Fix JdbcUserCredentialRepository Save

[GuusArts]

User description

Closes spring-projectsgh-16620

---

PR Type

Bug fix, Tests

---

Description

• Fixes JdbcUserCredentialRepository.save to update existing records.

• Adds SQL query for updating credential records in the database.

• Implements logic to handle both insert and update operations in save.

• Introduces a new test case to verify record updates in JdbcUserCredentialRepositoryTests.

---

Changes walkthrough 📝

	Relevant files
Bug fix	JdbcUserCredentialRepository.java Enhance `JdbcUserCredentialRepository` to support record updates web/src/main/java/org/springframework/security/web/webauthn/management/JdbcUserCredentialRepository.java Added SQL query for updating credential records. Modified save method to handle updates and inserts. Introduced helper methods updateCredentialRecord and insertCredentialRecord. Updated copyright year. +37/-1
Tests	JdbcUserCredentialRepositoryTests.java Add test for updating credential records                                  web/src/test/java/org/springframework/security/web/webauthn/management/JdbcUserCredentialRepositoryTests.java Added a test case to verify record updates. Imported ImmutableCredentialRecord for test updates. Updated copyright year. +23/-1

---

Need help?

Type /help how to ... in the comments thread for any questions about Qodo Merge usage.

Check out the documentation for more information.

[sourcery-ai]

Reviewer's Guide by Sourcery

This pull request fixes the JdbcUserCredentialRepository to allow updating existing CredentialRecord instances in the database. Previously, only inserting new records and deleting existing records were supported. The changes involve adding an SQL update statement, modifying the save method to attempt an update before inserting, and adding a test case to verify the update functionality.

Updated class diagram for JdbcUserCredentialRepository

classDiagram
    class JdbcUserCredentialRepository {
        -JdbcOperations jdbcOperations
        -LobHandler lobHandler
        -Function<CredentialRecord, List<SqlParameterValue>> credentialRecordParametersMapper
        -String tableName
        -String idFilter
        -String findByUserIdSql
        -String findByCredentialIdSql
        -String findAllByUserIdSql
        -String deleteCredentialRecordSql
        -String updateCredentialRecordSql
        -String insertCredentialRecordSql
        +JdbcUserCredentialRepository(JdbcOperations jdbcOperations, LobHandler lobHandler, Function<CredentialRecord, List<SqlParameterValue>> credentialRecordParametersMapper, String tableName, String idFilter)
        +delete(Bytes credentialId)
        +save(CredentialRecord record)
        +findByCredentialId(Bytes credentialId)
        +findAllByUserId(String userId)
        +updateCredentialRecord(CredentialRecord record)
        +insertCredentialRecord(CredentialRecord record)
    }

Loading

File-Level Changes

Change	Details	Files
Introduces update functionality for CredentialRecord in the database.	Adds UPDATE_CREDENTIAL_RECORD_SQL to update existing records. Modifies the save method to first attempt an update, and if no rows are updated, then insert a new record. Introduces a new private method updateCredentialRecord to handle the update logic. Adds a test case saveCredentialRecordWhenRecordExistsThenReturnsUpdated to verify the update functionality.	web/src/main/java/org/springframework/security/web/webauthn/management/JdbcUserCredentialRepository.java web/src/test/java/org/springframework/security/web/webauthn/management/JdbcUserCredentialRepositoryTests.java

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!
• Generate a plan of action for an issue: Comment @sourcery-ai plan on
  an issue to generate a plan of action for it.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[qodo-merge-pro]

Qodo Merge was enabled for this repository. To continue using it, please link your Git account with your Qodo account here.

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 PR contains tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Parameter Handling The updateCredentialRecord method removes the first parameter and adds it to the end of the list to match the SQL query structure. Verify this approach correctly maps parameters to the SQL statement placeholders. List<SqlParameterValue> parameters = this.credentialRecordParametersMapper.apply(record); SqlParameterValue credentialId = parameters.remove(0); parameters.add(credentialId);

[qodo-merge-pro]

Qodo Merge was enabled for this repository. To continue using it, please link your Git account with your Qodo account here.

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Possible issue	Fix SQL syntax error Fix the SQL syntax error in the UPDATE statement. There's an extra comma after the "backup_eligible = ?" clause which will cause SQL syntax errors when executing the query. web/src/main/java/org/springframework/security/web/webauthn/management/JdbcUserCredentialRepository.java [116-130] private static final String UPDATE_CREDENTIAL_RECORD_SQL = "UPDATE " + TABLE_NAME + " SET user_entity_user_id = ?, " + "public_key = ?, " + "signature_count = ?, " + "uv_initialized = ?, " + - "backup_eligible = ? ," + + "backup_eligible = ?, " + "authenticator_transports = ?, " + "public_key_credential_type = ?, " + "backup_state = ?, " + "attestation_object = ?, " + "attestation_client_data_json = ?, " + "created = ?, " + "last_used = ?, " + "label = ?" + " WHERE " + ID_FILTER; Apply this suggestion Suggestion importance[1-10]: 9 __ Why: The suggestion correctly identifies a critical SQL syntax error - an extra comma after "backup_eligible = ?" that would cause runtime failures when executing the SQL update statement. This is a high-impact fix that prevents database errors.	High
More

[sourcery-ai]

Hey @GuusArts - I've reviewed your changes - here's some feedback:

Overall Comments:

• Consider extracting the common parts of insertCredentialRecord and updateCredentialRecord into a shared method.

Here's what I looked at during the review

• 🟢 General issues: all looks good
• 🟢 Security: all looks good
• 🟢 Testing: all looks good
• 🟢 Complexity: all looks good
• 🟢 Documentation: all looks good

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}