refactor(auth): extract user/system validation into helper methods

major · major · commit 3f58309ddd2d · 2026-03-19T07:15:37.000-05:00
Reduce cyclomatic complexity of _validate_structure from C (14) to
B (8) by extracting _validate_user_fields and _validate_system_fields
helper methods. No behavior change.

RSPEED-2652

Signed-off-by: Major Hayden &lt;major@redhat.com&gt;
diff --git a/src/authentication/rh_identity.py b/src/authentication/rh_identity.py
@@ -52,7 +52,7 @@ def _validate_structure(self) -> None:
         """Validate the identity data structure.
 
         Raises:
-            HTTPException: 400 if required fields are missing
+            HTTPException: 400 if required fields are missing or malformed
         """
         if (
             "identity" not in self.identity_data
@@ -68,44 +68,9 @@ def _validate_structure(self) -> None:
 
         identity_type = identity["type"]
         if identity_type == "User":
-            if "user" not in identity:
-                logger.warning(
-                    "Identity validation failed: missing 'user' field for User type"
-                )
-                raise HTTPException(status_code=400, detail="Invalid identity data")
-            user = identity["user"]
-            if "user_id" not in user:
-                logger.warning(
-                    "Identity validation failed: missing 'user_id' in user data"
-                )
-                raise HTTPException(status_code=400, detail="Invalid identity data")
-            if "username" not in user:
-                logger.warning(
-                    "Identity validation failed: missing 'username' in user data"
-                )
-                raise HTTPException(status_code=400, detail="Invalid identity data")
-            self._validate_string_field("user_id", user["user_id"])
-            self._validate_string_field("username", user["username"])
+            self._validate_user_fields(identity)
         elif identity_type == "System":
-            if "system" not in identity:
-                logger.warning(
-                    "Identity validation failed: missing 'system' field for System type"
-                )
-                raise HTTPException(status_code=400, detail="Invalid identity data")
-            system = identity["system"]
-            if "cn" not in system:
-                logger.warning(
-                    "Identity validation failed: missing 'cn' in system data"
-                )
-                raise HTTPException(status_code=400, detail="Invalid identity data")
-            if "account_number" not in identity:
-                logger.warning(
-                    "Identity validation failed: "
-                    "missing 'account_number' for System type"
-                )
-                raise HTTPException(status_code=400, detail="Invalid identity data")
-            self._validate_string_field("cn", system["cn"])
-            self._validate_string_field("account_number", identity["account_number"])
+            self._validate_system_fields(identity)
         else:
             logger.warning("Identity validation failed: unsupported identity type")
             raise HTTPException(status_code=400, detail="Invalid identity data")
@@ -115,6 +80,59 @@ def _validate_structure(self) -> None:
         if org_id is not None and org_id != "":
             self._validate_string_field("org_id", org_id)
 
+    def _validate_user_fields(self, identity: dict) -> None:
+        """Validate required fields for User identity type.
+
+        Args:
+            identity: The identity dict containing user data
+
+        Raises:
+            HTTPException: 400 if required User fields are missing or malformed
+        """
+        if "user" not in identity:
+            logger.warning(
+                "Identity validation failed: missing 'user' field for User type"
+            )
+            raise HTTPException(status_code=400, detail="Invalid identity data")
+        user = identity["user"]
+        if "user_id" not in user:
+            logger.warning("Identity validation failed: missing 'user_id' in user data")
+            raise HTTPException(status_code=400, detail="Invalid identity data")
+        if "username" not in user:
+            logger.warning(
+                "Identity validation failed: missing 'username' in user data"
+            )
+            raise HTTPException(status_code=400, detail="Invalid identity data")
+        self._validate_string_field("user_id", user["user_id"])
+        self._validate_string_field("username", user["username"])
+
+    def _validate_system_fields(self, identity: dict) -> None:
+        """Validate required fields for System identity type.
+
+        Args:
+            identity: The identity dict containing system data
+
+        Raises:
+            HTTPException: 400 if required System fields are missing or malformed
+        """
+        if "system" not in identity:
+            logger.warning(
+                "Identity validation failed: missing 'system' field for System type"
+            )
+            raise HTTPException(status_code=400, detail="Invalid identity data")
+        system = identity["system"]
+        if "cn" not in system:
+            logger.warning("Identity validation failed: missing 'cn' in system data")
+            raise HTTPException(status_code=400, detail="Invalid identity data")
+        if "account_number" not in identity:
+            logger.warning(
+                "Identity validation failed: "
+                "missing 'account_number' for System type"
+            )
+            raise HTTPException(status_code=400, detail="Invalid identity data")
+        self._validate_string_field("cn", system["cn"])
+        self._validate_string_field("account_number", identity["account_number"])
+
     def _validate_string_field(
         self, field_name: str, value: Any, max_length: int = 256
     ) -> None:
