Skip to content

feat(gs): add email to userDataId lookup to debug tooling#3841

Open
TaprootFreak wants to merge 4 commits into
developfrom
feat/gs-debug-user-lookup
Open

feat(gs): add email to userDataId lookup to debug tooling#3841
TaprootFreak wants to merge 4 commits into
developfrom
feat/gs-debug-user-lookup

Conversation

@TaprootFreak

@TaprootFreak TaprootFreak commented Jun 9, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

Summary

The POST /gs/debug SQL endpoint blocks the user_data.mail column (PII) via DebugBlockedCols, so an email address cannot be resolved to a userDataId through SQL. This adds a sanctioned, narrow reverse lookup that mirrors the existing compliance search.

  • New POST /gs/debug/user endpoint (DEBUG role), body { mail }.
  • Returns only { type, userDataIds } — never firstname, surname, mail, or any other PII. A mail can map to several accounts (test aliases / merges), so userDataIds is a deduplicated, sorted list.
  • Resolution uses the same UserDataService.getUsersByMail(mail, false) the compliance search uses for a mail (status unfiltered, incl. merged). The email is never logged.
  • New -u/--user <email> flag in scripts/db-debug.sh.

Test plan

  • npm run lint
  • npm run format:check
  • npm run build
  • npm run test (gs.service spec: 33 passing, incl. cases proving the result contains only userDataIds even when the resolved records carry names, plus dedup/sort and empty-result)
  • Manual: ./scripts/db-debug.sh --user <email> against an environment returns the matching userDataId(s)

@TaprootFreak
feat(gs): add email to userDataId lookup to debug tooling
642c523 
The /gs/debug SQL endpoint blocks the user_data.mail column (PII), so an
email address cannot be resolved to a userDataId via SQL. Add a dedicated
POST /gs/debug/user endpoint (DEBUG role) that returns only non-PII
identifiers, plus a -u/--user flag in scripts/db-debug.sh.
@TaprootFreak
refactor(gs): return only userDataIds from debug user lookup
f197a69 
Mirror the compliance search result shape ({ type, userDataIds }) and
return solely non-PII userDataIds (deduplicated, sorted) — never name,
mail or other personal data.
@TaprootFreak
test(gs): assert debug user lookup never returns PII
ef4929a 
Make the no-PII guarantee explicit: feed records carrying firstname/surname
and assert the serialized response contains only userDataIds.
@TaprootFreak
chore(gs): polish debug user lookup imports and query
199a00c 
Use absolute import paths per the contribution guide and skip loading
unused relations (only the id is read) in the mail resolution.
@TaprootFreak TaprootFreak marked this pull request as ready for review June 9, 2026 09:03
@TaprootFreak TaprootFreak requested a review from davidleomay as a code owner June 9, 2026 09:03
@TaprootFreak TaprootFreak enabled auto-merge (squash) June 9, 2026 09:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@davidleomay davidleomay Awaiting requested review from davidleomay davidleomay is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@TaprootFreak