[react] Update profile data edit API endpoints to use PUT /users/me#9
[react] Update profile data edit API endpoints to use PUT /users/me#9janithjay wants to merge 1 commit into
PUT /users/me#9Conversation
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
📝 WalkthroughWalkthroughThe PR migrates profile read/write operations from SCIM2 endpoints ( ChangesUsers me profile migration (core + React)
Cross-framework users-me adoption and schema removal
Auth request params and callback tests
Shared regression expectations
Estimated code review effort: 4 (Complex) | ~75 minutes Sequence Diagram(s)sequenceDiagram
participant UI as UserProfile
participant updateMeProfile
participant UsersMeAPI as "/users/me"
UI->>updateMeProfile: PUT with { attributes: payload }
updateMeProfile->>UsersMeAPI: send JSON PUT request
UsersMeAPI-->>updateMeProfile: updated user with attributes
updateMeProfile->>updateMeProfile: merge attributes into user
updateMeProfile-->>UI: processed User
sequenceDiagram
participant App
participant ThunderIDProvider
participant Client
participant UsersMeAPI as "/users/me"
App->>ThunderIDProvider: updateSession()
ThunderIDProvider->>Client: isSignedIn()
Client-->>ThunderIDProvider: signed-in status
alt signed in and fetchUserProfile enabled
ThunderIDProvider->>UsersMeAPI: getUsersMe(baseUrl, instanceId)
UsersMeAPI-->>ThunderIDProvider: profile data
ThunderIDProvider->>ThunderIDProvider: merge profile into claims
end
ThunderIDProvider-->>App: user, userProfile, flattenedProfile
Possibly related issues
Suggested reviewers: 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 11
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
packages/react/src/components/auth/Callback/__tests__/TokenCallback.test.tsx (1)
23-47: 📐 Maintainability & Code Quality | 🟡 MinorType
thunderIDContextasThunderIDContextThe
thunderIDContextfixture is currently declared with: any. This forces TypeScript to treat the entire context object as unsafe, triggering@typescript-eslint/no-unsafe-assignmenterrors when its properties are accessed in the test assertions and render calls.Change the declaration to
const thunderIDContext: ThunderIDContext = ...(or a compatible shape) to satisfy the type checker and ensure the tests validate the actual context contract.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@packages/react/src/components/auth/Callback/__tests__/TokenCallback.test.tsx` around lines 23 - 47, The TokenCallback test fixture is using an unsafe any-typed context object, which causes type-checking issues in the assertions and render setup. Update the thunderIDContext declaration to use ThunderIDContext (or a compatible typed shape) and keep the existing mocked methods like getStorageManager, signIn, and signUp typed accordingly so the test exercises the real context contract without unsafe assignments.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@packages/javascript/src/api/__tests__/getScim2Me.test.ts`:
- Around line 24-37: The test fixture for getScim2Me uses a broad Record<string,
unknown> shape, which leaves mockUserResponse.attributes typed as unknown and
triggers the unsafe spread in mockUser. Update the mock definitions in
getScim2Me.test.ts so mockUserResponse has an explicit attributes type (or use
satisfies with a precise interface), and keep mockUser built from that strongly
typed attributes object to satisfy the lint rule.
In `@packages/javascript/src/api/__tests__/updateMeProfile.test.ts`:
- Around line 54-62: The test assertions are reading mocked fetch calls through
an untyped/any path, which is triggering ESLint. In the updateMeProfile test
cases, cast the first entry from Mock.mock.calls to a typed tuple like [string,
RequestInit] before destructuring, and use the typed RequestInit/body access for
JSON.parse instead of going through any. Apply the same cleanup in the other
affected assertions as well, using the existing fetch mock and RequestInit
references to keep the types explicit.
In `@packages/javascript/src/api/getScim2Me.ts`:
- Around line 137-142: The normalization block in getScim2Me currently spreads
user['attributes'] directly, which lets the index signature collapse
processedUser and the return value to any. Narrow or cast attributes to a
concrete object type before flattening inside getScim2Me, then build
processedUser from that typed value and pass the typed result into
processUserUsername so the new path stays lint-clean.
In `@packages/javascript/src/api/updateMeProfile.ts`:
- Around line 144-149: The update path in updateMeProfile currently spreads
user['attributes'] directly, which leaves the merged result unsafe and triggers
no-unsafe-assignment/no-unsafe-return. Narrow or type attributes as an object
before constructing processedUser, then return the typed flattened user through
processUserUsername so the helper stays type-safe like the read path.
- Around line 113-116: The request setup in updateMeProfile should not allow
callers to override the new PUT contract. In the requestInit object used by
updateMeProfile, ensure the spread of requestConfig happens before the method
assignment, or explicitly reassign method after spreading, so a caller cannot
pass a different HTTP verb and bypass the /users/me PUT migration.
In `@packages/react/package.json`:
- Around line 54-58: The devDependencies block in package.json has a duplicated
`@vitest/browser-playwright` entry, which creates an invalid/ambiguous manifest.
Remove one of the duplicate entries from the package manifest and keep only a
single `@vitest/browser-playwright` key alongside the other devDependencies.
In `@packages/react/src/components/presentation/UserProfile/BaseUserProfile.tsx`:
- Around line 145-147: The useEffect in BaseUserProfile is overwriting the
entire editedUser state whenever flattenedProfile or profile changes, which
clobbers other in-flight edits tracked by editingFields. Update this sync logic
so it only merges in refreshed values for fields that are not currently being
edited, or skip resetting editedUser while any field is dirty. Keep the fix
localized to the BaseUserProfile state synchronization path around setEditedUser
and editingFields.
In `@packages/react/src/components/presentation/UserProfile/UserProfile.tsx`:
- Around line 78-87: The `updatedAttributes` merge in `UserProfile` is shallow,
so nested patches from `BaseUserProfile` (for example `name.givenName`)
overwrite sibling fields in `attributes`. Update the merge logic to deep-merge
`payload` into the existing `profile['attributes']` document instead of using a
top-level spread, and keep the existing cleanup that removes `undefined`/`null`
values before the `PUT`.
In `@packages/react/src/contexts/ThunderID/ThunderIDProvider.tsx`:
- Around line 21-29: The ThunderIDProvider import list includes an unused
HttpResponse symbol, which keeps the lint error active. Remove HttpResponse from
the imports in ThunderIDProvider so the remaining symbols like
ThunderIDRuntimeError, generateFlattenedUserProfile, and UserProfile are the
only referenced imports.
- Around line 59-109: The hardcoded DEFAULT_USER_PROFILE_SCHEMAS in
ThunderIDProvider is causing BaseUserProfile to render only the six built-in
fields and hide any custom or extension profile attributes. Update the schemas
flow so it comes from the authoritative profile metadata when available, or keep
schemas empty when using the flattened object from
generateFlattenedUserProfile(), ensuring BaseUserProfile can still surface all
non-default fields.
- Around line 214-227: In ThunderIDProvider’s user-profile load flow, the
/users/me failure path is leaving profileData populated from claims only, which
makes the profile editable without a full attributes snapshot. Update the logic
around getScim2Me and the subsequent setUser/setUserProfile so that, when the
fetch fails, you either keep the previously fetched profile.attributes state or
mark the profile as read-only instead of falling back to a claims-only editable
profile. Make sure the downstream PUT /users/me merge path still has a complete
attributes object, using the existing profileData, generateFlattenedUserProfile,
and DEFAULT_USER_PROFILE_SCHEMAS flow as the key points to adjust.
---
Outside diff comments:
In
`@packages/react/src/components/auth/Callback/__tests__/TokenCallback.test.tsx`:
- Around line 23-47: The TokenCallback test fixture is using an unsafe any-typed
context object, which causes type-checking issues in the assertions and render
setup. Update the thunderIDContext declaration to use ThunderIDContext (or a
compatible typed shape) and keep the existing mocked methods like
getStorageManager, signIn, and signUp typed accordingly so the test exercises
the real context contract without unsafe assignments.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro Plus
Run ID: cce87ffa-d726-4f5b-b942-01afbf49a26f
⛔ Files ignored due to path filters (1)
pnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (18)
packages/browser/package.jsonpackages/javascript/package.jsonpackages/javascript/src/api/__tests__/getScim2Me.test.tspackages/javascript/src/api/__tests__/updateMeProfile.test.tspackages/javascript/src/api/getScim2Me.tspackages/javascript/src/api/updateMeProfile.tspackages/javascript/src/errors/__tests__/ThunderIDAPIError.test.tspackages/javascript/src/theme/createTheme.test.tspackages/javascript/src/utils/getAuthorizeRequestUrlParams.tspackages/react-router/package.jsonpackages/react/package.jsonpackages/react/src/api/updateMeProfile.tspackages/react/src/components/auth/Callback/__tests__/Callback.test.tsxpackages/react/src/components/auth/Callback/__tests__/TokenCallback.test.tsxpackages/react/src/components/presentation/UserProfile/BaseUserProfile.tsxpackages/react/src/components/presentation/UserProfile/UserProfile.tsxpackages/react/src/contexts/ThunderID/ThunderIDContext.tspackages/react/src/contexts/ThunderID/ThunderIDProvider.tsx
💤 Files with no reviewable changes (1)
- packages/javascript/src/errors/tests/ThunderIDAPIError.test.ts
3071aa8 to
50bf8a9
Compare
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@packages/react/src/contexts/ThunderID/ThunderIDProvider.tsx`:
- Around line 59-107: The default user profile schema in ThunderIDProvider is
still using snake_case keys, which no longer match the /users/me contract.
Update DEFAULT_USER_PROFILE_SCHEMAS to use the camelCase attribute names
expected by the read/write flow and tests, and make sure the corresponding
schema entries in ThunderIDProvider stay consistent with the values used when
hydrating and saving the profile.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro Plus
Run ID: 9ed55479-ef81-47dd-945d-14055369fa96
📒 Files selected for processing (14)
packages/javascript/src/api/__tests__/getScim2Me.test.tspackages/javascript/src/api/__tests__/updateMeProfile.test.tspackages/javascript/src/api/getScim2Me.tspackages/javascript/src/api/updateMeProfile.tspackages/javascript/src/errors/__tests__/ThunderIDAPIError.test.tspackages/javascript/src/theme/createTheme.test.tspackages/javascript/src/utils/getAuthorizeRequestUrlParams.tspackages/react/src/api/updateMeProfile.tspackages/react/src/components/auth/Callback/__tests__/Callback.test.tsxpackages/react/src/components/auth/Callback/__tests__/TokenCallback.test.tsxpackages/react/src/components/presentation/UserProfile/BaseUserProfile.tsxpackages/react/src/components/presentation/UserProfile/UserProfile.tsxpackages/react/src/contexts/ThunderID/ThunderIDContext.tspackages/react/src/contexts/ThunderID/ThunderIDProvider.tsx
💤 Files with no reviewable changes (1)
- packages/javascript/src/errors/tests/ThunderIDAPIError.test.ts
✅ Files skipped from review due to trivial changes (1)
- packages/react/src/contexts/ThunderID/ThunderIDContext.ts
🚧 Files skipped from review as they are similar to previous changes (4)
- packages/react/src/components/auth/Callback/tests/Callback.test.tsx
- packages/javascript/src/utils/getAuthorizeRequestUrlParams.ts
- packages/javascript/src/theme/createTheme.test.ts
- packages/react/src/components/presentation/UserProfile/BaseUserProfile.tsx
50bf8a9 to
fbaff18
Compare
fbaff18 to
1f7e1f5
Compare
PUT /users/me
0bfd8b3 to
8199b64
Compare
There was a problem hiding this comment.
Actionable comments posted: 4
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@packages/javascript/src/api/updateMeProfile.ts`:
- Around line 106-108: The updateMeProfile helper is still wrapping any runtime
payload directly into attributes, so non-object values can slip through. Add a
guard in updateMeProfile before building the data object to reject null, arrays,
and primitives, and only proceed when payload is a plain object. Use the
updateMeProfile payload handling around the attributes assignment to locate the
change and make the validation happen before the request body is constructed.
- Around line 113-120: The updateMeProfile request setup is merging
requestConfig.headers with object spread, which loses values when headers is a
Headers instance or header tuples. In updateMeProfile, normalize
requestConfig.headers with new Headers(...) before adding Accept and
Content-Type so existing auth/routing headers are preserved in the RequestInit
headers.
In
`@packages/react/src/components/auth/Callback/__tests__/TokenCallback.test.tsx`:
- Around line 73-77: The shared test fixtures in TokenCallback.test.tsx are
still typed as any, which keeps the unsafe-assignment warnings around the render
setup. Update the reusable ThunderIDContext fixture and the onNavigate/onError
callback mocks to use real types inferred from TokenCallback and
ThunderIDContext, then reuse those typed fixtures across all test cases so the
render calls no longer rely on any.
In `@packages/react/src/components/presentation/UserProfile/BaseUserProfile.tsx`:
- Around line 145-159: The sync logic in BaseUserProfile’s useEffect and
setEditedUser currently starts from prev, so keys that disappear from nextUser
remain in editedUser. Update the merge in this effect to rebuild the edited
state from the refreshed profile and remove any non-editing fields that are no
longer present in nextUser, while still preserving fields currently being edited
via editingFields.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro Plus
Run ID: bf8c426c-d3cc-4435-b789-632dd98ac63f
⛔ Files ignored due to path filters (1)
pnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (15)
packages/javascript/src/api/__tests__/getScim2Me.test.tspackages/javascript/src/api/__tests__/updateMeProfile.test.tspackages/javascript/src/api/getScim2Me.tspackages/javascript/src/api/updateMeProfile.tspackages/javascript/src/errors/__tests__/ThunderIDAPIError.test.tspackages/javascript/src/models/config.tspackages/javascript/src/theme/createTheme.test.tspackages/javascript/src/utils/getAuthorizeRequestUrlParams.tspackages/react/package.jsonpackages/react/src/api/updateMeProfile.tspackages/react/src/components/auth/Callback/__tests__/Callback.test.tsxpackages/react/src/components/auth/Callback/__tests__/TokenCallback.test.tsxpackages/react/src/components/presentation/UserProfile/BaseUserProfile.tsxpackages/react/src/components/presentation/UserProfile/UserProfile.tsxpackages/react/src/contexts/ThunderID/ThunderIDProvider.tsx
💤 Files with no reviewable changes (1)
- packages/javascript/src/errors/tests/ThunderIDAPIError.test.ts
🚧 Files skipped from review as they are similar to previous changes (7)
- packages/react/src/components/presentation/UserProfile/UserProfile.tsx
- packages/javascript/src/utils/getAuthorizeRequestUrlParams.ts
- packages/javascript/src/api/getScim2Me.ts
- packages/react/src/components/auth/Callback/tests/Callback.test.tsx
- packages/javascript/src/theme/createTheme.test.ts
- packages/react/package.json
- packages/react/src/contexts/ThunderID/ThunderIDProvider.tsx
12a27f2 to
8ad53f9
Compare
There was a problem hiding this comment.
Actionable comments posted: 2
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
packages/vue/src/ThunderIDVueClient.ts (1)
98-113: 🎯 Functional Correctness | 🟠 Major | ⚡ Quick winPass
instanceIdtogetUsersMe
getUsersMedefaults toinstanceId = 0, so non-zero Vue clients will read through the wrong HTTP client here. MatchgetUserProfile()and forwardthis.getInstanceId().🐛 Proposed fix
- const profile: User = await getUsersMe({baseUrl}); + const profile: User = await getUsersMe({baseUrl, instanceId: this.getInstanceId()});🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@packages/vue/src/ThunderIDVueClient.ts` around lines 98 - 113, The getUser flow in ThunderIDVueClient currently calls getUsersMe with only baseUrl, so it falls back to instanceId = 0 and can use the wrong HTTP client. Update the getUser method to forward this.getInstanceId() to getUsersMe, matching the behavior used by getUserProfile and preserving the correct client context for non-zero Vue instances.
🧹 Nitpick comments (3)
packages/vue/src/ThunderIDVueClient.ts (1)
141-146: 🚀 Performance & Scalability | 🔵 Trivial | 💤 Low valueAvoid decoding the ID token twice in the error fallback.
getDecodedIdToken()is awaited twice to build identical claims. Decode once and reuse.♻️ Proposed refactor
} catch (error) { + const claims: User = extractUserClaimsFromIdToken(await this.getDecodedIdToken()); return { - flattenedProfile: extractUserClaimsFromIdToken(await this.getDecodedIdToken()), - profile: extractUserClaimsFromIdToken(await this.getDecodedIdToken()), + flattenedProfile: claims, + profile: claims, }; }🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@packages/vue/src/ThunderIDVueClient.ts` around lines 141 - 146, The error fallback in ThunderIDVueClient.getProfile is decoding the ID token twice by calling getDecodedIdToken() separately for flattenedProfile and profile. Update the catch block to await getDecodedIdToken() once, store the decoded token in a local variable, and reuse that value for both extractUserClaimsFromIdToken calls so the fallback builds identical claims from a single decode.packages/react/src/api/getUsersMe.ts (1)
80-102: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick winDrop unnecessary
asyncand prefer??.The arrow function is marked
asyncbut never usesawait— it just returns the promise frombaseGetUsersMe, which triggers therequire-awaitlint error. Also prefer??over||forfetcher.🧹 Proposed fix
-const getUsersMe = async ({fetcher, instanceId = 0, ...requestConfig}: GetUsersMeConfig): Promise<User> => { +const getUsersMe = ({fetcher, instanceId = 0, ...requestConfig}: GetUsersMeConfig): Promise<User> => { const defaultFetcher = async (url: string, config: RequestInit): Promise<Response> => { ... }; return baseGetUsersMe({ ...requestConfig, - fetcher: fetcher || defaultFetcher, + fetcher: fetcher ?? defaultFetcher, }); };🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@packages/react/src/api/getUsersMe.ts` around lines 80 - 102, The getUsersMe helper is using an unnecessary async wrapper and a fallback check that should preserve valid falsy values. Update getUsersMe and its defaultFetcher so the outer function is no longer marked async if it only returns baseGetUsersMe, and replace fetcher || defaultFetcher with fetcher ?? defaultFetcher. Keep the FetchHttpClient.getInstance and baseGetUsersMe wiring intact while adjusting only the async handling and nullish fallback.Source: Linters/SAST tools
packages/javascript/src/api/getUsersMe.ts (1)
93-107: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueTighten
catchtyping and prefer??.Static analysis flags
error?.toString()as an unsafe call/member access on an implicitly-anycatch binding, andfetcher || fetchshould use??sincefetcheris a function reference (never a legitimate falsy-but-defined value).🧹 Proposed fix
- } catch (error) { + } catch (error: unknown) { throw new ThunderIDAPIError( - `Invalid URL provided. ${error?.toString()}`, + `Invalid URL provided. ${error instanceof Error ? error.message : String(error)}`, 'getUsersMe-ValidationError-001', ... - const fetchFn: typeof fetch = fetcher || fetch; + const fetchFn: typeof fetch = fetcher ?? fetch;🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@packages/javascript/src/api/getUsersMe.ts` around lines 93 - 107, The `getUsersMe` validation catch block uses an implicitly-typed `error` and unsafe `error?.toString()`, so update the `try/catch` in `getUsersMe` to type the catch binding properly and safely derive the message before constructing `ThunderIDAPIError`. Also change the `fetchFn` assignment in `getUsersMe` to use `fetcher ?? fetch` instead of `fetcher || fetch`, since `fetcher` is a function reference and should only fall back when it is nullish.Source: Linters/SAST tools
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@packages/react/src/components/presentation/UserProfile/BaseUserProfile.tsx`:
- Around line 660-669: The profile entry rendering in BaseUserProfile is forcing
every synthesized field schema to READ_WRITE, which makes immutable attributes
appear editable. Update the profileEntries map logic to preserve each field’s
original mutability from the source schema (or explicitly mark non-editable
attributes as read-only) before passing schemaWithValue to renderUserInfo, and
align the readonlyFields/fieldsToSkip handling so IDs, timestamps, and other
immutable fields are not exposed as editable.
In `@packages/react/src/components/presentation/UserProfile/UserProfile.tsx`:
- Line 24: The UserProfile component has an unused getUsersMe import that
triggers lint failures; remove the getUsersMe import from UserProfile.tsx and
keep the rest of the component unchanged. Use the UserProfile component and the
getUsersMe import statement as the symbols to locate the unused reference.
---
Outside diff comments:
In `@packages/vue/src/ThunderIDVueClient.ts`:
- Around line 98-113: The getUser flow in ThunderIDVueClient currently calls
getUsersMe with only baseUrl, so it falls back to instanceId = 0 and can use the
wrong HTTP client. Update the getUser method to forward this.getInstanceId() to
getUsersMe, matching the behavior used by getUserProfile and preserving the
correct client context for non-zero Vue instances.
---
Nitpick comments:
In `@packages/javascript/src/api/getUsersMe.ts`:
- Around line 93-107: The `getUsersMe` validation catch block uses an
implicitly-typed `error` and unsafe `error?.toString()`, so update the
`try/catch` in `getUsersMe` to type the catch binding properly and safely derive
the message before constructing `ThunderIDAPIError`. Also change the `fetchFn`
assignment in `getUsersMe` to use `fetcher ?? fetch` instead of `fetcher ||
fetch`, since `fetcher` is a function reference and should only fall back when
it is nullish.
In `@packages/react/src/api/getUsersMe.ts`:
- Around line 80-102: The getUsersMe helper is using an unnecessary async
wrapper and a fallback check that should preserve valid falsy values. Update
getUsersMe and its defaultFetcher so the outer function is no longer marked
async if it only returns baseGetUsersMe, and replace fetcher || defaultFetcher
with fetcher ?? defaultFetcher. Keep the FetchHttpClient.getInstance and
baseGetUsersMe wiring intact while adjusting only the async handling and nullish
fallback.
In `@packages/vue/src/ThunderIDVueClient.ts`:
- Around line 141-146: The error fallback in ThunderIDVueClient.getProfile is
decoding the ID token twice by calling getDecodedIdToken() separately for
flattenedProfile and profile. Update the catch block to await
getDecodedIdToken() once, store the decoded token in a local variable, and reuse
that value for both extractUserClaimsFromIdToken calls so the fallback builds
identical claims from a single decode.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro Plus
Run ID: 86bfd088-6dc1-4fe9-a1b9-78029701d208
⛔ Files ignored due to path filters (1)
pnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (55)
packages/javascript/src/api/__tests__/getSchemas.test.tspackages/javascript/src/api/__tests__/getUsersMe.test.tspackages/javascript/src/api/__tests__/updateMeProfile.test.tspackages/javascript/src/api/getSchemas.tspackages/javascript/src/api/getUsersMe.tspackages/javascript/src/api/updateMeProfile.tspackages/javascript/src/constants/ScopeConstants.tspackages/javascript/src/errors/__tests__/ThunderIDAPIError.test.tspackages/javascript/src/index.tspackages/javascript/src/models/config.tspackages/javascript/src/models/scim2-schema.tspackages/javascript/src/models/user.tspackages/javascript/src/theme/createTheme.test.tspackages/javascript/src/utils/__tests__/flattenUserSchema.test.tspackages/javascript/src/utils/__tests__/generateUserProfile.test.tspackages/javascript/src/utils/flattenUserSchema.tspackages/javascript/src/utils/generateFlattenedUserProfile.tspackages/javascript/src/utils/generateUserProfile.tspackages/javascript/src/utils/getAuthorizeRequestUrlParams.tspackages/javascript/src/utils/processUsername.tspackages/nextjs/src/ThunderIDNextClient.tspackages/nextjs/src/client/components/presentation/UserProfile/UserProfile.tsxpackages/nextjs/src/client/contexts/ThunderID/ThunderIDProvider.tsxpackages/nextjs/src/server/ThunderIDProvider.tsxpackages/nextjs/src/server/actions/getUserProfileAction.tspackages/nuxt/src/runtime/components/ThunderIDRoot.tspackages/nuxt/src/runtime/errors/error-codes.tspackages/nuxt/src/runtime/server/ThunderIDNuxtClient.tspackages/nuxt/src/runtime/server/plugins/thunderid-ssr.tspackages/nuxt/src/runtime/server/routes/auth/user/profile.get.tspackages/nuxt/src/runtime/server/routes/auth/user/profile.patch.tspackages/nuxt/src/runtime/types.tspackages/nuxt/tests/unit/thunderid-root.test.tspackages/nuxt/tests/unit/thunderid-ssr.test.tspackages/react/package.jsonpackages/react/src/api/getUsersMe.tspackages/react/src/api/updateMeProfile.tspackages/react/src/components/auth/Callback/__tests__/Callback.test.tsxpackages/react/src/components/auth/Callback/__tests__/TokenCallback.test.tsxpackages/react/src/components/presentation/UserProfile/BaseUserProfile.tsxpackages/react/src/components/presentation/UserProfile/UserProfile.tsxpackages/react/src/contexts/ThunderID/ThunderIDContext.tspackages/react/src/contexts/ThunderID/ThunderIDProvider.tsxpackages/react/src/contexts/User/UserContext.tspackages/react/src/contexts/User/UserProvider.tsxpackages/react/src/contexts/User/useUser.tspackages/react/src/index.tspackages/vue/src/ThunderIDVueClient.tspackages/vue/src/api/getSchemas.tspackages/vue/src/api/getUsersMe.tspackages/vue/src/components/presentation/user-profile/BaseUserProfile.tspackages/vue/src/components/presentation/user-profile/UserProfile.tspackages/vue/src/models/contexts.tspackages/vue/src/providers/ThunderIDProvider.tspackages/vue/src/providers/UserProvider.ts
💤 Files with no reviewable changes (13)
- packages/react/src/contexts/User/useUser.ts
- packages/javascript/src/api/tests/getSchemas.test.ts
- packages/javascript/src/utils/flattenUserSchema.ts
- packages/javascript/src/models/scim2-schema.ts
- packages/vue/src/api/getSchemas.ts
- packages/javascript/src/api/getSchemas.ts
- packages/javascript/src/utils/tests/generateUserProfile.test.ts
- packages/javascript/src/utils/generateUserProfile.ts
- packages/javascript/src/models/user.ts
- packages/javascript/src/utils/tests/flattenUserSchema.test.ts
- packages/nextjs/src/server/actions/getUserProfileAction.ts
- packages/react/src/contexts/User/UserProvider.tsx
- packages/javascript/src/errors/tests/ThunderIDAPIError.test.ts
✅ Files skipped from review due to trivial changes (7)
- packages/nuxt/src/runtime/server/routes/auth/user/profile.patch.ts
- packages/nuxt/src/runtime/server/routes/auth/user/profile.get.ts
- packages/javascript/src/constants/ScopeConstants.ts
- packages/javascript/src/utils/processUsername.ts
- packages/nuxt/src/runtime/types.ts
- packages/nuxt/tests/unit/thunderid-ssr.test.ts
- packages/javascript/src/models/config.ts
🚧 Files skipped from review as they are similar to previous changes (5)
- packages/react/package.json
- packages/javascript/src/theme/createTheme.test.ts
- packages/react/src/components/auth/Callback/tests/Callback.test.tsx
- packages/javascript/src/utils/getAuthorizeRequestUrlParams.ts
- packages/react/src/contexts/ThunderID/ThunderIDProvider.tsx
dfc72f8 to
9320188
Compare
9320188 to
5bed80c
Compare
Purpose
Currently, the
<UserProfile />component attempts to save changes by making aPATCHrequest using the SCIM2 format to a non-existent/scim2/Meendpoint. This prevents self-service profile updates from persisting.This PR resolves this limitation by migrating the self-service profile read and update path on the React & Javascript SDKs from SCIM-based PATCH (
/scim2/Me) to standard JSON-based PUT (/users/me), aligning with the existing endpoint supported by the backend (GET&PUTon/users/me). This enables profile updates to work end-to-end.Approach
Endpoint & Method Realignment
${baseUrl}/users/meinstead of${baseUrl}/scim2/Me.PUTand request headers toContent-Type: application/json.PUT.Payload Structure Formatting
attributeswrapper object (e.g.{ attributes: payload }) to match the backendUpdateSelfUserRequestpayload contract.nullorundefinedproperties from the attributes payload inside UserProfile.tsx before dispatching the request.Response Handling
attributesfield of theUserobject. Flattened these nested attributes back to the top-level User object inside updateMeProfile.ts and getScim2Me.ts to preserve backward compatibility for downstream React UI component attributes resolution.React State Syncing
Added an
useEffecthook in BaseUserProfile.tsx to listen to updates onprofileorflattenedProfileand automatically reset/sync the local input states, resolving any stale UI rendering after a successful profile update.Test Assertions:
Updated the unit tests inside updateMeProfile.test.ts and getScim2Me.test.ts to validate the new PUT/GET behavior, URL paths, content-type headers, and payload attributes structure.
Related Issues
<UserProfile />thunderid#3490Related PRs
Checklist
breaking changelabel added.Security checks
Summary by CodeRabbit
New Features
/users/meendpoint.--thunderid-*naming pattern.Bug Fixes