Skip to content

test: Add regression test for externalAuth PUT round-trip [DHIS2-17597]#24336

Open
karolinelien wants to merge 2 commits into
dhis2:masterfrom
karolinelien:test/externalauth-put-roundtrip-DHIS2-17597
Open

test: Add regression test for externalAuth PUT round-trip [DHIS2-17597]#24336
karolinelien wants to merge 2 commits into
dhis2:masterfrom
karolinelien:test/externalauth-put-roundtrip-DHIS2-17597

Conversation

@karolinelien

@karolinelien karolinelien commented Jul 1, 2026

Copy link
Copy Markdown

Summary

Adds a controller regression test for DHIS2-17597 ("externalAuth changed to false when it should not be").

The original report (confirmed on 2.39.6 / 2.40.4 / 2.41.0) was that a full PUT /api/users/{uid} keeping externalAuth unchanged would toggle it (true→false→true) on each request.

I re-tested the exact scenario against current master (via play.im.dhis2.org/dev): create a user with externalAuth=true (+openId), then GET the full payload and PUT it back repeatedly while changing another field. externalAuth is preserved correctly — no toggle. The bug appears to have been resolved incidentally by later User-model / metadata-merge refactors; there is no commit tied to the ticket.

This PR adds a test that locks in the correct behavior so it cannot regress.

What the test does

UserControllerTest#testPutJsonObjectPreservesExternalAuth:

  1. Sets externalAuth=true on the user.
  2. Fetches the full representation and PUTs it back unchanged.
  3. Asserts externalAuth is still true.
  4. PUTs the identical payload a second time and asserts it is still true — the second PUT is what would have exposed the reported toggle.

Notes / verification

  • Behavior verified empirically on master before writing the test.
  • I was unable to compile/run the test locally in this environment (no JDK/Maven available). Please confirm CI green. To run locally:
    mvn install -pl dhis-web-api -am -DskipTests -q
    mvn test -pl dhis-test-web-api -Dtest=UserControllerTest#testPutJsonObjectPreservesExternalAuth
    
  • Test-only change; no production code touched.

AI Assisted

karolinelien and others added 2 commits July 1, 2026 17:48
Adds a controller test asserting that a user's externalAuth flag survives
repeated full GET/PUT round-trips. The reported bug (2.39-2.41) toggled
externalAuth on each PUT; this guards against a regression on the
UserController.putJsonObject -> MetadataImport -> merge path.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@karolinelien karolinelien marked this pull request as ready for review July 1, 2026 16:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant