PII issues fixes with backward compatibility for booking service [MOSIP-44379]

[GOKULRAJ136]

Summary by CodeRabbit

• Chores

  • Added the pre-registration application service dependency and a new PII backward-compatibility configuration property.

• New Features

  • Introduced a PII backward-compatibility option that controls how user identifiers are resolved.
  • Added safe identity-resolution and migration during booking, cancellation, and deletion flows.

• Tests

  • Added/updated unit tests covering identifier resolution, migration paths, and failure handling.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Adds canonical user-ID resolution to booking writes via UserDetailsService, wires ApplicationIdentityMigrationService into BookingService create/cancel/delete flows, adds a PII backward-compatibility flag and properties, updates unit tests to mock and validate resolution/failure, and adds a preregistration application-service dependency to the POM.

Changes

Booking identity resolution and migration

Layer / File(s)	Summary
POM: preregistration application-service dependency pre-registration-booking-service/pom.xml	Adds pre.registration.application.service.version property and a dependency on io.mosip.preregistration:pre-registration-application-service using that property.
BookingService identity migration wiring pre-registration-booking-service/src/main/java/.../BookingService.java	Imports and injects ApplicationIdentityMigrationService; after persisting a booking calls migrateRawUserToEffectiveUser(...); resolves effective user id and uses it when cancelling or deleting bookings and when setting response deletedBy.
BookingServiceUtil resolution logic pre-registration-booking-service/src/main/java/.../BookingServiceUtil.java	Injects UserDetailsService and mosip.prereg.pii.backward.compatibility flag; changes bookingEntitySetter(...) to use resolveEffectiveCrBy(String) which calls userDetailsService.getOrCreateInternalUserId(...), logs differences, and maps UserLookupException to AppointmentBookingFailedException.
Tests and config pre-registration-booking-service/src/test/.../BookingServiceUtilTest.java, pre-registration-booking-service/src/main/resources/bootstrap.properties, pre-registration-booking-service/src/test/resources/application.properties	Mocks UserDetailsService, uses ReflectionTestUtils to set piiBackwardCompatibility, stubs canonical id resolution, adds tests for canonical success and failure, and adds mosip.prereg.pii.backward.compatibility=false to properties.

Sequence Diagram(s)

sequenceDiagram
  participant Client
  participant BookingService
  participant BookingServiceUtil
  participant UserDetailsService
  participant ApplicationIdentityMigrationService

  Client->>BookingService: create/cancel/delete booking request (rawUserId, preregId)
  BookingService->>BookingServiceUtil: bookingEntitySetter(authUserId, ...)
  BookingServiceUtil->>UserDetailsService: getOrCreateInternalUserId(rawUserId)
  alt resolved
    UserDetailsService-->>BookingServiceUtil: effectiveUserId
    BookingServiceUtil-->>BookingService: RegistrationBookingEntity (crBy=effectiveUserId)
  else lookup fails
    UserDetailsService--xBookingServiceUtil: throws UserLookupException
    BookingServiceUtil-->>BookingService: throws AppointmentBookingFailedException
  end
  BookingService->>ApplicationIdentityMigrationService: migrateRawUserToEffectiveUser(preregId, bookingEntity.getCrBy())
  ApplicationIdentityMigrationService-->>BookingService: migration result
  BookingService-->>Client: response

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Poem

🐇 I nudge the id from raw to true,

a UUID stitched where once was you,
tests hum, configs softly speak,
migrations run and logs peek,
the rabbit’s happy hop — review is through.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 36.36% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: adding PII fixes with backward compatibility support to the booking service, which is reflected across all modified files including the new dependency, utility updates, configuration properties, and tests.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1b63858 and 52bf984.

📒 Files selected for processing (5)

• pre-registration-booking-service/pom.xml
• pre-registration-booking-service/src/main/java/io/mosip/preregistration/booking/service/util/BookingServiceUtil.java
• pre-registration-booking-service/src/main/resources/bootstrap.properties
• pre-registration-booking-service/src/test/java/io/mosip/preregistration/booking/test/service/util/BookingServiceUtilTest.java
• pre-registration-booking-service/src/test/resources/application.properties

[coderabbitai]

♻️ Duplicate comments (1)

pre-registration-booking-service/src/main/java/io/mosip/preregistration/booking/service/util/BookingServiceUtil.java (1)

558-575: ⚠️ Potential issue | 🟠 Major

Guard against blank raw fallback in backward-compatibility mode.

On Line [568]-Line [571], fallback returns userId even when it may be null/blank, which can still persist an unattributable crBy. Fail fast unless a non-blank identifier is available.

Proposed fix

 private String resolveEffectiveCrBy(String userId) {
+	if (userId == null || userId.isBlank()) {
+		throw new AppointmentBookingFailedException(
+				ErrorCodes.PRG_BOOK_RCI_005.getCode(),
+				ErrorMessages.APPOINTMENT_BOOKING_FAILED.getMessage());
+	}
 	try {
 		UserDetails userDetail = userDetailsService.findOrCreateByIdentifier(userId);
 		if (userDetail != null && userDetail.getUserId() != null) {
 			return userDetail.getUserId().toString();
 		}
 	} catch (Exception ex) {
 		log.warn("sessionId", "idType", "id",
 				"Failed to resolve canonical user id for booking: " + maskIdentifier(userId));
 	}
-	if (piiBackwardCompatibility) {
+	if (piiBackwardCompatibility) {
 		log.warn("sessionId", "idType", "id",
 				"Falling back to raw identifier for booking due to backward-compatibility mode");
 		return userId;
 	}
 	throw new AppointmentBookingFailedException(ErrorCodes.PRG_BOOK_RCI_005.getCode(),
 			ErrorMessages.APPOINTMENT_BOOKING_FAILED.getMessage());
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@pre-registration-booking-service/src/main/java/io/mosip/preregistration/booking/service/util/BookingServiceUtil.java`
around lines 558 - 575, The resolveEffectiveCrBy method currently falls back to
returning userId when piiBackwardCompatibility is true even if userId is
null/blank; update resolveEffectiveCrBy to validate that the raw identifier is
non-blank before returning it (use a String non-blank check or
StringUtils.isBlank/hasText), log a clear warning (including
maskIdentifier(userId)) when the raw id is blank, and if blank throw
AppointmentBookingFailedException with ErrorCodes.PRG_BOOK_RCI_005 and
ErrorMessages.APPOINTMENT_BOOKING_FAILED; keep the existing catch block and
masking behavior but ensure the fallback only returns a non-empty identifier.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In
`@pre-registration-booking-service/src/main/java/io/mosip/preregistration/booking/service/util/BookingServiceUtil.java`:
- Around line 558-575: The resolveEffectiveCrBy method currently falls back to
returning userId when piiBackwardCompatibility is true even if userId is
null/blank; update resolveEffectiveCrBy to validate that the raw identifier is
non-blank before returning it (use a String non-blank check or
StringUtils.isBlank/hasText), log a clear warning (including
maskIdentifier(userId)) when the raw id is blank, and if blank throw
AppointmentBookingFailedException with ErrorCodes.PRG_BOOK_RCI_005 and
ErrorMessages.APPOINTMENT_BOOKING_FAILED; keep the existing catch block and
masking behavior but ensure the fallback only returns a non-empty identifier.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 52bf984 and 5d118e5.

📒 Files selected for processing (2)

• pre-registration-booking-service/src/main/java/io/mosip/preregistration/booking/service/util/BookingServiceUtil.java
• pre-registration-booking-service/src/test/java/io/mosip/preregistration/booking/test/service/util/BookingServiceUtilTest.java

🚧 Files skipped from review as they are similar to previous changes (1)

• pre-registration-booking-service/src/test/java/io/mosip/preregistration/booking/test/service/util/BookingServiceUtilTest.java

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

pre-registration-booking-service/src/main/java/io/mosip/preregistration/booking/service/BookingService.java (1)

318-318: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Remove debug System.out.println statement.

This is a debug artifact that should be removed before merging. It prints entity contents to stdout which bypasses structured logging and could interfere with log aggregation.

Proposed fix

-							System.out.println("Booking Entity " + bookingEntity);
-

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@pre-registration-booking-service/src/main/java/io/mosip/preregistration/booking/service/BookingService.java`
at line 318, Remove the debug System.out.println in BookingService that prints
"Booking Entity " + bookingEntity; replace it with nothing (delete the
statement) or, if logging is required, use the class logger (e.g., logger.debug
or logger.info) to log bookingEntity in structured/logback-compatible form;
locate the System.out.println in the BookingService method where bookingEntity
is used and delete the println or change it to logger.debug("Booking Entity:
{}", bookingEntity).

pre-registration-booking-service/src/main/java/io/mosip/preregistration/booking/service/util/BookingServiceUtil.java (1)

560-576: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

piiBackwardCompatibility flag is declared but never used.

The piiBackwardCompatibility field (line 153) is injected but not referenced in resolveEffectiveCrBy. Given the PR title mentions "backward compatibility", this appears to be incomplete. Additionally, if getOrCreateInternalUserId returns null or blank, that value is stored as crBy, potentially creating records without a valid creator.

Consider validating the return value and using the backward-compatibility flag for fallback behavior:

Proposed fix

 private String resolveEffectiveCrBy(String userId) {
 	String maskedUserId = GenericUtil.maskIdentifier(userId);
 	try {
 		String effectiveCrBy = userDetailsService.getOrCreateInternalUserId(userId);
-		boolean canonicalApplied = effectiveCrBy != null && !effectiveCrBy.isBlank()
-				&& !effectiveCrBy.trim().equals(userId == null ? "" : userId.trim());
-		log.info("sessionId", "idType", "id",
-				"Resolved effective user id for booking write. maskedUserId=" + maskedUserId
-						+ ", canonicalApplied=" + canonicalApplied);
-		return effectiveCrBy;
+		if (effectiveCrBy != null && !effectiveCrBy.isBlank()) {
+			boolean canonicalApplied = !effectiveCrBy.trim().equals(userId == null ? "" : userId.trim());
+			log.info("sessionId", "idType", "id",
+					"Resolved effective user id for booking write. maskedUserId=" + maskedUserId
+							+ ", canonicalApplied=" + canonicalApplied);
+			return effectiveCrBy;
+		}
+		// Resolution returned null/blank - fall through to fallback logic
 	} catch (UserLookupException ex) {
 		log.warn("sessionId", "idType", "id",
 				"Failed to resolve effective booking user id for " + maskedUserId);
+	}
+	if (piiBackwardCompatibility && userId != null && !userId.isBlank()) {
+		log.warn("sessionId", "idType", "id",
+				"Falling back to raw identifier for booking due to backward-compatibility mode");
+		return userId;
+	}
-		throw new AppointmentBookingFailedException(ErrorCodes.PRG_BOOK_RCI_005.getCode(),
-				ErrorMessages.APPOINTMENT_BOOKING_FAILED.getMessage());
-	}
+	throw new AppointmentBookingFailedException(ErrorCodes.PRG_BOOK_RCI_005.getCode(),
+			ErrorMessages.APPOINTMENT_BOOKING_FAILED.getMessage());
 }

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@pre-registration-booking-service/src/main/java/io/mosip/preregistration/booking/service/util/BookingServiceUtil.java`
around lines 560 - 576, resolveEffectiveCrBy currently calls
userDetailsService.getOrCreateInternalUserId but ignores the injected
piiBackwardCompatibility flag and may return null/blank causing invalid crBy;
update resolveEffectiveCrBy to validate the returned effectiveCrBy (from
getOrCreateInternalUserId) and if it is null/blank then, when
piiBackwardCompatibility is true, fall back to using the original userId (after
masking/normalizing) otherwise log the failure and throw
AppointmentBookingFailedException (ErrorCodes.PRG_BOOK_RCI_005) as already used;
keep current logging (use GenericUtil.maskIdentifier for maskedUserId) and
ensure canonicalApplied logic reflects the final value used for crBy.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In
`@pre-registration-booking-service/src/main/java/io/mosip/preregistration/booking/service/BookingService.java`:
- Line 318: Remove the debug System.out.println in BookingService that prints
"Booking Entity " + bookingEntity; replace it with nothing (delete the
statement) or, if logging is required, use the class logger (e.g., logger.debug
or logger.info) to log bookingEntity in structured/logback-compatible form;
locate the System.out.println in the BookingService method where bookingEntity
is used and delete the println or change it to logger.debug("Booking Entity:
{}", bookingEntity).

In
`@pre-registration-booking-service/src/main/java/io/mosip/preregistration/booking/service/util/BookingServiceUtil.java`:
- Around line 560-576: resolveEffectiveCrBy currently calls
userDetailsService.getOrCreateInternalUserId but ignores the injected
piiBackwardCompatibility flag and may return null/blank causing invalid crBy;
update resolveEffectiveCrBy to validate the returned effectiveCrBy (from
getOrCreateInternalUserId) and if it is null/blank then, when
piiBackwardCompatibility is true, fall back to using the original userId (after
masking/normalizing) otherwise log the failure and throw
AppointmentBookingFailedException (ErrorCodes.PRG_BOOK_RCI_005) as already used;
keep current logging (use GenericUtil.maskIdentifier for maskedUserId) and
ensure canonicalApplied logic reflects the final value used for crBy.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 7af31152-ff6f-420c-aab4-a01b65a6dfc7

📥 Commits

Reviewing files that changed from the base of the PR and between 14a3e5b and e8a5a49.

📒 Files selected for processing (4)

• pre-registration-booking-service/pom.xml
• pre-registration-booking-service/src/main/java/io/mosip/preregistration/booking/service/BookingService.java
• pre-registration-booking-service/src/main/java/io/mosip/preregistration/booking/service/util/BookingServiceUtil.java
• pre-registration-booking-service/src/test/java/io/mosip/preregistration/booking/test/service/util/BookingServiceUtilTest.java

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

pre-registration-booking-service/src/main/java/io/mosip/preregistration/booking/service/util/BookingServiceUtil.java (1)

152-153: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

piiBackwardCompatibility is currently a no-op in creator resolution.

Line [153] introduces the flag, but Lines [560-576] never read it. That makes strict and compatibility modes identical and always fails booking on lookup failure, which defeats the backward-compatibility behavior this change set introduces.

Proposed fix

 private String resolveEffectiveCrBy(String userId) {
 	String maskedUserId = GenericUtil.maskIdentifier(userId);
 	try {
 		String effectiveCrBy = userDetailsService.getOrCreateInternalUserId(userId);
-		boolean canonicalApplied = effectiveCrBy != null && !effectiveCrBy.isBlank()
-				&& !effectiveCrBy.trim().equals(userId == null ? "" : userId.trim());
-		log.info("sessionId", "idType", "id",
-				"Resolved effective user id for booking write. maskedUserId=" + maskedUserId
-						+ ", canonicalApplied=" + canonicalApplied);
-		return effectiveCrBy;
+		if (effectiveCrBy != null && !effectiveCrBy.isBlank()) {
+			boolean canonicalApplied = !effectiveCrBy.trim().equals(userId == null ? "" : userId.trim());
+			log.info("sessionId", "idType", "id",
+					"Resolved effective user id for booking write. maskedUserId=" + maskedUserId
+							+ ", canonicalApplied=" + canonicalApplied);
+			return effectiveCrBy;
+		}
 	} catch (UserLookupException ex) {
 		log.warn("sessionId", "idType", "id",
 				"Failed to resolve effective booking user id for " + maskedUserId);
-		throw new AppointmentBookingFailedException(ErrorCodes.PRG_BOOK_RCI_005.getCode(),
-				ErrorMessages.APPOINTMENT_BOOKING_FAILED.getMessage());
 	}
+	if (piiBackwardCompatibility && userId != null && !userId.isBlank()) {
+		log.warn("sessionId", "idType", "id",
+				"Falling back to raw identifier for booking due to backward-compatibility mode");
+		return userId;
+	}
+	throw new AppointmentBookingFailedException(ErrorCodes.PRG_BOOK_RCI_005.getCode(),
+			ErrorMessages.APPOINTMENT_BOOKING_FAILED.getMessage());
 }

Also applies to: 560-576

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@pre-registration-booking-service/src/main/java/io/mosip/preregistration/booking/service/util/BookingServiceUtil.java`
around lines 152 - 153, The piiBackwardCompatibility flag introduced on
BookingServiceUtil is never used in the creator resolution logic, so update the
creator-resolution code path (the block handling PII lookup/failure around the
current creator resolution method in BookingServiceUtil) to consult
piiBackwardCompatibility: when piiBackwardCompatibility is true, treat lookup
failures as non-fatal and apply the backward-compatibility fallback (proceed
with booking or use compatible creator fallback), otherwise keep the strict
behavior (throw/return failure on lookup error). Modify the branch that
currently always fails on lookup to check
BookingServiceUtil.piiBackwardCompatibility and branch accordingly, ensuring
logs still record the lookup error while allowing the compatible flow when the
flag is enabled.

pre-registration-booking-service/src/test/java/io/mosip/preregistration/booking/test/service/util/BookingServiceUtilTest.java (1)

582-603: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Compatibility-mode test does not validate mode-specific behavior.

Lines [582-603] toggle piiBackwardCompatibility, but both tests assert the same output. This won’t catch regressions where compatibility mode should diverge from strict mode.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@pre-registration-booking-service/src/test/java/io/mosip/preregistration/booking/test/service/util/BookingServiceUtilTest.java`
around lines 582 - 603, The two tests toggle piiBackwardCompatibility but assert
the same crBy value, so update
bookingEntitySetterWithCompatibilityModeWritesUuidTest to validate the
compatibility-mode behavior (use BookingServiceUtil.bookingEntitySetter with
piiBackwardCompatibility=true) by asserting that entity.getCrBy() is not the
legacy fixed "00000000-0000-0000-0000-000000000001" and instead matches the
expected UUID behavior (either assertNotEquals the legacy value or assert the
value matches a UUID pattern); if determinism is required, mock or inject the
UUID provider used by bookingEntitySetter so you can assert the exact UUID.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In
`@pre-registration-booking-service/src/main/java/io/mosip/preregistration/booking/service/util/BookingServiceUtil.java`:
- Around line 152-153: The piiBackwardCompatibility flag introduced on
BookingServiceUtil is never used in the creator resolution logic, so update the
creator-resolution code path (the block handling PII lookup/failure around the
current creator resolution method in BookingServiceUtil) to consult
piiBackwardCompatibility: when piiBackwardCompatibility is true, treat lookup
failures as non-fatal and apply the backward-compatibility fallback (proceed
with booking or use compatible creator fallback), otherwise keep the strict
behavior (throw/return failure on lookup error). Modify the branch that
currently always fails on lookup to check
BookingServiceUtil.piiBackwardCompatibility and branch accordingly, ensuring
logs still record the lookup error while allowing the compatible flow when the
flag is enabled.

In
`@pre-registration-booking-service/src/test/java/io/mosip/preregistration/booking/test/service/util/BookingServiceUtilTest.java`:
- Around line 582-603: The two tests toggle piiBackwardCompatibility but assert
the same crBy value, so update
bookingEntitySetterWithCompatibilityModeWritesUuidTest to validate the
compatibility-mode behavior (use BookingServiceUtil.bookingEntitySetter with
piiBackwardCompatibility=true) by asserting that entity.getCrBy() is not the
legacy fixed "00000000-0000-0000-0000-000000000001" and instead matches the
expected UUID behavior (either assertNotEquals the legacy value or assert the
value matches a UUID pattern); if determinism is required, mock or inject the
UUID provider used by bookingEntitySetter so you can assert the exact UUID.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 80ede35e-a816-4109-8d3e-4df4c68c0a6e

📥 Commits

Reviewing files that changed from the base of the PR and between e8a5a49 and 736e9c3.

📒 Files selected for processing (3)

• pre-registration-booking-service/pom.xml
• pre-registration-booking-service/src/main/java/io/mosip/preregistration/booking/service/util/BookingServiceUtil.java
• pre-registration-booking-service/src/test/java/io/mosip/preregistration/booking/test/service/util/BookingServiceUtilTest.java