Skip to content

CCCT-1910 Locked Account 401 Error Handling #3443

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
conroy-ricketts merged 1 commit into from
Dec 3, 2025
Merged

CCCT-1910 Locked Account 401 Error Handling #3443

conroy-ricketts merged 1 commit into from
Dec 3, 2025

Conversation

@conroy-ricketts
Copy link
Contributor

@conroy-ricketts conroy-ricketts commented Dec 1, 2025

CCCT-1910

Technical Summary

I removed unnecessary error handling. These changes have no impact on the user.

Note that I removed the handleAccountLockout() function as it is no longer needed because we are already handling account lockout here, which is called here.

Safety Assurance

Safety story

I verified that these changes have no impact on the user by intentionally locking a couple of test accounts. The code that I removed is currently never used or ran.

QA Plan

It may be worth it for QA to intentionally lock an account by entering the incorrect backup code too many times to ensure that the behavior stays the same, especially the error message shown.

@conroy-ricketts
CCCT-1910 Locked Account 401 Error Handling
c628877 
Removed unneccesary error handling.
@conroy-ricketts conroy-ricketts self-assigned this Dec 1, 2025
@coderabbitai
Copy link

coderabbitai bot commented Dec 1, 2025

📝 Walkthrough

Walkthrough

The PR removes explicit locked account handling from the backup code confirmation flow in PersonalIdBackupCodeFragment. Specifically, it eliminates the conditional branch that checked for sessionData.getSessionFailureCode() == "LOCKED_ACCOUNT" within the confirmBackupCode() method's onSuccess callback, along with the private handleAccountLockout() helper method and all its invocations. The resulting logic now relies solely on database key presence or remaining attempt thresholds rather than explicit lockout state handling.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

  • Verify that the backup code confirmation flow still functions correctly without the explicit LOCKED_ACCOUNT handling
  • Confirm that the alternative handling paths (dbKey presence or remaining attempts) adequately cover the lockout scenario that was previously managed by handleAccountLockout()
  • Cross-reference with related changes in the response parser or API handler to ensure lockout logic is consistently managed elsewhere in the flow

Possibly related PRs

Suggested reviewers

  • OrangeAndGreen
  • Jignesh-dimagi
  • shubham1g5
  • jaypanchal-13

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Title check ✅ Passed The title directly relates to the main change: removal of locked account error handling. It accurately summarizes the PR's focus on 401 error handling for locked accounts.
Description check ✅ Passed The description covers technical summary with ticket links and rationale, includes safety story with testing verification, and provides a QA plan. However, it lacks Product Description section and is missing details on Automated test coverage, Feature Flag, Risk label, and Release Note.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch task/CCCT-1910-locked-account-401-error-handling
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a81e3a5 and c628877.

📒 Files selected for processing (1)
  • app/src/org/commcare/fragments/personalId/PersonalIdBackupCodeFragment.java (0 hunks)
💤 Files with no reviewable changes (1)
  • app/src/org/commcare/fragments/personalId/PersonalIdBackupCodeFragment.java
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: Lint Code Base

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

OrangeAndGreen
OrangeAndGreen approved these changes Dec 2, 2025
View reviewed changes
Copy link
Contributor

@OrangeAndGreen OrangeAndGreen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice cleanup

@shubham1g5
Copy link
Contributor

shubham1g5 commented Dec 3, 2025

@damagatchi retest this please

@conroy-ricketts conroy-ricketts merged commit c81853a into master Dec 3, 2025
7 checks passed
@conroy-ricketts conroy-ricketts deleted the task/CCCT-1910-locked-account-401-error-handling branch December 3, 2025 14:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@OrangeAndGreen OrangeAndGreen OrangeAndGreen approved these changes

@shubham1g5 shubham1g5 shubham1g5 approved these changes

@Jignesh-dimagi Jignesh-dimagi Awaiting requested review from Jignesh-dimagi

@jaypanchal-13 jaypanchal-13 Awaiting requested review from jaypanchal-13

Assignees

@conroy-ricketts conroy-ricketts

Labels

QA Note

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@conroy-ricketts @shubham1g5 @OrangeAndGreen