Skip to content

Add HCA signin #684

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
maxwofford merged 4 commits into from
Dec 3, 2025
Merged

Add HCA signin #684

maxwofford merged 4 commits into from
Dec 3, 2025

Conversation

@maxwofford
Copy link
Member

@maxwofford maxwofford commented Dec 3, 2025
edited
Loading

For now this is hidden under hca_auth url param so users don't test it out while it's unfinished

sentry[bot]
sentry bot reviewed Dec 3, 2025
View reviewed changes
app/models/user.rb
Comment on lines +394 to +404

# update scopes if user exists
@user.update(hca_scopes: identity["scopes"], hca_id: identity["id"]) if @user

# if no user, create one
@user ||= begin
u = User.create!(hca_id: identity["id"], slack_uid: identity["slack_id"], hca_scopes: identity["scopes"])
EmailAddress.create!(email: identity["email"], user: u) unless identity["email"].blank?
u
end
end
Copy link

@sentry sentry bot Dec 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: hca_access_token is retrieved but not persisted to the User object in from_hca_token(), causing future HCA API calls to fail.
Severity: CRITICAL | Confidence: High

🔍 Detailed Analysis

The hca_access_token is retrieved from the OAuth response but is never stored on the User object during either update() or create!() calls within the from_hca_token() method. This token is discarded after a single use to fetch user identity, leading to future HCA API calls failing due to a missing token. This behavior is inconsistent with how slack_access_token and github_access_token are persistently stored.

💡 Suggested Fix

Add hca_access_token: access_token to both the update() and create!() calls within the from_hca_token() method to ensure the token is stored.

🤖 Prompt for AI Agent 
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: app/models/user.rb#L369-L404

Potential issue: The `hca_access_token` is retrieved from the OAuth response but is
never stored on the `User` object during either `update()` or `create!()` calls within
the `from_hca_token()` method. This token is discarded after a single use to fetch user
identity, leading to future HCA API calls failing due to a missing token. This behavior
is inconsistent with how `slack_access_token` and `github_access_token` are persistently
stored.

Did we get this right? 👍 / 👎 to inform future reviews.
Reference ID: 5281691

Copy link
Member Author

@maxwofford maxwofford Dec 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

intentionally left out for now while testing-- these changes aren't shown to the front-end user for now

@maxwofford maxwofford merged commit 336ae5c into main Dec 3, 2025
5 checks passed
@maxwofford maxwofford deleted the add-hca-signin branch December 3, 2025 19:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@sentry sentry[bot] sentry[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@maxwofford