Inside the PUT /users/{userId}/registration endpoint, we now retrieve the existing patron record from Sierra before updating the first/last name.
This gives us some additional security on this endpoint: in particular, we'll reject updates for a patron if they don't have our Auth0 placeholder name Auth0_Registration_undefined Auth0_Registration_tempLastName.
This is the intended logic:
flowchart TD
GET{get patron<br/>from Sierra}
GET -- does not exist --> E404[HTTP 404<br/>Not Found]
GET -- other error --> E500[HTTP 500<br/>Internal Server Error]
GET --> MATCH{does stored<br/>name match<br/>the request?}
MATCH -- yes --> NOOP[no-op]
MATCH -- no --> PLACE{is stored name<br/>the placeholder?}
PLACE -- yes --> UPDATE[update name in Sierra<br/>HTTP 204 No Content]
PLACE -- no --> E409[HTTP 409 Conflict]
classDef decisionNode fill:#e8e8e8,stroke:#8f8f8f
class GET,PLACE,MATCH decisionNode
classDef errorNode fill:#f8c4c9,stroke:#e01b2f,stroke-width:2px
class E404,E500,E409 errorNode
classDef successNode fill:#d1ffe9,stroke:#007868,stroke-width:2px
class NOOP,UPDATE successNode
I've also changed how the UpdateUser process works slightly:
We can't update the name in Auth0 and I don't think we need to, so we don't
We need to send a list of varfields to Sierra, not a single one
Closes #347
Inside the
PUT /users/{userId}/registration
endpoint, we now retrieve the existing patron record from Sierra before updating the first/last name.This gives us some additional security on this endpoint: in particular, we'll reject updates for a patron if they don't have our Auth0 placeholder name
Auth0_Registration_undefined Auth0_Registration_tempLastName
.This is the intended logic:
I've also changed how the UpdateUser process works slightly: