus test suites to align with 5.0.x behavioral/API changes (event payloads, role/privilege uniqueness constraints, anti-enumeration registration responses, and async token timing).
Changes:
- Bumped
ds-spring-user-frameworkdependency to 5.0.1. - Updated event publishing/listening and related tests to use new scalar/id-based event payloads and updated email service method signature.
- Adjusted tests for new security behaviors and constraints (anti-enumeration registration responses; explicit repository flushes; retry cleanup to avoid async token FK races).
Reviewed changes
Copilot reviewed 10 out of 11 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| src/test/java/com/digitalsanctuary/spring/user/integration/SecurityConfigurationTest.java | Flushes role deletes before reseeding roles to avoid new unique index conflicts. |
| src/test/java/com/digitalsanctuary/spring/user/integration/EventSystemIntegrationTest.java | Updates event payloads and email verification mocks for 5.0.x event/model changes. |
| src/test/java/com/digitalsanctuary/spring/user/integration/DSUserDetailsServiceIntegrationTest.java | Flushes role deletes before inserting roles to avoid unique index conflicts. |
| src/test/java/com/digitalsanctuary/spring/user/integration/AuthorityServiceIntegrationTest.java | Flushes role/privilege deletes before inserts to avoid unique index conflicts. |
| src/test/java/com/digitalsanctuary/spring/user/api/UserApiSimpleTest.java | Updates registration assertions for anti-enumeration (uniform 200 + generic message). |
| src/test/java/com/digitalsanctuary/spring/user/api/UserApiIntegrationTestFixed.java | Updates registration assertions for anti-enumeration and adds retrying committed cleanup for async token timing. |
| src/main/java/com/digitalsanctuary/spring/demo/user/profile/UserProfileDeletionListener.java | Uses new UserPreDeleteEvent scalar getters (getUserId()). |
| src/main/java/com/digitalsanctuary/spring/demo/test/api/TestDataController.java | Publishes updated UserPreDeleteEvent constructor signature (id/email). |
| src/main/java/com/digitalsanctuary/spring/demo/service/CustomUserEmailService.java | Updates superclass ctor call to include UserRepository per 5.0.x changes. |
| playwright/tests/auth/registration.spec.ts | Updates UI test to assert anti-enumeration behavior for existing email registration. |
| build.gradle | Upgrades ds-spring-user-framework dependency from 4.4.0 to 5.0.1. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+109
to
+112
| // ...and the flow lands on the generic pending page, indistinguishable from a | ||
| // new (unverified) registration. | ||
| await page.waitForURL(/registration-pending/, { timeout: 10000 }); | ||
|
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Upgrades the demo to the released ds-spring-user-framework 5.0.1 and adapts the test suite to the 5.0.x library changes.
Dependency
ds-spring-user-framework→ 5.0.1 (released on Maven Central).Test adaptations for 5.0.x
OnRegistrationCompleteEvent/UserPreDeleteEventnow carry ids/scalars, andUserEmailService.sendRegistrationVerificationEmail(Long, String)— updatedEventSystemIntegrationTestand the profile-deletion listener usage.UNIQUE(role.name)/UNIQUE(privilege.name)indexes aren't tripped (DSUserDetailsServiceIntegrationTest,SecurityConfigurationTest,AuthorityServiceIntegrationTest).200+ generic message for both new and duplicate emails —UserApiSimpleTest,UserApiIntegrationTestFixedupdated to assert the non-enumerating response.@Asyncregistration listener could write the verification token after cleanup ran, trippingFK_VERIFY_USERunder full-suite load.Test Plan
./gradlew clean test --refresh-dependenciesgreen 2/2 against the released 5.0.1 artifact.