PII issues fixes with backward compatibility for booking service [MOSIP-44379]

[GOKULRAJ136]

Summary by CodeRabbit

• Chores

  • Updated kernel dependencies to 1.3.0 and added the pre-registration application service dependency; added a new config property for PII backward-compatibility.

• New Features

  • Introduced a PII backward-compatibility option controlling how user identifiers are resolved.
  • Added safe identity-resolution and migration during booking, cancelation, and deletion flows.

• Tests

  • Added/updated unit tests covering identifier resolution, migration paths, and failure handling.

[coderabbitai]

Walkthrough

Adds canonical user-ID resolution to booking writes via UserDetailsService, wires ApplicationIdentityMigrationService into BookingService flows, bumps kernel and preregistration app dependencies, adds a PII backward-compatibility flag, and extends unit tests and config for these behaviors.

Changes

Booking user-id resolution and kernel bump

Layer / File(s)	Summary
Kernel and prereg dependency update pre-registration-booking-service/pom.xml	Adds pre.registration.application.service.version and updates kernel.core.version / kernel.bom.version to 1.3.0; adds dependency io.mosip.preregistration:pre-registration-application-service.
BookingService identity migration wiring pre-registration-booking-service/src/main/java/.../BookingService.java	Imports and injects ApplicationIdentityMigrationService; after persisting a booking, calls migrateRawUserToEffectiveUser(...); resolves effective user id for cancel and delete flows and uses it for migration and response fields.
BookingServiceUtil resolution logic pre-registration-booking-service/src/main/java/.../BookingServiceUtil.java	Injects UserDetailsService and mosip.prereg.pii.backward.compatibility flag; changes bookingEntitySetter(...) to use resolveEffectiveCrBy(String) which calls userDetailsService.getOrCreateInternalUserId(...) and maps lookup errors to AppointmentBookingFailedException.
Tests and config pre-registration-booking-service/src/test/.../BookingServiceUtilTest.java, pre-registration-booking-service/src/main/resources/bootstrap.properties, pre-registration-booking-service/src/test/resources/application.properties	Mocks UserDetailsService, uses ReflectionTestUtils to toggle piiBackwardCompatibility, stubs canonical id resolution, adds tests for canonical success, compatibility fallback, and failure path; adds mosip.prereg.pii.backward.compatibility=false to properties.

Sequence Diagram(s)

sequenceDiagram
  participant Client
  participant AuthContext
  participant BookingService
  participant BookingServiceUtil
  participant UserDetailsService
  participant AppIdentityMigration

  Client->>AuthContext: obtain rawUserId
  Client->>BookingService: create/cancel/delete booking (rawUserId, preregId)
  BookingService->>BookingServiceUtil: bookingEntitySetter(authUserDetails().getUserId(), ...)
  BookingServiceUtil->>UserDetailsService: getOrCreateInternalUserId(rawUserId)
  alt resolved
    UserDetailsService-->>BookingServiceUtil: effectiveUserId
    BookingServiceUtil-->>BookingService: RegistrationBookingEntity.crBy=effectiveUserId
  else lookup fails and piiBackwardCompatibility==true
    UserDetailsService-->>BookingServiceUtil: (fallback) identifierOrRaw
    BookingServiceUtil-->>BookingService: RegistrationBookingEntity.crBy=identifierOrRaw
  else lookup fails and piiBackwardCompatibility==false
    BookingServiceUtil-->>BookingService: throw AppointmentBookingFailedException
  end
  BookingService->>AppIdentityMigration: migrateRawUserToEffectiveUser(preregId, bookingEntity.getCrBy())
  AppIdentityMigration-->>BookingService: migration result
  BookingService-->>Client: respond

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

Poem

🐰 I hop to fix the user trace,

canonical hops in their rightful place,
tests snug, configs set to guide,
kernels bumped, migrations ride,
a rabbit nods at the tidy stride.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 36.36% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main changes in the pull request, which involve addressing PII (Personally Identifiable Information) issues while maintaining backward compatibility in the booking service.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1b63858 and 52bf984.

📒 Files selected for processing (5)

• pre-registration-booking-service/pom.xml
• pre-registration-booking-service/src/main/java/io/mosip/preregistration/booking/service/util/BookingServiceUtil.java
• pre-registration-booking-service/src/main/resources/bootstrap.properties
• pre-registration-booking-service/src/test/java/io/mosip/preregistration/booking/test/service/util/BookingServiceUtilTest.java
• pre-registration-booking-service/src/test/resources/application.properties

[coderabbitai]

♻️ Duplicate comments (1)

pre-registration-booking-service/src/main/java/io/mosip/preregistration/booking/service/util/BookingServiceUtil.java (1)

558-575: ⚠️ Potential issue | 🟠 Major

Guard against blank raw fallback in backward-compatibility mode.

On Line [568]-Line [571], fallback returns userId even when it may be null/blank, which can still persist an unattributable crBy. Fail fast unless a non-blank identifier is available.

Proposed fix

 private String resolveEffectiveCrBy(String userId) {
+	if (userId == null || userId.isBlank()) {
+		throw new AppointmentBookingFailedException(
+				ErrorCodes.PRG_BOOK_RCI_005.getCode(),
+				ErrorMessages.APPOINTMENT_BOOKING_FAILED.getMessage());
+	}
 	try {
 		UserDetails userDetail = userDetailsService.findOrCreateByIdentifier(userId);
 		if (userDetail != null && userDetail.getUserId() != null) {
 			return userDetail.getUserId().toString();
 		}
 	} catch (Exception ex) {
 		log.warn("sessionId", "idType", "id",
 				"Failed to resolve canonical user id for booking: " + maskIdentifier(userId));
 	}
-	if (piiBackwardCompatibility) {
+	if (piiBackwardCompatibility) {
 		log.warn("sessionId", "idType", "id",
 				"Falling back to raw identifier for booking due to backward-compatibility mode");
 		return userId;
 	}
 	throw new AppointmentBookingFailedException(ErrorCodes.PRG_BOOK_RCI_005.getCode(),
 			ErrorMessages.APPOINTMENT_BOOKING_FAILED.getMessage());
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@pre-registration-booking-service/src/main/java/io/mosip/preregistration/booking/service/util/BookingServiceUtil.java`
around lines 558 - 575, The resolveEffectiveCrBy method currently falls back to
returning userId when piiBackwardCompatibility is true even if userId is
null/blank; update resolveEffectiveCrBy to validate that the raw identifier is
non-blank before returning it (use a String non-blank check or
StringUtils.isBlank/hasText), log a clear warning (including
maskIdentifier(userId)) when the raw id is blank, and if blank throw
AppointmentBookingFailedException with ErrorCodes.PRG_BOOK_RCI_005 and
ErrorMessages.APPOINTMENT_BOOKING_FAILED; keep the existing catch block and
masking behavior but ensure the fallback only returns a non-empty identifier.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In
`@pre-registration-booking-service/src/main/java/io/mosip/preregistration/booking/service/util/BookingServiceUtil.java`:
- Around line 558-575: The resolveEffectiveCrBy method currently falls back to
returning userId when piiBackwardCompatibility is true even if userId is
null/blank; update resolveEffectiveCrBy to validate that the raw identifier is
non-blank before returning it (use a String non-blank check or
StringUtils.isBlank/hasText), log a clear warning (including
maskIdentifier(userId)) when the raw id is blank, and if blank throw
AppointmentBookingFailedException with ErrorCodes.PRG_BOOK_RCI_005 and
ErrorMessages.APPOINTMENT_BOOKING_FAILED; keep the existing catch block and
masking behavior but ensure the fallback only returns a non-empty identifier.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 52bf984 and 5d118e5.

📒 Files selected for processing (2)

• pre-registration-booking-service/src/main/java/io/mosip/preregistration/booking/service/util/BookingServiceUtil.java
• pre-registration-booking-service/src/test/java/io/mosip/preregistration/booking/test/service/util/BookingServiceUtilTest.java

🚧 Files skipped from review as they are similar to previous changes (1)

• pre-registration-booking-service/src/test/java/io/mosip/preregistration/booking/test/service/util/BookingServiceUtilTest.java

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

pre-registration-booking-service/src/main/java/io/mosip/preregistration/booking/service/BookingService.java (1)

318-318: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Remove debug System.out.println statement.

This is a debug artifact that should be removed before merging. It prints entity contents to stdout which bypasses structured logging and could interfere with log aggregation.

Proposed fix

-							System.out.println("Booking Entity " + bookingEntity);
-

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@pre-registration-booking-service/src/main/java/io/mosip/preregistration/booking/service/BookingService.java`
at line 318, Remove the debug System.out.println in BookingService that prints
"Booking Entity " + bookingEntity; replace it with nothing (delete the
statement) or, if logging is required, use the class logger (e.g., logger.debug
or logger.info) to log bookingEntity in structured/logback-compatible form;
locate the System.out.println in the BookingService method where bookingEntity
is used and delete the println or change it to logger.debug("Booking Entity:
{}", bookingEntity).

pre-registration-booking-service/src/main/java/io/mosip/preregistration/booking/service/util/BookingServiceUtil.java (1)

560-576: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

piiBackwardCompatibility flag is declared but never used.

The piiBackwardCompatibility field (line 153) is injected but not referenced in resolveEffectiveCrBy. Given the PR title mentions "backward compatibility", this appears to be incomplete. Additionally, if getOrCreateInternalUserId returns null or blank, that value is stored as crBy, potentially creating records without a valid creator.

Consider validating the return value and using the backward-compatibility flag for fallback behavior:

Proposed fix

 private String resolveEffectiveCrBy(String userId) {
 	String maskedUserId = GenericUtil.maskIdentifier(userId);
 	try {
 		String effectiveCrBy = userDetailsService.getOrCreateInternalUserId(userId);
-		boolean canonicalApplied = effectiveCrBy != null && !effectiveCrBy.isBlank()
-				&& !effectiveCrBy.trim().equals(userId == null ? "" : userId.trim());
-		log.info("sessionId", "idType", "id",
-				"Resolved effective user id for booking write. maskedUserId=" + maskedUserId
-						+ ", canonicalApplied=" + canonicalApplied);
-		return effectiveCrBy;
+		if (effectiveCrBy != null && !effectiveCrBy.isBlank()) {
+			boolean canonicalApplied = !effectiveCrBy.trim().equals(userId == null ? "" : userId.trim());
+			log.info("sessionId", "idType", "id",
+					"Resolved effective user id for booking write. maskedUserId=" + maskedUserId
+							+ ", canonicalApplied=" + canonicalApplied);
+			return effectiveCrBy;
+		}
+		// Resolution returned null/blank - fall through to fallback logic
 	} catch (UserLookupException ex) {
 		log.warn("sessionId", "idType", "id",
 				"Failed to resolve effective booking user id for " + maskedUserId);
+	}
+	if (piiBackwardCompatibility && userId != null && !userId.isBlank()) {
+		log.warn("sessionId", "idType", "id",
+				"Falling back to raw identifier for booking due to backward-compatibility mode");
+		return userId;
+	}
-		throw new AppointmentBookingFailedException(ErrorCodes.PRG_BOOK_RCI_005.getCode(),
-				ErrorMessages.APPOINTMENT_BOOKING_FAILED.getMessage());
-	}
+	throw new AppointmentBookingFailedException(ErrorCodes.PRG_BOOK_RCI_005.getCode(),
+			ErrorMessages.APPOINTMENT_BOOKING_FAILED.getMessage());
 }

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@pre-registration-booking-service/src/main/java/io/mosip/preregistration/booking/service/util/BookingServiceUtil.java`
around lines 560 - 576, resolveEffectiveCrBy currently calls
userDetailsService.getOrCreateInternalUserId but ignores the injected
piiBackwardCompatibility flag and may return null/blank causing invalid crBy;
update resolveEffectiveCrBy to validate the returned effectiveCrBy (from
getOrCreateInternalUserId) and if it is null/blank then, when
piiBackwardCompatibility is true, fall back to using the original userId (after
masking/normalizing) otherwise log the failure and throw
AppointmentBookingFailedException (ErrorCodes.PRG_BOOK_RCI_005) as already used;
keep current logging (use GenericUtil.maskIdentifier for maskedUserId) and
ensure canonicalApplied logic reflects the final value used for crBy.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In
`@pre-registration-booking-service/src/main/java/io/mosip/preregistration/booking/service/BookingService.java`:
- Line 318: Remove the debug System.out.println in BookingService that prints
"Booking Entity " + bookingEntity; replace it with nothing (delete the
statement) or, if logging is required, use the class logger (e.g., logger.debug
or logger.info) to log bookingEntity in structured/logback-compatible form;
locate the System.out.println in the BookingService method where bookingEntity
is used and delete the println or change it to logger.debug("Booking Entity:
{}", bookingEntity).

In
`@pre-registration-booking-service/src/main/java/io/mosip/preregistration/booking/service/util/BookingServiceUtil.java`:
- Around line 560-576: resolveEffectiveCrBy currently calls
userDetailsService.getOrCreateInternalUserId but ignores the injected
piiBackwardCompatibility flag and may return null/blank causing invalid crBy;
update resolveEffectiveCrBy to validate the returned effectiveCrBy (from
getOrCreateInternalUserId) and if it is null/blank then, when
piiBackwardCompatibility is true, fall back to using the original userId (after
masking/normalizing) otherwise log the failure and throw
AppointmentBookingFailedException (ErrorCodes.PRG_BOOK_RCI_005) as already used;
keep current logging (use GenericUtil.maskIdentifier for maskedUserId) and
ensure canonicalApplied logic reflects the final value used for crBy.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 7af31152-ff6f-420c-aab4-a01b65a6dfc7

📥 Commits

Reviewing files that changed from the base of the PR and between 14a3e5b and e8a5a49.

📒 Files selected for processing (4)

• pre-registration-booking-service/pom.xml
• pre-registration-booking-service/src/main/java/io/mosip/preregistration/booking/service/BookingService.java
• pre-registration-booking-service/src/main/java/io/mosip/preregistration/booking/service/util/BookingServiceUtil.java
• pre-registration-booking-service/src/test/java/io/mosip/preregistration/booking/test/service/util/BookingServiceUtilTest.java