Skip to content

Add null check for organizationId before rewriting basePath #7630

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add null check for organizationId before rewriting basePath #7630

wants to merge 1 commit into from

Conversation

@HasiniSama
Copy link
Contributor

@HasiniSama HasiniSama commented Nov 24, 2025
edited by coderabbitai bot
Loading

Proposed changes in this pull request

$subject

Adds a null check for organizationId to ensure the base path is rewritten only when a valid organization context is available.

Summary by CodeRabbit

  • Bug Fixes
    • Fixed an issue with path handling in organization-aware environments. The system now properly validates organization identifiers before processing path segments, preventing potential errors in path routing.

✏️ Tip: You can customize this high-level summary in your review settings.

Copilot AI review requested due to automatic review settings November 24, 2025 08:39
wso2-engineering[bot]
wso2-engineering bot suggested changes Nov 24, 2025
View reviewed changes
Copy link
Contributor

@wso2-engineering wso2-engineering bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI Agent Log Improvement Checklist

⚠️ Warning: AI-Generated Review Comments

  • The log-related comments and suggestions in this review were generated by an AI tool to assist with identifying potential improvements. Purpose of reviewing the code for log improvements is to improve the troubleshooting capabilities of our products.
  • Please make sure to manually review and validate all suggestions before applying any changes. Not every code suggestion would make sense or add value to our purpose. Therefore, you have the freedom to decide which of the suggestions are helpful.

✅ Before merging this pull request:

  • Review all AI-generated comments for accuracy and relevance.
  • Complete and verify the table below. We need your feedback to measure the accuracy of these suggestions and the value they add. If you are rejecting a certain code suggestion, please mention the reason briefly in the suggestion for us to capture it.
Comment Accepted (Y/N) Reason
#### Log Improvement Suggestion No: 1

@coderabbitai
Copy link

coderabbitai bot commented Nov 24, 2025
edited
Loading

Walkthrough

A null-check is added to the getBasePath method in the identity management endpoint utility. When a non-tenant-qualified server detects an organization context prefix in the base path, replacement of organization-specific segments now only occurs if organizationId is non-null.

Changes

Cohort / File(s) Summary
Null-check validation
components/identity-mgt/org.wso2.carbon.identity.mgt.endpoint.util/src/main/java/org/wso2/carbon/identity/mgt/endpoint/util/IdentityManagementEndpointUtil.java		 Added null-check for organizationId in getBasePath method before performing organization-specific segment replacement in non-tenant-qualified server scenarios

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

  • Single method modification with straightforward defensive programming change
  • Minimal scope: one null-check addition to prevent potential null-reference issues
  • Low complexity logic, consistent with existing patterns

Poem

A hop, a skip, a null-check guard,
To keep our paths both safe and hard,
When organizations dance and sway,
We check for null, the safest way! 🐰✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Description check ⚠️ Warning The PR description is largely incomplete compared to the required template. It only provides a brief statement of the change without addressing most required sections such as Purpose, Goals, Approach, User stories, Release note, Documentation, Testing details, Security checks, and other mandatory fields. Complete the description by adding the required template sections including Purpose with issue links, Goals, Approach, User stories, Release note, Documentation impact, Testing details (unit/integration tests), and Security checks verification.
✅ Passed checks (2 passed)
Check name Status Explanation
Title check ✅ Passed The title 'Add null check for organizationId before rewriting basePath' directly and clearly describes the main code change - adding a null check for organizationId in the basePath rewriting logic.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Copilot finished reviewing on behalf of HasiniSama November 24, 2025 08:41
@sonarqubecloud
Copy link

sonarqubecloud bot commented Nov 24, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

coderabbitai[bot]
coderabbitai bot reviewed Nov 24, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (1)
components/identity-mgt/org.wso2.carbon.identity.mgt.endpoint.util/src/main/java/org/wso2/carbon/identity/mgt/endpoint/util/IdentityManagementEndpointUtil.java (1)

859-863: Use StringUtils.isNotBlank() for consistency and consider adding logging.

The null check is essential and prevents a potential NPE. However, for consistency with the codebase pattern shown at line 847 and the project's coding conventions, use StringUtils.isNotBlank(organizationId) instead of organizationId != null. This also guards against empty strings.

Additionally, when organizationId is null or blank but the basePath contains the organization context prefix (checked at line 856), the URL may remain in a malformed state. Consider adding debug logging for successful replacements and warning logging for the null case to improve observability.

Based on learnings, the carbon-identity-framework project prefers StringUtils.isNotBlank() for validation in similar contexts.

Apply this diff to improve consistency and observability:

                    } else if (basePath != null && basePath.contains(FrameworkConstants.ORGANIZATION_CONTEXT_PREFIX)) {
                        String organizationId = PrivilegedCarbonContext.getThreadLocalCarbonContext()
                                .getOrganizationId();
-                       if (organizationId != null) {
+                       if (StringUtils.isNotBlank(organizationId)) {
+                           if (log.isDebugEnabled()) {
+                               log.debug("Replacing organization context for organizationId: " + organizationId + 
+                                        " with tenant domain: " + tenantDomain);
+                           }
                            basePath = basePath.replace(
                                    FrameworkConstants.ORGANIZATION_CONTEXT_PREFIX + organizationId,
                                    FrameworkConstants.TENANT_CONTEXT_PREFIX + tenantDomain);
+                       } else {
+                           log.warn("Organization ID is null or blank while processing base path with organization context");
                        }
                    }
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e4e291a and 0119bac.

📒 Files selected for processing (1)
  • components/identity-mgt/org.wso2.carbon.identity.mgt.endpoint.util/src/main/java/org/wso2/carbon/identity/mgt/endpoint/util/IdentityManagementEndpointUtil.java (1 hunks)
🧰 Additional context used
🧠 Learnings (2)
📓 Common learnings 
Learnt from: ShanChathusanda93
Repo: wso2/carbon-identity-framework PR: 7596
File: components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/AbstractRequestCoordinator.java:61-71
Timestamp: 2025-11-06T13:49:53.627Z
Learning: In the carbon-identity-framework project, when resolving tenant domain from organization context in authentication flows, use StringUtils.isNotBlank() for validation instead of separate null and empty checks, and do not add logging for successful tenant domain resolution operations.

Learnt from: ShanChathusanda93
Repo: wso2/carbon-identity-framework PR: 7596
File: components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/AbstractApplicationAuthenticator.java:133-137
Timestamp: 2025-11-07T06:21:44.448Z
Learning: In the carbon-identity-framework project, when OrganizationManager is used in the authentication framework components (FrameworkServiceComponent and related classes), null checks are not required because OrganizationManager is declared with ReferenceCardinality.MANDATORY in the OSGi component. This means the component will not activate until OrganizationManager is available, providing an architectural guarantee that the service is always present when the code executes.
📚 Learning: 2025-11-06T13:49:53.627Z 
Learnt from: ShanChathusanda93
Repo: wso2/carbon-identity-framework PR: 7596
File: components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/AbstractRequestCoordinator.java:61-71
Timestamp: 2025-11-06T13:49:53.627Z
Learning: In the carbon-identity-framework project, when resolving tenant domain from organization context in authentication flows, use StringUtils.isNotBlank() for validation instead of separate null and empty checks, and do not add logging for successful tenant domain resolution operations.

Applied to files:

  • components/identity-mgt/org.wso2.carbon.identity.mgt.endpoint.util/src/main/java/org/wso2/carbon/identity/mgt/endpoint/util/IdentityManagementEndpointUtil.java

Copilot AI reviewed Nov 24, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request adds a null safety check for organizationId to prevent potential NullPointerException when rewriting the base path in organization contexts. The change ensures that the base path rewrite operation only occurs when a valid organization ID is available from the thread-local context.

  • Added a null check before performing string replacement on the basePath to handle scenarios where organizationId might be null

...src/main/java/org/wso2/carbon/identity/mgt/endpoint/util/IdentityManagementEndpointUtil.java
if (organizationId != null) {
basePath = basePath.replace(
FrameworkConstants.ORGANIZATION_CONTEXT_PREFIX + organizationId,
FrameworkConstants.TENANT_CONTEXT_PREFIX + tenantDomain);
Copy link

Copilot AI Nov 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[nitpick] While the null check is a good defensive measure, consider adding debug logging when organizationId is null to aid troubleshooting. This would help identify scenarios where the basePath rewrite is skipped unexpectedly. For example:

if (organizationId != null) {
    basePath = basePath.replace(
            FrameworkConstants.ORGANIZATION_CONTEXT_PREFIX + organizationId,
            FrameworkConstants.TENANT_CONTEXT_PREFIX + tenantDomain);
} else {
    if (log.isDebugEnabled()) {
        log.debug("Organization ID is null. Skipping basePath rewrite for organization context.");
    }
}
Suggested change
FrameworkConstants.TENANT_CONTEXT_PREFIX + tenantDomain);
FrameworkConstants.TENANT_CONTEXT_PREFIX + tenantDomain);
} else {
// Organization ID is null. Skipping basePath rewrite for organization context.
if (log.isDebugEnabled()) {
log.debug("Organization ID is null. Skipping basePath rewrite for organization context.");
}

Copilot uses AI. Check for mistakes.
ShanChathusanda93
ShanChathusanda93 reviewed Nov 24, 2025
View reviewed changes
...src/main/java/org/wso2/carbon/identity/mgt/endpoint/util/IdentityManagementEndpointUtil.java
basePath = basePath.replace(
FrameworkConstants.ORGANIZATION_CONTEXT_PREFIX + organizationId,
FrameworkConstants.TENANT_CONTEXT_PREFIX + tenantDomain);
if (organizationId != null) {
Copy link
Contributor

@ShanChathusanda93 ShanChathusanda93 Nov 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shall we use StringUtils? WDYT?

@codecov
Copy link

codecov bot commented Nov 24, 2025

Codecov Report

❌ Patch coverage is 50.00000% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 50.67%. Comparing base (6c654ae) to head (0119bac).
⚠️ Report is 3 commits behind head on master.

Files with missing lines Patch % Lines
.../endpoint/util/IdentityManagementEndpointUtil.java 50.00% 0 Missing and 1 partial ⚠️
Additional details and impacted files 
@@             Coverage Diff              @@
##             master    #7630      +/-   ##
============================================
+ Coverage     50.40%   50.67%   +0.27%     
- Complexity    19782    19876      +94     
============================================
  Files          2121     2121              
  Lines        129958   130028      +70     
  Branches      26528    26999     +471     
============================================
+ Hits          65507    65894     +387     
+ Misses        56135    55785     -350     
- Partials       8316     8349      +33
Flag Coverage Δ
unit 35.60% <50.00%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ShanChathusanda93 ShanChathusanda93 ShanChathusanda93 left review comments

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Copilot code review Copilot Copilot left review comments

+1 more reviewer

@wso2-engineering wso2-engineering[bot] wso2-engineering[bot] approved these changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@HasiniSama @ShanChathusanda93