Skip to content

fix[validation]: add profileById validation for user queries(BUG-3833) #827

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
aks30 merged 1 commit into from
Sep 29, 2025
Merged

fix[validation]: add profileById validation for user queries(BUG-3833) #827

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion src/locales/en.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -178,5 +178,6 @@
"ORG_UNIQUE_CONSTRAIN_ERROR": "Organization Creation / Updation Failed. code / registration_code not unique.",
"REG_CODE_ERROR": "registration_code is not valid or unique.",
"INVALID_REG_CODE_ERROR": "registration_codes {{errorMessage}}. Invalid Code(s) : {{errorValues}}",
"UNIQUE_CONSTRAINT_ERROR": "{{fields}} is Invalid."
"UNIQUE_CONSTRAINT_ERROR": "{{fields}} is Invalid.",
"USER_PROFILE_FETCHED_SUCCESSFULLY": "User profile fetched successfully!"
}
56 changes: 56 additions & 0 deletions src/validators/v1/user.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,4 +39,60 @@ module.exports = {
.isString()
.withMessage('preferred_language must be string')
},
profileById: (req) => {
// id (numeric only)
req.checkParams('id')
.optional()
.trim()
.matches(/^[0-9]+$/)
.withMessage('id is invalid. Must be numeric')

// email
req.checkQuery('email')
.optional()
.trim()
.isEmail()
.withMessage('email is invalid. Must be a valid email format')
// username
req.checkQuery('username')
.optional()
.trim()
.matches(/^(?:[a-z0-9_-]{3,40}|[a-z0-9._%+-]+@[a-z0-9.-]+\.[a-z]{2,})$/) //accept random string (min 3 max 40) of smaller case letters _ - and numbers OR email in lowercase as username
.withMessage('username is invalid')
// phone
req.checkQuery('phone')
.optional()
.trim()
.matches(/^[0-9]{7,15}$/)
.withMessage('phone is invalid. Must be digits only, length 7–15')

// phone_code
req.checkQuery('phone_code')
.optional()
.trim()
.matches(/^\+[0-9]{1,4}$/)
.withMessage('phone_code is invalid. Must start with + and contain 1–4 digits')

// tenant_code
req.checkQuery('tenant_code')
.trim()
.matches(/^[A-Za-z0-9_-]+$/)
.withMessage('tenant_code is invalid. Only letters, numbers, underscore, and hyphen allowed')

if (!req.params.id) {
req.checkQuery(['email', 'username', 'phone', 'phone_code']).custom(() => {
const { email, username, phone, phone_code } = req.query

if (!email && !username && !phone) {
throw new Error('At least one of id, email, username, or phone must be provided')
}

if (phone && !phone_code) {
throw new Error('phone_code is required when phone is provided')
}

return true
})
}
Comment on lines +82 to +96
Copy link

@coderabbitai coderabbitai bot Sep 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Array-scoped custom validator will duplicate errors; anchor cross-field rules to single fields.

Using checkQuery(['a','b','c']).custom(...) executes per field, yielding multiple identical errors. Replace with single-field custom checks to avoid duplication and clearer error attribution. Also refine message (id isn’t relevant inside the id-absent branch).

-    if (!req.params.id) {
-      req.checkQuery(['email', 'username', 'phone', 'phone_code']).custom(() => {
-        const { email, username, phone, phone_code } = req.query
-
-        if (!email && !username && !phone) {
-          throw new Error('At least one of id, email, username, or phone must be provided')
-        }
-
-        if (phone && !phone_code) {
-          throw new Error('phone_code is required when phone is provided')
-        }
-
-        return true
-      })
-    }
+    // Cross-field: require one of email/username/phone when id is absent
+    req.checkQuery('email').custom((_val, { req }) => {
+      const { id } = req.params || {}
+      const { email, username, phone } = req.query || {}
+      if (!id && !email && !username && !phone) {
+        throw new Error('At least one of email, username, or phone must be provided')
+      }
+      return true
+    })
+
+    // Cross-field: require phone_code when phone is provided (and id is absent)
+    req.checkQuery('phone_code').custom((_val, { req }) => {
+      const { id } = req.params || {}
+      const { phone, phone_code } = req.query || {}
+      if (!id && phone && !phone_code) {
+        throw new Error('phone_code is required when phone is provided')
+      }
+      return true
+    })
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
if (!req.params.id) {
req.checkQuery(['email', 'username', 'phone', 'phone_code']).custom(() => {
const { email, username, phone, phone_code } = req.query
if (!email && !username && !phone) {
throw new Error('At least one of id, email, username, or phone must be provided')
}
if (phone && !phone_code) {
throw new Error('phone_code is required when phone is provided')
}
return true
})
}
// Cross-field: require one of email/username/phone when id is absent
req.checkQuery('email').custom((_val, { req }) => {
const { id } = req.params || {}
const { email, username, phone } = req.query || {}
if (!id && !email && !username && !phone) {
throw new Error('At least one of email, username, or phone must be provided')
}
return true
})
// Cross-field: require phone_code when phone is provided (and id is absent)
req.checkQuery('phone_code').custom((_val, { req }) => {
const { id } = req.params || {}
const { phone, phone_code } = req.query || {}
if (!id && phone && !phone_code) {
throw new Error('phone_code is required when phone is provided')
}
return true
})
🤖 Prompt for AI Agents 
In src/validators/v1/user.js around lines 82-96, the current use of
req.checkQuery([...]).custom(...) runs the custom validator for each listed
field and so produces duplicate identical errors; replace the array-scoped
validator with a single-field custom validator (e.g., attach the custom to
'email' or another single query field) that accesses req.query to perform the
cross-field checks when req.params.id is missing, update the error text to "At
least one of email, username, or phone must be provided" (remove id from that
message), and keep the phone/phone_code check (throw "phone_code is required
when phone is provided") so the rule runs once and attributes the error to a
single field.

},
}